You are not logged in.

#1 2023-02-19 17:42:34

D3vil0p3r
Member
Registered: 2022-11-05
Posts: 180

Outdated impacket package and absent maintainer

Hello,
currently in Community repository, the package Impacket is outdated and flagged as outdated since May 2022 but the mantainer is absent. That version of impacket has blocking issues.

In cases like this where the maintainer does not maintain a package anymore, and the package is bugged and needs to be upgraded, how is the process?

Is it possible to upgrade Impacket package to the latest version please? Currently the latest version is 0.10.0. Source: https://github.com/fortra/impacket

Link: https://archlinux.org/packages/community/any/impacket/

Offline

#2 2023-02-21 21:29:44

teckk
Member
Registered: 2013-02-21
Posts: 519

Re: Outdated impacket package and absent maintainer

Modify the PKGBUILD and build/makepkg what you want.
https://github.com/archlinux/svntogit-c … k/PKGBUILD

source=(https://github.com/CoreSecurity/impacket/archive/impacket_${pkgver//./_}.tar.gz)
wget --spider https://github.com/CoreSecurity/impacket/archive/impacket_0_10_0.tar.gz
...
--2023-02-21 15:26:21--  https://codeload.github.com/fortra/impacket/tar.gz/refs/tags/impacket_0_10_0
Resolving codeload.github.com (codeload.github.com)... 140.82.113.10
Connecting to codeload.github.com (codeload.github.com)|140.82.113.10|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [application/x-gzip]
Remote file exists.

Offline

#3 2023-02-26 12:40:15

Stefan Husmann
Member
From: Germany
Registered: 2007-08-07
Posts: 1,391

Re: Outdated impacket package and absent maintainer

I do not see a recent bug report against impacket.

Offline

#4 2023-02-27 13:53:33

D3vil0p3r
Member
Registered: 2022-11-05
Posts: 180

Re: Outdated impacket package and absent maintainer

Thank you @teckk I will apply the changes in the PKGBUILD you linked to me.

@Stefan me and several users got several errors on using some impacket tools that were related to OpenSSL. It has been fixed with the latest impacket version. Maybe noone reported it because the package was already flagged as outdated.

Offline

#5 2023-02-27 13:59:35

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,524
Website

Re: Outdated impacket package and absent maintainer

I don't know if it applies in this case, but I'd not be surprised if many packagers have come to ignore outdated flags completely as they tend to provide more noise than signal due to being routinely misused / abused.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#6 2023-02-27 14:15:54

D3vil0p3r
Member
Registered: 2022-11-05
Posts: 180

Re: Outdated impacket package and absent maintainer

@teckk I tried to create a Pull Request on that PKGBUILD but all the PRs are closed by a bot because the repository is only read-only. How can we bump the impacket version on AL community repo?

Offline

#7 2023-02-27 15:40:32

V1del
Forum Moderator
Registered: 2012-10-16
Posts: 21,711

Re: Outdated impacket package and absent maintainer

You don't, you either wait for the maintainer to get to it or build it yourself. The maintainer isn't inherently absent, since there's recent activity in other packages. https://bbs.archlinux.org/viewtopic.php?id=130138 - note bullet point 6

Offline

#8 2023-02-27 15:43:13

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,524
Website

Re: Outdated impacket package and absent maintainer

And you still haven't submitted any bug report for the package.  Doing so is the best way to actually bring something relevant to the attention of the dev/packager.  If there are actual bugs, and they are fixed in more recent releases, I suspect a quality bug report will lead to a prompt update.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#9 2023-02-27 22:19:48

D3vil0p3r
Member
Registered: 2022-11-05
Posts: 180

Re: Outdated impacket package and absent maintainer

I didn't report it because on the bug tracker page is reported:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

I already created a pkg by my PKGBUILD, but for respecting all impacket users, I was pushing for its update.

UPDATE: sorry, I already reported the bug months ago, I didn't remember it: https://bugs.archlinux.org/task/76969?p … g=impacket

Last edited by D3vil0p3r (2023-02-27 22:24:36)

Offline

#10 2023-02-28 02:24:09

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,524
Website

Re: Outdated impacket package and absent maintainer

Yes, you should not report a bug if a package is just outdated.  But if there is an actual bug, the fact that it's also outdated shouldn't prevent bug reports.  But it seems I must have had a typo or something when I searched before as there are apparently a few bugs reported for the package - and I was also apparently wrong about a bug report being more likely to get attention.

Well, technically, I stand by that view: a bug report is more likely to, just not with 100% certainty.  I don't know anything about this software to comment in detail, but that seems like a clear and reasonable bug report - it's unfortunate that it has not been addressed in any way.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#11 2023-02-28 18:00:41

D3vil0p3r
Member
Registered: 2022-11-05
Posts: 180

Re: Outdated impacket package and absent maintainer

Trilby wrote:

Yes, you should not report a bug if a package is just outdated.  But if there is an actual bug, the fact that it's also outdated shouldn't prevent bug reports.  But it seems I must have had a typo or something when I searched before as there are apparently a few bugs reported for the package - and I was also apparently wrong about a bug report being more likely to get attention.

