[Openvpn-devel] [PATCH applied] Re: fix Changes.rst errors in 2.5.3 and 2.5.5 announcement
Patch has been applied to the release/2.5 branch. commit e3bac09f6a128260e23d94463862757b576a12c3 Author: Gert Doering Date: Mon Dec 27 21:16:16 2021 +0100 fix Changes.rst errors in 2.5.3 and 2.5.5 announcement Signed-off-by: Gert Doering Acked-by: Selva Nair Message-Id: <20211227201616.13315-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/search?l=mid=20211227201616.13315-1-g...@greenie.muc.de Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH v2] fix Changes.rst errors in 2.5.3 and 2.5.5 announcement
Acked-By: Selva Nair On Mon, Dec 27, 2021 at 3:17 PM Gert Doering wrote: > > - 2.5.3 had a typo in the CVE ID (CVE-2121-3606 should be -2021-) > - 2.5.5 had windows paths with backslashes, which need to be doubled > > (CVE ID typo also reported by "@attritionorg" in Github PR 165) > > v2: SSL -> ssl, and .cfg -> .cnf > > Signed-off-by: Gert Doering > --- > Changes.rst | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/Changes.rst b/Changes.rst > index b6f98d51..4e4f2018 100644 > --- a/Changes.rst > +++ b/Changes.rst > @@ -18,8 +18,8 @@ New features > - Windows build: use CFG and Spectre mitigations on MSVC builds > > - bring back OpenSSL config loading to Windows builds. > - OpenSSL config is loaded from %installdir%\SSL\openssl.cfg > - (typically: c:\program files\openvpn\SSL\openssl.cfg) if it exists. > + OpenSSL config is loaded from %installdir%\\ssl\\openssl.cnf > + (typically: c:\\program files\\openvpn\\ssl\\openssl.cnf) if it exists. > >This is important for some hardware tokens which need special >OpenSSL config for correct operation. Trac #1296 > @@ -102,7 +102,7 @@ Overview of changes in 2.5.3 > > Bugfixes > > -- CVE-2121-3606 > +- CVE-2021-3606 >see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements > >OpenVPN windows builds could possibly load OpenSSL Config files from -- Selva ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH v2] fix Changes.rst errors in 2.5.3 and 2.5.5 announcement
- 2.5.3 had a typo in the CVE ID (CVE-2121-3606 should be -2021-) - 2.5.5 had windows paths with backslashes, which need to be doubled (CVE ID typo also reported by "@attritionorg" in Github PR 165) v2: SSL -> ssl, and .cfg -> .cnf Signed-off-by: Gert Doering --- Changes.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Changes.rst b/Changes.rst index b6f98d51..4e4f2018 100644 --- a/Changes.rst +++ b/Changes.rst @@ -18,8 +18,8 @@ New features - Windows build: use CFG and Spectre mitigations on MSVC builds - bring back OpenSSL config loading to Windows builds. - OpenSSL config is loaded from %installdir%\SSL\openssl.cfg - (typically: c:\program files\openvpn\SSL\openssl.cfg) if it exists. + OpenSSL config is loaded from %installdir%\\ssl\\openssl.cnf + (typically: c:\\program files\\openvpn\\ssl\\openssl.cnf) if it exists. This is important for some hardware tokens which need special OpenSSL config for correct operation. Trac #1296 @@ -102,7 +102,7 @@ Overview of changes in 2.5.3 Bugfixes -- CVE-2121-3606 +- CVE-2021-3606 see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements OpenVPN windows builds could possibly load OpenSSL Config files from -- 2.26.3 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH] fix Changes.rst errors in 2.5.3 and 2.5.5 announcement
Hi On Mon, Dec 27, 2021 at 6:16 AM Gert Doering wrote: > > - 2.5.3 had a typo in the CVE ID (CVE-2121-3606 should be -2021-) > - 2.5.5 had windows paths with backslashes, which need to be doubled > > (CVE ID typo also reported by "@attritionorg" in Github PR 165) > > Signed-off-by: Gert Doering > --- > Changes.rst | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/Changes.rst b/Changes.rst > index b6f98d51..3d484318 100644 > --- a/Changes.rst > +++ b/Changes.rst > @@ -18,8 +18,8 @@ New features > - Windows build: use CFG and Spectre mitigations on MSVC builds > > - bring back OpenSSL config loading to Windows builds. > - OpenSSL config is loaded from %installdir%\SSL\openssl.cfg > - (typically: c:\program files\openvpn\SSL\openssl.cfg) if it exists. > + OpenSSL config is loaded from %installdir%\\SSL\\openssl.cfg > + (typically: c:\\program files\\openvpn\\SSL\\openssl.cfg) if it exists. "openssl.cfg" --> "openssl.cnf" please (x2) Also, we use "ssl" instead of "SSL" in the source (win32.c). If the installer also creates the folder as "ssl" it is arguably "more correct" to use the lowercase name in documentation as that's how it will show up in the file system. I haven't checked what case the installer uses. Just nit-picking. Selva ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH] fix Changes.rst errors in 2.5.3 and 2.5.5 announcement
