Ubuntu
python-evtx package

[SRU] evtx_filter_records.py crashed with ModuleNotFoundError in Noble

  1. Focal (20.04)
  2. Bug #2061668
Bug #2061668 reported by Sudip Mukherjee
14
This bug affects 1 person
Affects Status Importance Assigned to Milestone
python-evtx (Debian)
New
Unknown
python-evtx (Ubuntu)
Fix Released
Medium
Unassigned
Focal
Fix Committed
Undecided
Unassigned
Jammy
Fix Committed
Undecided
Unassigned
Mantic
Fix Committed
Undecided
Unassigned
Noble
Fix Committed
Undecided
Unassigned

Bug Description

[ Impact ]

evtx_filter_records.py will fail to run with the error:

$ evtx_filter_records.py --help
Traceback (most recent call last):
  File "/usr/bin/evtx_filter_records.py", line 3, in <module>
    from lxml import etree
ModuleNotFoundError: No module named 'lxml'

The error is because its missing one of the runtime dependencies.

[ Test Plan ]

1. install python3-evtx
2. execute evtx_filter_records.py

If the package is not fixed it will result in the above error.

With the fixed package it will print the help message:

$ evtx_filter_records.py --help
usage: evtx_filter_records.py [-h] evtx eid

Print only entries from an EVTX file with a given EID.

positional arguments:
  evtx Path to the Windows EVTX file
  eid The EID of records to print

options:
  -h, --help show this help message and exit

[ Where problems could occur ]

There is no change in code and it only fixes a runtime dependency and so imho, there is very little chance of any regression.

[ Other Info ]

The test folder of the source package contains some .evtx file which we should be able to test but I am trying to figure out "EID" that needs to be mentioned as an argument

[ Original Bug Description ]

evtx_filter_records.py fails to run with the error:

$ evtx_filter_records.py
Traceback (most recent call last):
  File "/usr/bin/evtx_filter_records.py", line 3, in <module>
    from lxml import etree
ModuleNotFoundError: No module named 'lxml'

ProblemType: Crash
DistroRelease: Ubuntu 24.04
Package: python3-evtx 0.7.4-1
ProcVersionSignature: Ubuntu 6.8.0-22.22-generic 6.8.1
Uname: Linux 6.8.0-22-generic x86_64
ApportVersion: 2.28.0-0ubuntu1
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Mon Apr 15 20:30:18 2024
Dependencies:
 python3-more-itertools 10.2.0-1
 python3-pyparsing 3.1.1-1
 python3-six 1.16.0-4
 python3-zipp 1.0.0-6
ExecutablePath: /usr/bin/evtx_filter_records.py
InstallationDate: Installed on 2024-04-10 (5 days ago)
InstallationMedia: Ubuntu 24.04 LTS "Noble Numbat" - Beta amd64 (20240410)
InterpreterPath: /usr/bin/python3.12
JournalErrors: Apr 15 20:30:27 hostname gnome-shell[1186]: meta_window_set_stack_position_no_sync: assertion 'window->stack_position >= 0' failed
PackageArchitecture: all
ProcCmdline: /usr/bin/python3 /usr/bin/evtx_filter_records.py
Python3Details: /usr/bin/python3.12, Python 3.12.2, python3-minimal, 3.12.2-0ubuntu2
PythonArgs: ['/usr/bin/evtx_filter_records.py']
PythonDetails: N/A
SourcePackage: python-evtx
Title: evtx_filter_records.py crashed with ModuleNotFoundError in __main__: No module named 'lxml'
Traceback:
 Traceback (most recent call last):
   File "/usr/bin/evtx_filter_records.py", line 3, in <module>
     from lxml import etree
 ModuleNotFoundError: No module named 'lxml'
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sudo users

See original description
Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :
Sudip Mukherjee (sudipmuk)
information type: Private → Public
Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

issue also seen on Mantic, Jammy and Focal apart from Noble.

Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

debdiff for Noble attached.
Will attach remaining debdiffs after release targets are added.

tags: added: focal jammy mantic
Changed in python-evtx (Ubuntu):
status: New → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in python-evtx (Debian):
status: Unknown → New
Apport retracing service (apport)
tags: removed: need-duplicate-check
Changed in python-evtx (Ubuntu):
importance: Undecided → Medium
Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

Attaching updated debdiff for Noble with modified version.

summary: - evtx_filter_records.py crashed with ModuleNotFoundError in Noble
+ [SRU] evtx_filter_records.py crashed with ModuleNotFoundError in Noble
description: updated
Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

Debdiff for Oracular

Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

Debdiff for Mantic

Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

Debdiff for Jammy

Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

debdiff for Focal

Revision history for this message
Dave Jones (waveform) wrote :

Confirmed on oracular; targetting for affected series and sponsoring for oracular, thanks!

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-evtx - 0.7.4-1ubuntu1

---------------
python-evtx (0.7.4-1ubuntu1) oracular; urgency=medium

  * d/control: Add runtime dependency to fix crash. (LP: #2061668)

 -- Sudip Mukherjee <email address hidden> Wed, 01 May 2024 21:15:46 +0100

Changed in python-evtx (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Lukas Märdian (slyon) wrote :

This doesn't seem to introduce a component-mismatch, so adding the new runtime dependeny should be fine IMO.

LGTM. Sponsored the SRU for Noble, Mantic, Jammy, Focal

Changed in python-evtx (Ubuntu Focal):
status: New → In Progress
Changed in python-evtx (Ubuntu Jammy):
status: New → In Progress
Changed in python-evtx (Ubuntu Mantic):
status: New → In Progress
Changed in python-evtx (Ubuntu Noble):
status: New → In Progress
Revision history for this message
Timo Aaltonen (tjaalton) wrote : Please test proposed package

Hello Sudip, or anyone else affected,

Accepted python-evtx into noble-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/python-evtx/0.7.4-1ubuntu0.24.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-noble to verification-done-noble. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-noble. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in python-evtx (Ubuntu Noble):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-noble
Changed in python-evtx (Ubuntu Mantic):
status: In Progress → Fix Committed
tags: added: verification-needed-mantic
Revision history for this message
Timo Aaltonen (tjaalton) wrote :

Hello Sudip, or anyone else affected,

Accepted python-evtx into mantic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/python-evtx/0.7.4-1ubuntu0.23.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-mantic to verification-done-mantic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-mantic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in python-evtx (Ubuntu Jammy):
status: In Progress → Fix Committed
tags: added: verification-needed-jammy
Revision history for this message
Timo Aaltonen (tjaalton) wrote :

Hello Sudip, or anyone else affected,

Accepted python-evtx into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/python-evtx/0.6.1-2ubuntu0.22.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in python-evtx (Ubuntu Focal):
status: In Progress → Fix Committed
tags: added: verification-needed-focal
Revision history for this message
Timo Aaltonen (tjaalton) wrote :

Hello Sudip, or anyone else affected,

Accepted python-evtx into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/python-evtx/0.6.1-2ubuntu0.20.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.