Bug#1131610: trixie-pu: package pymupdf/1.25.4+ds1-3~bpo13+1

Thu, 14 May 2026 06:17:44 -0700 

Hi,

On Mon, 23 Mar 2026 00:05:04 +0100 Bastian Germann <[email protected]> wrote:

[ Tests ]
New unit tests introduced with the upstream change.



The test seems to fail. Should we be worried? (I think not, but better 
safe than sorry).


Paul

https://ci.debian.net/packages/p/pymupdf/stable/amd64/71236606/

140s     def test_4767():
140s         '''
140s         Check handling of unsafe paths in `pymupdf embed-extract`.
140s         '''
140s         with pymupdf.open() as document:
140s             document.new_page()
140s             document.embfile_add(
140s                     'evil_entry',
140s                     b'poc:traversal test\n',
140s                     filename="../../test.txt",
140s                     ufilename="../../test.txt",
140s                     desc="poc",
140s                     )
140s             document.embfile_add(
140s                     'evil_entry2',
140s                     b'poc:traversal test\n',
140s                     filename="test2.txt",
140s                     ufilename="test2.txt",
140s                     desc="poc",
140s                     )

140s             path = 
os.path.abspath(f'{__file__}/../../tests/test_4767.pdf')

140s             document.save(path)

140s         testdir = 
os.path.abspath(f'{__file__}/../../tests/test_4767_dir').replace('\\', '/')

140s         shutil.rmtree(testdir, ignore_errors=1)
140s         os.makedirs(f'{testdir}/one/two', exist_ok=1)
140s
140s         def run(command, *, check=0, capture=1):
140s             print(f'Running: {command}')
140s             cp = subprocess.run(
140s                     command, shell=1,
140s                     text=1,
140s                     check=check,
140s                     stdout=subprocess.PIPE if capture else None,
140s                     stderr=subprocess.STDOUT if capture else None,
140s                     )
140s             print(cp.stdout)
140s             return cp
140s
140s         def get_paths():
140s             paths = list()
140s             for dirpath, dirnames, filenames in os.walk(testdir):
140s                 for filename in filenames:
140s                     path = f'{dirpath}/{filename}'.replace('\\', '/')
140s                     paths.append(path)
140s             return paths
140s

140s         cp = run(f'cd {testdir}/one/two && {sys.executable} -m 
pymupdf embed-extract {path} -name evil_entry')

140s         print(cp.stdout)
140s         assert cp.returncode

140s >       assert cp.stdout == 'refusing to write stored name outside 
current directory: ../../test.txt\n'
140s E       AssertionError: assert '<frozen impo..._ attribute\n' == 
'refusing to ...../test.txt\n'

140s E

140s E         + <frozen importlib._bootstrap>:488: DeprecationWarning: 
builtin type SwigPyPacked has no __module__ attribute
140s E         + <frozen importlib._bootstrap>:488: DeprecationWarning: 
builtin type SwigPyObject has no __module__ attribute
140s E         + <frozen importlib._bootstrap>:488: DeprecationWarning: 
builtin type swigvarlink has no __module__ attribute
140s E           refusing to write stored name outside current 
directory: ../../test.txt
140s E         + <sys>:0: DeprecationWarning: builtin type swigvarlink 
has no __module__ attribute





Attachment:
OpenPGP_signature.asc

Description: OpenPGP digital signature






















					Reply via email to