Databases
StackOverflow2013
Postsdbo
POVisual Studio 2005 security updates and CRT DLL versions in manifest
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POVisual Studio 2005 security updates and CRT DLL versions in manifest
    text
    copied!<p>Recent Visual Studio 2005 security updates may be causing problems for us.</p> <p>We build and internally distribute SDKs written in C++. These SDKs are a collection of header files and static libraries only. After installing the security updates our SDKs now depend on the newer versions of the MSVC CRT DLLs. These SDKs are used downstream in projects which produce EXE files.</p> <p>If one of these EXE files is built with a mix of SDKs (some from before the security updates, some from after), then the EXE file produced makes reference to two sets of MSVC runtime DLLs. E.g:</p> <pre><code>&lt;assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"&gt; &lt;dependency&gt; &lt;dependentAssembly&gt; &lt;assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.4053" processorArchitecture="amd64" publicKeyToken="1fc8b3b9a1e18e3b"&gt; &lt;/assemblyIdentity&gt; &lt;/dependentAssembly&gt; &lt;/dependency&gt; &lt;dependency&gt; &lt;dependentAssembly&gt; &lt;assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.762" processorArchitecture="amd64" publicKeyToken="1fc8b3b9a1e18e3b"&gt; &lt;/assemblyIdentity&gt; &lt;/dependentAssembly&gt; &lt;/dependency&gt; &lt;/assembly&gt; </code></pre> <p>Does this mean that at runtime this EXE will be using both versions of the DLL? Does this mean we must distribute both versions of the MSVC Runtime DLLs with this EXE?</p> <p>Is there a simple way to avoid this problem without forcing all SDKs to be built with the Visual Studio 2005 security patches in place? (This would be undesirable for some of the older and quite stable SDKs that we don't want to rebuild unnecessarily)</p> <p>Is is possible to simply rewrite the manifest file on either the SDKs or the final EXE file so that only one version of the MSVC CRT DLLs are mentioned?</p> <hr> <p>My understanding is that the relevant updates are as follows:</p> <p>Security update for Microsoft Visual Studio 2005 Service Pack 1: KB971090</p> <p><a href="http://go.microsoft.com/fwlink/?LinkId=155934" rel="nofollow noreferrer">http://go.microsoft.com/fwlink/?LinkId=155934</a></p> <p>Security update for Microsoft Visual Studio 2008 Service Pack 1: KB971092</p> <p><a href="http://go.microsoft.com/fwlink/?LinkID=155933" rel="nofollow noreferrer">http://go.microsoft.com/fwlink/?LinkID=155933</a></p> <hr> <p>I have discovered two other questions which are similar:</p> <p><a href="https://stackoverflow.com/questions/1238376/vc-kb971090-and-selecting-visual-c-runtime-dll-dependencies">VC++: KB971090 and selecting Visual C Runtime DLL dependencies</a></p> <p><a href="https://stackoverflow.com/questions/1238741/does-the-latest-visual-studio-2005-security-update-cause-c-runtime-library-issues">Does the latest Visual Studio 2005 Security Update cause C runtime library issues when hot fixing customer sites</a></p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload