You are not logged in.
- Topics: Active | Unanswered
#1 2023-02-19 17:42:34
- D3vil0p3r
- Member
- Registered: 2022-11-05
- Posts: 46
Outdated impacket package and absent maintainer
Hello,
currently in Community repository, the package Impacket is outdated and flagged as outdated since May 2022 but the mantainer is absent. That version of impacket has blocking issues.
In cases like this where the maintainer does not maintain a package anymore, and the package is bugged and needs to be upgraded, how is the process?
Is it possible to upgrade Impacket package to the latest version please? Currently the latest version is 0.10.0. Source: https://github.com/fortra/impacket
Link: https://archlinux.org/packages/community/any/impacket/
Offline
#2 2023-02-21 21:29:44
- teckk
- Member
- Registered: 2013-02-21
- Posts: 474
Re: Outdated impacket package and absent maintainer
Modify the PKGBUILD and build/makepkg what you want.
https://github.com/archlinux/svntogit-c … k/PKGBUILD
source=(https://github.com/CoreSecurity/impacket/archive/impacket_${pkgver//./_}.tar.gz)wget --spider https://github.com/CoreSecurity/impacket/archive/impacket_0_10_0.tar.gz
...
--2023-02-21 15:26:21-- https://codeload.github.com/fortra/impacket/tar.gz/refs/tags/impacket_0_10_0
Resolving codeload.github.com (codeload.github.com)... 140.82.113.10
Connecting to codeload.github.com (codeload.github.com)|140.82.113.10|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [application/x-gzip]
Remote file exists.Offline
#3 2023-02-26 12:40:15
- Stefan Husmann
- Member
- From: Germany
- Registered: 2007-08-07
- Posts: 1,302
Re: Outdated impacket package and absent maintainer
I do not see a recent bug report against impacket.
Offline
#4 2023-02-27 13:53:33
- D3vil0p3r
- Member
- Registered: 2022-11-05
- Posts: 46
Re: Outdated impacket package and absent maintainer
Thank you @teckk I will apply the changes in the PKGBUILD you linked to me.
@Stefan me and several users got several errors on using some impacket tools that were related to OpenSSL. It has been fixed with the latest impacket version. Maybe noone reported it because the package was already flagged as outdated.
Offline
#5 2023-02-27 13:59:35
- Trilby
- Inspector Parrot
- Registered: 2011-11-29
- Posts: 28,042
- Website
Re: Outdated impacket package and absent maintainer
I don't know if it applies in this case, but I'd not be surprised if many packagers have come to ignore outdated flags completely as they tend to provide more noise than signal due to being routinely misused / abused.
"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" - Richard Stallman
Offline
#6 2023-02-27 14:15:54
- D3vil0p3r
- Member
- Registered: 2022-11-05
- Posts: 46
Re: Outdated impacket package and absent maintainer
@teckk I tried to create a Pull Request on that PKGBUILD but all the PRs are closed by a bot because the repository is only read-only. How can we bump the impacket version on AL community repo?
Offline
#7 2023-02-27 15:40:32
- V1del
- Forum Moderator
- Registered: 2012-10-16
- Posts: 18,724
Re: Outdated impacket package and absent maintainer
You don't, you either wait for the maintainer to get to it or build it yourself. The maintainer isn't inherently absent, since there's recent activity in other packages. https://bbs.archlinux.org/viewtopic.php?id=130138 - note bullet point 6
Offline
#8 2023-02-27 15:43:13
- Trilby
- Inspector Parrot
- Registered: 2011-11-29
- Posts: 28,042
- Website
Re: Outdated impacket package and absent maintainer
And you still haven't submitted any bug report for the package. Doing so is the best way to actually bring something relevant to the attention of the dev/packager. If there are actual bugs, and they are fixed in more recent releases, I suspect a quality bug report will lead to a prompt update.
"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" - Richard Stallman
Offline
#9 2023-02-27 22:19:48
- D3vil0p3r
- Member
- Registered: 2022-11-05
- Posts: 46
Re: Outdated impacket package and absent maintainer
I didn't report it because on the bug tracker page is reported:
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.I already created a pkg by my PKGBUILD, but for respecting all impacket users, I was pushing for its update.
