Ubuntu
python-evtx package

[SRU] evtx_filter_records.py crashed with ModuleNotFoundError in Noble

  1. Noble (24.04)
  2. Bug #2061668
Bug #2061668 reported by Sudip Mukherjee
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
python-evtx (Debian)
New
Unknown
python-evtx (Ubuntu)
Fix Released
Medium
Unassigned
Focal
Fix Released
Undecided
Unassigned
Jammy
Fix Released
Undecided
Unassigned
Mantic
Fix Released
Undecided
Unassigned
Noble
Fix Released
Undecided
Unassigned

Bug Description

[ Impact ]

evtx_filter_records.py will fail to run with the error:

$ evtx_filter_records.py --help
Traceback (most recent call last):
  File "/usr/bin/evtx_filter_records.py", line 3, in <module>
    from lxml import etree
ModuleNotFoundError: No module named 'lxml'

The error is because its missing one of the runtime dependencies.

[ Test Plan ]

1. install python3-evtx
2. execute evtx_filter_records.py

If the package is not fixed it will result in the above error.

With the fixed package it will print the help message:

$ evtx_filter_records.py --help
usage: evtx_filter_records.py [-h] evtx eid

Print only entries from an EVTX file with a given EID.

positional arguments:
  evtx Path to the Windows EVTX file
  eid The EID of records to print

options:
  -h, --help show this help message and exit

[ Where problems could occur ]

There is no change in code and it only fixes a runtime dependency and so imho, there is very little chance of any regression.

[ Other Info ]

The test folder of the source package contains some .evtx file which we should be able to test but I am trying to figure out "EID" that needs to be mentioned as an argument

[ Original Bug Description ]

evtx_filter_records.py fails to run with the error:

$ evtx_filter_records.py
Traceback (most recent call last):
  File "/usr/bin/evtx_filter_records.py", line 3, in <module>
    from lxml import etree
ModuleNotFoundError: No module named 'lxml'

ProblemType: Crash
DistroRelease: Ubuntu 24.04
Package: python3-evtx 0.7.4-1
ProcVersionSignature: Ubuntu 6.8.0-22.22-generic 6.8.1
Uname: Linux 6.8.0-22-generic x86_64
ApportVersion: 2.28.0-0ubuntu1
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Mon Apr 15 20:30:18 2024
Dependencies:
 python3-more-itertools 10.2.0-1
 python3-pyparsing 3.1.1-1
 python3-six 1.16.0-4
 python3-zipp 1.0.0-6
ExecutablePath: /usr/bin/evtx_filter_records.py
InstallationDate: Installed on 2024-04-10 (5 days ago)
InstallationMedia: Ubuntu 24.04 LTS "Noble Numbat" - Beta amd64 (20240410)
InterpreterPath: /usr/bin/python3.12
JournalErrors: Apr 15 20:30:27 hostname gnome-shell[1186]: meta_window_set_stack_position_no_sync: assertion 'window->stack_position >= 0' failed
PackageArchitecture: all
ProcCmdline: /usr/bin/python3 /usr/bin/evtx_filter_records.py
Python3Details: /usr/bin/python3.12, Python 3.12.2, python3-minimal, 3.12.2-0ubuntu2
PythonArgs: ['/usr/bin/evtx_filter_records.py']
PythonDetails: N/A
SourcePackage: python-evtx
Title: evtx_filter_records.py crashed with ModuleNotFoundError in __main__: No module named 'lxml'
Traceback:
 Traceback (most recent call last):
   File "/usr/bin/evtx_filter_records.py", line 3, in <module>
     from lxml import etree
 ModuleNotFoundError: No module named 'lxml'
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sudo users

See original description
Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :
Sudip Mukherjee (sudipmuk)
information type: Private → Public
Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

issue also seen on Mantic, Jammy and Focal apart from Noble.

Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

debdiff for Noble attached.
Will attach remaining debdiffs after release targets are added.

tags: added: focal jammy mantic
Changed in python-evtx (Ubuntu):
status: New → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in python-evtx (Debian):
status: Unknown → New
Apport retracing service (apport)
tags: removed: need-duplicate-check
Changed in python-evtx (Ubuntu):
importance: Undecided → Medium
Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

Attaching updated debdiff for Noble with modified version.

summary: - evtx_filter_records.py crashed with ModuleNotFoundError in Noble
+ [SRU] evtx_filter_records.py crashed with ModuleNotFoundError in Noble
description: updated
Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

Debdiff for Oracular

Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

Debdiff for Mantic

Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

Debdiff for Jammy

Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

debdiff for Focal

Revision history for this message
Dave Jones (waveform) wrote :

Confirmed on oracular; targetting for affected series and sponsoring for oracular, thanks!

