Different libxml2 versions in lxml and xmlsec misbehave
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lxml |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Hey there!
I got a weird issue that's reproducible but only on some environments. It's a regression between 4.6.5 and 4.7.1.
Something between xmlsec and doing .find() on its output.
Affected:
- ubuntu 20.04 + lxml 4.7.1 from manylinux wheels
- debian 11 + lxml 4.7.1 from manylinux wheels
Not affected:
- ubuntu 21.10 and 22.04
- arch linux
- lxml 4.6.5
- any lxml built from the source tree with static libxml off
- running under pytest on debian 11 + lxml 4.7.1
Seems to be independent of python versions (the debian 11 images are docker's python:3.8 and python:3.10)
I did a bisect with `make wheel_manylinux
The commit that introduced the issue is 7b941e58ab088a2
>commit 7b941e58ab088a2
>Author: Stefan Behnel <email address hidden>
>Date: Wed Nov 3 09:50:09 2021 +0100
>
> Switch to latest libxml2 2.9.12+ (unreleased) that has fixes for traversing lxml's fake root trees.
Library versions of the ubuntu 20.04 + python 3.8 running the commit above:
Python : sys.version_
lxml.etree : (4, 6, 4, 0)
libxml used : (2, 9, 12)
libxml compiled : (2, 9, 12)
libxslt used : (1, 1, 34)
libxslt compiled : (1, 1, 34)
ii libxml2:amd64 2.9.10+
ii libxmlsec1:amd64 1.2.28-2 amd64 XML security library
Library versions of the ubuntu 22.04 where this issue cannot be reproduced:
Python : sys.version_
lxml.etree : (4, 7, 1, 0)
libxml used : (2, 9, 12)
libxml compiled : (2, 9, 12)
libxslt used : (1, 1, 34)
libxslt compiled : (1, 1, 34)
ii libxml2:amd64 2.9.12+dfsg-5 amd64 GNOME XML library
ii libxmlsec1:amd64 1.2.33-1build1 amd64 XML security library
The test case: (testcase.py)
```
import xmlsec
from lxml import etree as ET
envelope = ET.fromstring(
signature = xmlsec.
envelope,
xmlsec.
xmlsec.
ns="ds"
)
ds = ET.QName(
canonicalizatio
if canonicalizatio
print('ok')
else:
print('fail')
exit(1)
```
Dockerfile based on debian 11:
```
FROM python:3.10
RUN apt update && \
apt install -y libxmlsec1 pkg-config libxmlsec1-dev && \
pip install xmlsec lxml
COPY testcase.py /usr/src/
```
Running:
$ docker build -t testcase .
$ docker run --rm -it -v $PWD:/usr/src testcase python /usr/src/
fail
Replacing this find:
signature.
with this:
signature.
...makes it succeed.
Absolutely no idea why this test case doesn't fail when running in the exact same docker container but under pytest, but I didn't get around to do much minimization of that setup
summary: |
- A specific .find() returns None since the switch to libxml2 2.9.12+ + Different libxml2 versions in lxml and xmlsec misbehave |
This seems to be the cause of https:/ /github. com/onelogin/ python3- saml/issues/ 292, for me the workaround is not to use official wheels, but build from the source, what will make it use system libxml....