- 2.5.3 had a typo in the CVE ID (CVE-2121-3606 should be -2021-) - 2.5.5 had windows paths with backslashes, which need to be doubled (CVE ID typo also reported by "@attritionorg" in Github PR 165) Signed-off-by: Gert Doering --- Changes.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Changes.rst b/Changes.rst index b6f98d51..3d484318 100644 --- a/Changes.rst +++ b/Changes.rst @@ -18,8 +18,8 @@ New features - Windows build: use CFG and Spectre mitigations on MSVC builds - bring back OpenSSL config loading to Windows builds. - OpenSSL config is loaded from %installdir%\SSL\openssl.cfg - (typically: c:\program files\openvpn\SSL\openssl.cfg) if it exists. + OpenSSL config is loaded from %installdir%\\SSL\\openssl.cfg + (typically: c:\\program files\\openvpn\\SSL\\openssl.cfg) if it exists. This is important for some hardware tokens which need special OpenSSL config for correct operation. Trac #1296 @@ -102,7 +102,7 @@ Overview of changes in 2.5.3 Bugfixes -- CVE-2121-3606 +- CVE-2021-3606 see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements OpenVPN windows builds could possibly load OpenSSL Config files from -- 2.26.3 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH] BUILD: MSVC: enable the Control-flow Enforcement Technology (CET) Shadow Stack mitigation
gentle ping сб, 16 окт. 2021 г. в 19:15, Ilya Shipitsin : > found by BinSkim, more details: > > https://docs.microsoft.com/en-us/cpp/build/reference/cetcompat?view=msvc-160 > > Signed-off-by: Ilya Shipitsin > --- > src/compat/Debug.props | 10 ++ > src/compat/Release.props| 10 ++ > src/openvpn/openvpn.vcxproj | 4 > src/openvpnmsica/openvpnmsica-Debug.props | 10 ++ > src/openvpnmsica/openvpnmsica-Release.props | 10 ++ > src/openvpnserv/openvpnserv.vcxproj | 4 > 6 files changed, 48 insertions(+) > > diff --git a/src/compat/Debug.props b/src/compat/Debug.props > index 31bb9d91..14d7a1f7 100644 > --- a/src/compat/Debug.props > +++ b/src/compat/Debug.props > @@ -17,5 +17,15 @@ >EditAndContinue > > > + Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> > + > + true > + > + > + Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> > + > + true > + > + > > > \ No newline at end of file > diff --git a/src/compat/Release.props b/src/compat/Release.props > index 50eaa8de..df04ddf2 100644 > --- a/src/compat/Release.props > +++ b/src/compat/Release.props > @@ -22,5 +22,15 @@ >true > > > + Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> > + > + true > + > + > + Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> > + > + true > + > + > > > \ No newline at end of file > diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj > index 65ee6839..38dd22de 100644 > --- a/src/openvpn/openvpn.vcxproj > +++ b/src/openvpn/openvpn.vcxproj > @@ -158,6 +158,7 @@ > > > Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib > > > $(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories) >Console > + true > > > Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> > @@ -173,6 +174,7 @@ > > > Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib > > > $(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories) >Console > + true > > > Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"> > @@ -204,6 +206,7 @@ > > > Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib > > > $(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories) >Console > + true > > > Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> > @@ -220,6 +223,7 @@ > > > Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib > > > $(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories) >Console > + true > > > Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"> > diff --git a/src/openvpnmsica/openvpnmsica-Debug.props > b/src/openvpnmsica/openvpnmsica-Debug.props > index 43532cfe..c99346af 100644 > --- a/src/openvpnmsica/openvpnmsica-Debug.props > +++ b/src/openvpnmsica/openvpnmsica-Debug.props > @@ -10,5 +10,15 @@ >MultiThreadedDebug > > > + Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> > + > + true > + > + > + Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> > + > + true > + > + > > > \ No newline at end of file > diff --git a/src/openvpnmsica/openvpnmsica-Release.props > b/src/openvpnmsica/openvpnmsica-Release.props > index 47727b35..70f82713 100644 > --- a/src/openvpnmsica/openvpnmsica-Release.props > +++ b/src/openvpnmsica/openvpnmsica-Release.props > @@ -11,5 +11,15 @@ >Guard > > > + Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> > + > + true > + > + > + Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> > + > + true > + > + > > > \ No newline at end of file > diff --git a/src/openvpnserv/openvpnserv.vcxproj > b/src/openvpnserv/openvpnserv.vcxproj > index 5fd7d60b..65d03e3b 100644 > --- a/src/openvpnserv/openvpnserv.vcxproj > +++ b/src/openvpnserv/openvpnserv.vcxproj > @@ -130,6 +130,7 @@ > > > > Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies) >Console > + true > > > Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> > @@ -141,6 +142,7 @@ > > > > legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies) >Console > + true > > > Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"> > @@