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-evtx - 0.7.4-1ubuntu1

---------------
python-evtx (0.7.4-1ubuntu1) oracular; urgency=medium

  * d/control: Add runtime dependency to fix crash. (LP: #2061668)

 -- Sudip Mukherjee <email address hidden> Wed, 01 May 2024 21:15:46 +0100

Changed in python-evtx (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Lukas Märdian (slyon) wrote :

This doesn't seem to introduce a component-mismatch, so adding the new runtime dependeny should be fine IMO.

LGTM. Sponsored the SRU for Noble, Mantic, Jammy, Focal

Changed in python-evtx (Ubuntu Focal):
status: New → In Progress
Changed in python-evtx (Ubuntu Jammy):
status: New → In Progress
Changed in python-evtx (Ubuntu Mantic):
status: New → In Progress
Changed in python-evtx (Ubuntu Noble):
status: New → In Progress
Revision history for this message
Timo Aaltonen (tjaalton) wrote : Please test proposed package

Hello Sudip, or anyone else affected,

Accepted python-evtx into noble-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/python-evtx/0.7.4-1ubuntu0.24.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-noble to verification-done-noble. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-noble. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in python-evtx (Ubuntu Noble):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-noble
Changed in python-evtx (Ubuntu Mantic):
status: In Progress → Fix Committed
tags: added: verification-needed-mantic
Revision history for this message
Timo Aaltonen (tjaalton) wrote :

Hello Sudip, or anyone else affected,

Accepted python-evtx into mantic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/python-evtx/0.7.4-1ubuntu0.23.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-mantic to verification-done-mantic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-mantic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in python-evtx (Ubuntu Jammy):
status: In Progress → Fix Committed
tags: added: verification-needed-jammy
Revision history for this message
Timo Aaltonen (tjaalton) wrote :

Hello Sudip, or anyone else affected,

Accepted python-evtx into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/python-evtx/0.6.1-2ubuntu0.22.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in python-evtx (Ubuntu Focal):
status: In Progress → Fix Committed
tags: added: verification-needed-focal
Revision history for this message
Timo Aaltonen (tjaalton) wrote :

Hello Sudip, or anyone else affected,

Accepted python-evtx into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/python-evtx/0.6.1-2ubuntu0.20.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

I can confirm that python3-evtx from noble-proposed has fixed the bug for me.

Test done:

installed python3-evtx and execute 'evtx_filter_records.py' to confirm it still fails to run.

Added noble-proposed to apt sources.
install python3-evtx from noble-proposed.

followed the testplan and executed "evtx_filter_records.py --help" which showed the help message.

Package tested:

$ apt-cache policy python3-evtx
python3-evtx:
  Installed: 0.7.4-1ubuntu0.24.04.1
  Candidate: 0.7.4-1ubuntu0.24.04.1
  Version table:
 *** 0.7.4-1ubuntu0.24.04.1 100
        100 http://gb.archive.ubuntu.com/ubuntu noble-proposed/universe amd64 Packages
        100 /var/lib/dpkg/status
     0.7.4-1 500
        500 http://gb.archive.ubuntu.com/ubuntu noble/universe amd64 Packages

Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

I can confirm that python3-evtx from mantic-proposed has fixed the bug for me.

Test done:

installed python3-evtx and execute 'evtx_filter_records.py' to confirm it still fails to run.

Added mantic-proposed to apt sources.
install python3-evtx from mantic-proposed.

followed the testplan and executed "evtx_filter_records.py --help" which showed the help message.

Package tested:

$ apt-cache policy python3-evtx
python3-evtx:
  Installed: 0.7.4-1ubuntu0.23.10.1
  Candidate: 0.7.4-1ubuntu0.23.10.1
  Version table:
 *** 0.7.4-1ubuntu0.23.10.1 100
        100 http://us.archive.ubuntu.com/ubuntu mantic-proposed/universe amd64 Packages
        100 /var/lib/dpkg/status
     0.7.4-1 500
        500 http://us.archive.ubuntu.com/ubuntu mantic/universe amd64 Packages

Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

I can confirm that python3-evtx from jammy-proposed has fixed the bug for me.