Well, technically, I stand by that view: a bug report is more likely to, just not with 100% certainty.  I don't know anything about this software to comment in detail, but that seems like a clear and reasonable bug report - it's unfortunate that it has not been addressed in any way.

This tool is one of the main tools used by pentesters and InfoSec specialists, used also in a job environment. I hope it will be addressed asap, even though the pkg has been sadly untouched for several months.

Offline

#12 2023-02-28 20:42:53

seth
Member
Registered: 2012-09-03
Posts: 51,143

Re: Outdated impacket package and absent maintainer

https://bugs.archlinux.org/task/76969?project=5&string=impacket wrote:

The Impacket version in BlackArch has this bug and does not allow to use mssqlclient.py tool. By upgrading Impacket to the latest version will solve the issue.

https://bbs.archlinux.org/misc.php?action=rules

Also the bug report is a mess.
Starting by the markdown attempts, continuing with it being mostly an upstream report that buries the relevant

By upgrading Impacket to the latest version will solve the issue.

going on to only talk about the git master and finishing with the ill-advised "pip install" PSA.

Delete that bug, file a new one.
Point out that the 9.24 release uses a dated version of TLS which is incompatible w/ recent versions of SSL and that the 10.0 release fixed that 10 months ago.
Something the package maintainer might actually care about.

one of the main tools used by pentesters and InfoSec specialists

impacket wrote:

Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch, as well as parsed from raw data, and the object-oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library.

Offline

#13 2023-03-04 15:10:33

D3vil0p3r
Member
Registered: 2022-11-05
Posts: 180

Re: Outdated impacket package and absent maintainer

seth wrote:
https://bugs.archlinux.org/task/76969?project=5&string=impacket wrote:

The Impacket version in BlackArch has this bug and does not allow to use mssqlclient.py tool. By upgrading Impacket to the latest version will solve the issue.

https://bbs.archlinux.org/misc.php?action=rules

Also the bug report is a mess.
Starting by the markdown attempts, continuing with it being mostly an upstream report that buries the relevant

By upgrading Impacket to the latest version will solve the issue.

going on to only talk about the git master and finishing with the ill-advised "pip install" PSA.

Delete that bug, file a new one.
Point out that the 9.24 release uses a dated version of TLS which is incompatible w/ recent versions of SSL and that the 10.0 release fixed that 10 months ago.
Something the package maintainer might actually care about.

one of the main tools used by pentesters and InfoSec specialists

impacket wrote:

Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch, as well as parsed from raw data, and the object-oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library.


Just done. I see I cannot delete the old bug I opened, I can only request for closing the bug.. Thanks for the tip and let's hope the package maintainer wakes up.

Last edited by D3vil0p3r (2023-03-04 15:12:22)

Offline

#14 2023-04-11 19:30:20

D3vil0p3r
Member
Registered: 2022-11-05
Posts: 180

Re: Outdated impacket package and absent maintainer

After more than one month still nothing. Only Levente Polyak can manage and update the package?

Offline

#15 2023-04-12 07:56:30

Lone_Wolf
Member
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 11,919

Re: Outdated impacket package and absent maintainer

Nope other arch devs can also update it. 
Currently there's a python rebuild being prepared and Felix Yan has updated it to 0.9.24-2 , see https://archlinux.org/packages/communit … /impacket/ .
Try contacting them directly.


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.


(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

#16 2023-04-16 14:38:49

D3vil0p3r
Member
Registered: 2022-11-05
Posts: 180

Re: Outdated impacket package and absent maintainer

Lone_Wolf wrote:

Nope other arch devs can also update it. 
Currently there's a python rebuild being prepared and Felix Yan has updated it to 0.9.24-2 , see https://archlinux.org/packages/communit … /impacket/ .
Try contacting them directly.

Thank you, I contacted the new maintainer. I wrote it an email related to the new 0.10.0 version and the missing dependencies too. Let's hope it will go well.

Offline

#17 2023-04-16 20:15:44

loqs
Member
Registered: 2014-03-06
Posts: 17,362

Re: Outdated impacket package and absent maintainer

D3vil0p3r wrote:
Lone_Wolf wrote:

Nope other arch devs can also update it. 
Currently there's a python rebuild being prepared and Felix Yan has updated it to 0.9.24-2 , see https://archlinux.org/packages/communit … /impacket/ .
Try contacting them directly.

Thank you, I contacted the new maintainer.

Rebuilding a package does not make them the maintainer of that package.

Offline

Board footer

Powered by FluxBB