Ubuntu
python-evtx package

[SRU] evtx_filter_records.py crashed with ModuleNotFoundError in Noble

Bug #2061668 reported by Sudip Mukherjee on 2024-04-15

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	python-evtx (Debian)	New	Unknown	debbugs #1069117
	python-evtx (Ubuntu)	Confirmed	Medium	Unassigned

Bug Description

[ Impact ]

evtx_filter_records.py will fail to run with the error:

$ evtx_filter_records.py --help
Traceback (most recent call last):
File "/usr/bin/evtx_filter_records.py", line 3, in <module>
from lxml import etree
ModuleNotFoundError: No module named 'lxml'

The error is because its missing one of the runtime dependencies.

[ Test Plan ]

1. install python3-evtx
2. execute evtx_filter_records.py

If the package is not fixed it will result in the above error.

With the fixed package it will print the help message:

$ evtx_filter_records.py --help
usage: evtx_filter_records.py [-h] evtx eid

Print only entries from an EVTX file with a given EID.

positional arguments:
evtx Path to the Windows EVTX file
eid The EID of records to print

options:
-h, --help show this help message and exit

[ Where problems could occur ]

There is no change in code and it only fixes a runtime dependency and so imho, there is very little chance of any regression.

[ Other Info ]

The test folder of the source package contains some .evtx file which we should be able to test but I am trying to figure out "EID" that needs to be mentioned as an argument

[ Original Bug Description ]

evtx_filter_records.py fails to run with the error:

$ evtx_filter_records.py
Traceback (most recent call last):
File "/usr/bin/evtx_filter_records.py", line 3, in <module>
from lxml import etree
ModuleNotFoundError: No module named 'lxml'

ProblemType: Crash
DistroRelease: Ubuntu 24.04
Package: python3-evtx 0.7.4-1
ProcVersionSignature: Ubuntu 6.8.0-22.22-generic 6.8.1
Uname: Linux 6.8.0-22-generic x86_64
ApportVersion: 2.28.0-0ubuntu1
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Mon Apr 15 20:30:18 2024
Dependencies:
python3-more-itertools 10.2.0-1
python3-pyparsing 3.1.1-1
python3-six 1.16.0-4
python3-zipp 1.0.0-6
ExecutablePath: /usr/bin/evtx_filter_records.py
InstallationDate: Installed on 2024-04-10 (5 days ago)
InstallationMedia: Ubuntu 24.04 LTS "Noble Numbat" - Beta amd64 (20240410)
InterpreterPath: /usr/bin/python3.12
JournalErrors: Apr 15 20:30:27 hostname gnome-shell[1186]: meta_window_set_stack_position_no_sync: assertion 'window->stack_position >= 0' failed
PackageArchitecture: all
ProcCmdline: /usr/bin/python3 /usr/bin/evtx_filter_records.py
Python3Details: /usr/bin/python3.12, Python 3.12.2, python3-minimal, 3.12.2-0ubuntu2
PythonArgs: ['/usr/bin/evtx_filter_records.py']
PythonDetails: N/A
SourcePackage: python-evtx
Title: evtx_filter_records.py crashed with ModuleNotFoundError in __main__: No module named 'lxml'
Traceback:
Traceback (most recent call last):
File "/usr/bin/evtx_filter_records.py", line 3, in <module>
from lxml import etree
ModuleNotFoundError: No module named 'lxml'
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sudo users

See original description

Tags:

Revision history for this message

Sudip Mukherjee (sudipmuk) wrote on 2024-04-15:

ProcCpuinfoMinimal.txt Edit (1.4 KiB, text/plain; charset="utf-8")
ProcEnviron.txt Edit (292 bytes, text/plain; charset="utf-8")
ProcMaps.txt Edit (18.0 KiB, text/plain; charset="utf-8")
ProcStatus.txt Edit (1.5 KiB, text/plain; charset="utf-8")

Sudip Mukherjee (sudipmuk) on 2024-04-15

information type:

Private → Public

Revision history for this message

Sudip Mukherjee (sudipmuk) wrote on 2024-04-15:

issue also seen on Mantic, Jammy and Focal apart from Noble.

Revision history for this message

Sudip Mukherjee (sudipmuk) wrote on 2024-04-16:

debdiff for Noble attached.
Will attach remaining debdiffs after release targets are added.

tags:	added: focal jammy mantic
Changed in python-evtx (Ubuntu):
status:	New → Confirmed

Bug Watch Updater (bug-watch-updater) on 2024-04-16

Changed in python-evtx (Debian):
status:	Unknown → New

Apport retracing service (apport) on 2024-04-24

tags:	removed: need-duplicate-check
Changed in python-evtx (Ubuntu):
importance:	Undecided → Medium

Revision history for this message

Sudip Mukherjee (sudipmuk) wrote on 2024-05-01:

python-evtx_noble.debdiff Edit (1.4 KiB, text/plain)

Attaching updated debdiff for Noble with modified version.

summary:	- evtx_filter_records.py crashed with ModuleNotFoundError in Noble + [SRU] evtx_filter_records.py crashed with ModuleNotFoundError in Noble
description:	updated