Test done:

installed python3-evtx and execute 'evtx_filter_records.py' to confirm it still fails to run.

Added jammy-proposed to apt sources.
install python3-evtx from jammy-proposed.

followed the testplan and executed "evtx_filter_records.py --help" which showed the help message.

Package tested:

$ apt-cache policy python3-evtx
python3-evtx:
  Installed: 0.6.1-2ubuntu0.22.04.1
  Candidate: 0.6.1-2ubuntu0.22.04.1
  Version table:
 *** 0.6.1-2ubuntu0.22.04.1 500
        500 http://gb.archive.ubuntu.com/ubuntu jammy-proposed/universe amd64 Packages
        500 http://gb.archive.ubuntu.com/ubuntu jammy-proposed/universe i386 Packages
        100 /var/lib/dpkg/status
     0.6.1-2 500
        500 http://gb.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages
        500 http://gb.archive.ubuntu.com/ubuntu jammy/universe i386 Packages

Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

I can confirm that python3-evtx from focal-proposed has fixed the bug for me.

Test done:

installed python3-evtx and execute 'evtx_filter_records.py' to confirm it still fails to run.

Added focal-proposed to apt sources.
install python3-evtx from focal-proposed.

followed the testplan and executed "evtx_filter_records.py --help" which showed the help message.

Package tested:

$ apt-cache policy python3-evtx
python3-evtx:
  Installed: 0.6.1-2ubuntu0.20.04.1
  Candidate: 0.6.1-2ubuntu0.20.04.1
  Version table:
 *** 0.6.1-2ubuntu0.20.04.1 500
        500 http://gb.archive.ubuntu.com/ubuntu focal-proposed/universe amd64 Packages
        500 http://gb.archive.ubuntu.com/ubuntu focal-proposed/universe i386 Packages
        100 /var/lib/dpkg/status
     0.6.1-2 500
        500 http://gb.archive.ubuntu.com/ubuntu focal/universe amd64 Packages
        500 http://gb.archive.ubuntu.com/ubuntu focal/universe i386 Packages

tags: added: verification-done verification-done-focal verification-done-jammy verification-done-mantic verification-done-noble
removed: verification-needed verification-needed-focal verification-needed-jammy verification-needed-mantic verification-needed-noble
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-evtx - 0.6.1-2ubuntu0.20.04.1

---------------
python-evtx (0.6.1-2ubuntu0.20.04.1) focal; urgency=medium

  * d/control: Add runtime dependency to fix crash. (LP: #2061668)

 -- Sudip Mukherjee <email address hidden> Wed, 01 May 2024 21:52:29 +0100

Changed in python-evtx (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Chris Halse Rogers (raof) wrote : Update Released

The verification of the Stable Release Update for python-evtx has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-evtx - 0.6.1-2ubuntu0.22.04.1

---------------
python-evtx (0.6.1-2ubuntu0.22.04.1) jammy; urgency=medium

  * d/control: Add runtime dependency to fix crash. (LP: #2061668)

 -- Sudip Mukherjee <email address hidden> Wed, 01 May 2024 21:47:56 +0100

Changed in python-evtx (Ubuntu Jammy):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-evtx - 0.7.4-1ubuntu0.23.10.1

---------------
python-evtx (0.7.4-1ubuntu0.23.10.1) mantic; urgency=medium

  * d/control: Add runtime dependency to fix crash. (LP: #2061668)

 -- Sudip Mukherjee <email address hidden> Wed, 01 May 2024 21:43:27 +0100

Changed in python-evtx (Ubuntu Mantic):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-evtx - 0.7.4-1ubuntu0.24.04.1

---------------
python-evtx (0.7.4-1ubuntu0.24.04.1) noble; urgency=medium

  * d/control: Add runtime dependency to fix crash. (LP: #2061668)

 -- Sudip Mukherjee <email address hidden> Wed, 01 May 2024 21:21:26 +0100

Changed in python-evtx (Ubuntu Noble):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.