Nmap Development mailing list archives

Re: Windows NMAP.exe file version not reflecting current version 6.47

From: Daniel Miller <bonsaiviking () gmail com>
Date: Wed, 14 Jan 2015 13:25:29 -0600

On Tue, Jan 13, 2015 at 9:48 PM, Fyodor <fyodor () nmap org> wrote:

On Tue, Jan 13, 2015 at 9:59 AM, Steven Hauser (Linked Consulting) <
v-sthaus () microsoft com> wrote:

 Hello,



After downloading <http://nmap.org/download.html> and installing the
latest version of NMAP (6.47) for Windows zip we noticed that the nmap.exe
file version was not updated to reflect the current version as shown below.

Our vulnerability scanner is now flagging this as being vulnerable due to
the file version displayed (6.0.2.0) but we are already updated to the
non-vulnerable version of 6.47. Is there someone you can get me in touch
with that can get this exe to display the correct version so we can remove
the false +?


Hi Steve, and thanks for the report.  This is supposed to happen
automatically as part of our build process, but something must be broken.
I have filed a bug report on this so we can be sure to fix it before the
next release:

https://github.com/nmap/nmap/issues/45

Cheers,
Fyodor

I closed this bug report after fixing the issue (going forward) by making
the Makefile rule for nmap.rc depend on nmap.h (which is where the version
number is parsed from). I also made sure to add a command to our prerelease
make target to guarantee that nmap.rc gets built before we release. This
wasn't a problem when nmap.rc was not tracked in SVN, but it was added in
this revision:

------------------------------------------------------------------------
r30239 | david | 2012-11-12 19:44:39 -0600 (Mon, 12 Nov 2012) | 8 lines

Temporarily add back generated nmap.rc.

This is needed from the Visual C++ GUI build, not only from make, and
the GUI doesn't have a way to generate this file.

It may be possible to have a Visual Basic script to the automatic
updating of the version number, according to this article.
http://support.microsoft.com/kb/237870
------------------------------------------------------------------------

I'm going to look into that method, too, since I'm not super-happy about
our dependence on Cygwin to do a Windows build, but that solution is
farther off.

Unfortunately, this doesn't do anything for the existing executable files
out there. I tried to find a good native way to modify it (since the Nmap
exe is not signed), but FileVersion is a read-only property in .NET. You
can use ResHacker or another resource editor to change it, though.
Otherwise, you'll have to wait (not long, I hope!) for the next release.

Dan

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Windows NMAP.exe file version not reflecting current version 6.47 Steven Hauser (Linked Consulting) (Jan 13)
- Re: Windows NMAP.exe file version not reflecting current version 6.47 Fyodor (Jan 13)
  - Re: Windows NMAP.exe file version not reflecting current version 6.47 Daniel Miller (Jan 14)
    - RE: Windows NMAP.exe file version not reflecting current version 6.47 Steven Hauser (Linked Consulting) (Jan 14)
  - RE: Windows NMAP.exe file version not reflecting current version 6.47 Steven Hauser (Linked Consulting) (Jan 14)