mailing list archives
RE: Please help..
From: "Rob Nicholls" <robert () everythingeverything co uk>
Date: Thu, 12 Jun 2008 16:40:46 +0100
I was looking at the nmap-dev archive and spotted that jah had already
discussed all of this, so credit should definitely go to him, as I was
just independently re-inventing the same wheel. I also just spotted that
someone else had already identified the "16" bug at
http://www.mail-archive.com/openssl-dev () openssl org/msg24055.html
Until recently, we seem to have avoided msvcr80.dll dependency issues (and
can continue to avoid them through static linking), but given the warning in
OpenSSL's INSTALL.W32 that jah mentioned and the fact that Microsoft doesn't
recommend static linking either, perhaps we should consider distributing
the vcredist_x86.exe and vcredist_x64.exe files with Nmap after all?
I can probably re-use the logic from the WinPcap patch I submitted yesterday
in Nmap's setup file so it will launch the correct vcredist file for x86/x64
users if they choose to install it (we can do an unattended install and
silent installation can still be supported). It would also save someone
from having to modify ntdll.mak by hand every time we upgrade OpenSSL. Then
we'd only need to remember to update the 2005 (or 2005 SP1) vcredist files
to the 2008 versions whenever we start compiling Nmap with VS2008 (they
confusingly/annoyingly have the same filenames, and the commands in the NSIS
file may need tweaking to maintain the silent install).
From: Rob Nicholls [mailto:robert () everythingeverything co uk]
Sent: 11 June 2008 14:52
So, in summary, it looks like we can use static linking to avoid adding
msvcr80.dll as a dependency to bit.dll, libeay32.dll and ssleay32.dll.
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org