UPDATE: sorry, I already reported the bug months ago, I didn't remember it: https://bugs.archlinux.org/task/76969?p … g=impacket
Last edited by D3vil0p3r (2023-02-27 22:24:36)
Offline
#10 2023-02-28 02:24:09
- Trilby
- Inspector Parrot
- Registered: 2011-11-29
- Posts: 28,042
- Website
Re: Outdated impacket package and absent maintainer
Yes, you should not report a bug if a package is just outdated. But if there is an actual bug, the fact that it's also outdated shouldn't prevent bug reports. But it seems I must have had a typo or something when I searched before as there are apparently a few bugs reported for the package - and I was also apparently wrong about a bug report being more likely to get attention.
Well, technically, I stand by that view: a bug report is more likely to, just not with 100% certainty. I don't know anything about this software to comment in detail, but that seems like a clear and reasonable bug report - it's unfortunate that it has not been addressed in any way.
"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" - Richard Stallman
Offline
#11 2023-02-28 18:00:41
- D3vil0p3r
- Member
- Registered: 2022-11-05
- Posts: 46
Re: Outdated impacket package and absent maintainer
Yes, you should not report a bug if a package is just outdated. But if there is an actual bug, the fact that it's also outdated shouldn't prevent bug reports. But it seems I must have had a typo or something when I searched before as there are apparently a few bugs reported for the package - and I was also apparently wrong about a bug report being more likely to get attention.
Well, technically, I stand by that view: a bug report is more likely to, just not with 100% certainty. I don't know anything about this software to comment in detail, but that seems like a clear and reasonable bug report - it's unfortunate that it has not been addressed in any way.
This tool is one of the main tools used by pentesters and InfoSec specialists, used also in a job environment. I hope it will be addressed asap, even though the pkg has been sadly untouched for several months.
Offline
#12 2023-02-28 20:42:53
- seth
- Member
- Registered: 2012-09-03
- Posts: 36,864
Re: Outdated impacket package and absent maintainer
The Impacket version in BlackArch has this bug and does not allow to use mssqlclient.py tool. By upgrading Impacket to the latest version will solve the issue.
https://bbs.archlinux.org/misc.php?action=rules
Also the bug report is a mess.
Starting by the markdown attempts, continuing with it being mostly an upstream report that buries the relevant
By upgrading Impacket to the latest version will solve the issue.
going on to only talk about the git master and finishing with the ill-advised "pip install" PSA.
Delete that bug, file a new one.
Point out that the 9.24 release uses a dated version of TLS which is incompatible w/ recent versions of SSL and that the 10.0 release fixed that 10 months ago.
Something the package maintainer might actually care about.
one of the main tools used by pentesters and InfoSec specialists
Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch, as well as parsed from raw data, and the object-oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library.
Offline
#13 2023-03-04 15:10:33
- D3vil0p3r
- Member
- Registered: 2022-11-05
- Posts: 46
Re: Outdated impacket package and absent maintainer
https://bugs.archlinux.org/task/76969?project=5&string=impacket wrote:The Impacket version in BlackArch has this bug and does not allow to use mssqlclient.py tool. By upgrading Impacket to the latest version will solve the issue.
https://bbs.archlinux.org/misc.php?action=rules
Also the bug report is a mess.
Starting by the markdown attempts, continuing with it being mostly an upstream report that buries the relevantBy upgrading Impacket to the latest version will solve the issue.
going on to only talk about the git master and finishing with the ill-advised "pip install" PSA.
Delete that bug, file a new one.
Point out that the 9.24 release uses a dated version of TLS which is incompatible w/ recent versions of SSL and that the 10.0 release fixed that 10 months ago.
Something the package maintainer might actually care about.one of the main tools used by pentesters and InfoSec specialists
impacket wrote:Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch, as well as parsed from raw data, and the object-oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library.
Just done. I see I cannot delete the old bug I opened, I can only request for closing the bug.. Thanks for the tip and let's hope the package maintainer wakes up.
Last edited by D3vil0p3r (2023-03-04 15:12:22)
Offline