openleadr-python icon indicating copy to clipboard operation
openleadr-python copied to clipboard

Published 20 hours ago verified publisher icon OpenLEADR

Expat changes causing issues

Open robertcragie opened this issue 3 years ago • 10 comments

Recent changes in the expat library now cause OpenLEADR to fail using:

libexpat1:
  Installed: 2.2.9-1ubuntu0.2
  Candidate: 2.2.9-1ubuntu0.2
  Version table:
 *** 2.2.9-1ubuntu0.2 500
        500 http://gb.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages
        100 /var/lib/dpkg/status
     2.2.9-1build1 500
        500 http://gb.archive.ubuntu.com/ubuntu focal/main amd64 Packages

This is due to using xmltodict with its default namespace separator ':', which is problematic for the new expat library. https://github.com/libexpat/libexpat/issues/572 has more details and more importantly, seems to be recommending that xmltodict itself should change or the applications using xmltodict (like OpenLEADR).

This PR is to specify a different namespace separator for xmltodict (' '). This seems to fix the problem but I have not tested thoroughly.

robertcragie avatar Mar 03 '22 10:03 robertcragie

@robertcragie I would like to bring this pull request to your attention: https://github.com/libexpat/libexpat/pull/577

hartwork avatar Mar 04 '22 19:03 hartwork

Is a resolution for this issue still being actively worked? I just tried deploying a VTN app to a Linux container on Azure App Service and got an error related to Expat when I tried to ping the app with a VEN.

adanaher avatar Aug 23 '22 20:08 adanaher

@adanaher you asking with regard to openleadr-python or Expat? Expat >=2.4.7 has a fix.

hartwork avatar Aug 23 '22 21:08 hartwork

@hartwork I'm asking in regard to openleadr. Is there a way to use the newer patched version of Expat with openleadr?

adanaher avatar Aug 24 '22 13:08 adanaher

@adanaher that's probabably a question of the underlying Docker image or Linux distro release in your context, a question of environment. How and where are you installing openleadr-python?

hartwork avatar Aug 24 '22 13:08 hartwork

@hartwork I'm installing openleadr-python on an Azure App Service linux container, which is running Debian 10.

adanaher avatar Aug 24 '22 14:08 adanaher

@adanaher have you checked your installed version of package libexpat1 using apt-cache policy libexpat1 in the image? Debian 10 is buster and has 2.2.6-2+deb10u4 with change log entry "lib: Relax fix to CVE-2022-25236 with regard to RFC 3986 URI characters" available. If you have enabled repository buster-security and the image has the latest security updates applied, then buster could be functioning with Expat 2.2.6-2+deb10u4 in theory. If you have a different version, then that's the cause.

hartwork avatar Aug 24 '22 14:08 hartwork

@hartwork I was able to install version 2.2.6-2+deb10u4. Should that in theory fix the problem?

adanaher avatar Aug 24 '22 16:08 adanaher

@hartwork I was able to install version 2.2.6-2+deb10u4. Should that in theory fix the problem?

@adanaher I would expect so, yes.

hartwork avatar Aug 24 '22 21:08 hartwork

@hartwork Thanks so much for all of the help. I ended up having to create a custom Docker container running on App Service to get it working successfully.

adanaher avatar Aug 26 '22 16:08 adanaher