Nmap Development mailing list archives
RE: Windows NMAP.exe file version not reflecting current version 6.47
From: "Steven Hauser (Linked Consulting)" <v-sthaus () microsoft com>
Date: Wed, 14 Jan 2015 19:27:26 +0000
Thanks for the update and all the work to fix this! Steve Hauser OSSC Analysis & Reporting [v-sthaus () microsoft com]<sip:v-sthaus () microsoft com> [v-sthaus () microsoft com] <mailto:v-sthaus () microsoft com> From: Daniel Miller [mailto:bonsaiviking () gmail com] Sent: Wednesday, January 14, 2015 11:25 AM To: Fyodor Cc: Steven Hauser (Linked Consulting); dev () nmap org Subject: Re: Windows NMAP.exe file version not reflecting current version 6.47 On Tue, Jan 13, 2015 at 9:48 PM, Fyodor <fyodor () nmap org<mailto:fyodor () nmap org>> wrote: On Tue, Jan 13, 2015 at 9:59 AM, Steven Hauser (Linked Consulting) <v-sthaus () microsoft com<mailto:v-sthaus () microsoft com>> wrote: Hello, After downloading<http://nmap.org/download.html> and installing the latest version of NMAP (6.47) for Windows zip we noticed that the nmap.exe file version was not updated to reflect the current version as shown below. Our vulnerability scanner is now flagging this as being vulnerable due to the file version displayed (6.0.2.0) but we are already updated to the non-vulnerable version of 6.47. Is there someone you can get me in touch with that can get this exe to display the correct version so we can remove the false +? Hi Steve, and thanks for the report. This is supposed to happen automatically as part of our build process, but something must be broken. I have filed a bug report on this so we can be sure to fix it before the next release: https://github.com/nmap/nmap/issues/45 Cheers, Fyodor I closed this bug report after fixing the issue (going forward) by making the Makefile rule for nmap.rc depend on nmap.h (which is where the version number is parsed from). I also made sure to add a command to our prerelease make target to guarantee that nmap.rc gets built before we release. This wasn't a problem when nmap.rc was not tracked in SVN, but it was added in this revision: ------------------------------------------------------------------------ r30239 | david | 2012-11-12 19:44:39 -0600 (Mon, 12 Nov 2012) | 8 lines Temporarily add back generated nmap.rc. This is needed from the Visual C++ GUI build, not only from make, and the GUI doesn't have a way to generate this file. It may be possible to have a Visual Basic script to the automatic updating of the version number, according to this article. http://support.microsoft.com/kb/237870 ------------------------------------------------------------------------ I'm going to look into that method, too, since I'm not super-happy about our dependence on Cygwin to do a Windows build, but that solution is farther off. Unfortunately, this doesn't do anything for the existing executable files out there. I tried to find a good native way to modify it (since the Nmap exe is not signed), but FileVersion is a read-only property in .NET. You can use ResHacker or another resource editor to change it, though. Otherwise, you'll have to wait (not long, I hope!) for the next release. Dan
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Windows NMAP.exe file version not reflecting current version 6.47 Steven Hauser (Linked Consulting) (Jan 13)
- Re: Windows NMAP.exe file version not reflecting current version 6.47 Fyodor (Jan 13)
- Re: Windows NMAP.exe file version not reflecting current version 6.47 Daniel Miller (Jan 14)
- RE: Windows NMAP.exe file version not reflecting current version 6.47 Steven Hauser (Linked Consulting) (Jan 14)
- RE: Windows NMAP.exe file version not reflecting current version 6.47 Steven Hauser (Linked Consulting) (Jan 14)
- Re: Windows NMAP.exe file version not reflecting current version 6.47 Daniel Miller (Jan 14)
- Re: Windows NMAP.exe file version not reflecting current version 6.47 Fyodor (Jan 13)