Nmap package missing lua libraries, also doesn't look in debian locations

Hello,

This bug is being worked on in Debian and shall follow into Ubuntu in the Jaunty release. I have uploaded a fixed package to mentors.debian.net and it is currently awaiting upload.

Thanks,
Jonathan

Confirmed on Intrepid 8.10

I confirm this in Jaunty:
SCRIPT ENGINE: Initiating script scanning.
SCRIPT ENGINE: error while initializing script rules:
/usr/share/nmap/scripts/dns-test-open-recursion.nse:12: module 'comm' not found:
 no field package.preload['comm']
 no file '/usr/share/nmap/nselib/comm.lua'
 no file './comm.lua'
 no file '/usr/local/share/lua/5.1/comm.lua'
 no file '/usr/local/share/lua/5.1/comm/init.lua'
 no file '/usr/local/lib/lua/5.1/comm.lua'
 no file '/usr/local/lib/lua/5.1/comm/init.lua'
 no file '/usr/lib/nmap/nselib-bin/comm.so'
 no file './comm.so'
 no file '/usr/local/lib/lua/5.1/comm.so'
 no file '/usr/local/lib/lua/5.1/loadall.so'
stack traceback:
 [C]: in function 'require'
 /usr/share/nmap/scripts/dns-test-open-recursion.nse:12: in main chunk
 [C]: ?
 [C]: in function 'Entry'
 /usr/share/nmap/scripts/script.db:1: in main chunk
 [C]: ?
 [C]: ?

SCRIPT ENGINE: Aborting script scan.

From reading the comments above I get the idea that this bug will not be fixed for current LTS and Intrepid. Is this correct? I hope not.

Until someone's assigned to this bug, it's impossible that it gets fixed, sorry..

@ Claudio Of course you can fix it, download the latest Build of NMAP from fyodors site, current build is Nmap 4.85BETA7

Then just configure and make from source (as root).. Install over the old package & lua is all working again!

Broken packages are not the end of the world, I find downloading them from the source tree instead of waiting for someone to fix the problem in the debian repo, is sometimes a far quicker solution to the problem at hand.

But that's NOT a fix.
People who are not so skilled in using Ubuntu, don't even know what a terminal is, because they never use it.
Actually, I am compiling day-by-day the latest SVN revision in Jaunty, but this is because I am able to; what do you think a person who never compiled sources will understand about "just configure and make from source (as root)"?
This need to be fixed in repos, users must be able to use nmap without compiling sources or tricking in any way...

If they have no experience of compiling the package then it'll be a good learning experience for them.. Not every package in existence is listed in the repository. For example aircrack-ng, is also missing various options because its not up-to date with the current build, it's current @ Rc3 but in the repository it's still hinging at Rc1.. which is almost ancient.

If they dont keep up to date with the builds then of course something is going to break and need fixing!

This is the bug tracker for the Ubuntu nmap package.
Please take all discussion of the merits of distribution packaging vs DIY to a different location, as they are orthogonal to this bug.
Thank you.

Dear Spink,

Sorry I thought GNU/Linux was supposed to be better than Microsoft with regards to important updates, but of course if the /developers can't stay current with important stuff like OpenSSH (5.1 instead of 5.2) ClamAV 0.94 newest scanning engine 0.95 and by the time we all get it, ClamAV will be probably be version 0.96! If their too busy playing with new stuff like Jaunty, then of course, when some script kiddie has buried himself deep into their servers, they can all sit around and scratch their heads wondering how it happened, whilst they have let the package maintainers & dependencies slip slowly downstream. Pure negligence. If using Linux has taught me anything, it's simply that you do not sit around waiting for something bad to happen till it's too late!

I suggest you to ask for a place with Ubuntu Developers, so you will be able to update personally those packages and to guarantee to every Ubuntu user that their packages are up-to-date. During this, you may discover that software must be tested, before release, and that, in order to provide the best for your customers, sometimes you must stick to old-but-heavily-tested software, instead of running towards a beta that may contain dangerous code.

I'm marking this as Fix Released as it is fixed in at least the two previous releases, and the development version. If this is still an issue on Hardy, can someone update the bug accordingly.

Thanks