Bug#1131610: trixie-pu: package pymupdf/1.25.4+ds1-3~bpo13+1

Thu, 14 May 2026 07:09:16 -0700 

Hi Paul,
Interesting. The test still passes during the package build. It is the `|export PYTHONWARNINGS=d|` that makes the behavior difference. 


In my optionion, it would be okay just to drop that line from the test 
definition. I can send a follow-up diff if you like.


Thanks,
Bastian

On 5/14/26 15:14, Paul Gevers wrote:

Hi,


On Mon, 23 Mar 2026 00:05:04 +0100 Bastian Germann <[email protected]> 
wrote:

[ Tests ]
New unit tests introduced with the upstream change.



The test seems to fail. Should we be worried? (I think not, but better 
safe than sorry).


Paul

https://ci.debian.net/packages/p/pymupdf/stable/amd64/71236606/

140s     def test_4767():
140s         '''
140s         Check handling of unsafe paths in `pymupdf embed-extract`.
140s         '''
140s         with pymupdf.open() as document:
140s             document.new_page()
140s             document.embfile_add(
140s                     'evil_entry',
140s                     b'poc:traversal test\n',
140s                     filename="../../test.txt",
140s                     ufilename="../../test.txt",
140s                     desc="poc",
140s                     )
140s             document.embfile_add(
140s                     'evil_entry2',
140s                     b'poc:traversal test\n',
140s                     filename="test2.txt",
140s                     ufilename="test2.txt",
140s                     desc="poc",
140s                     )

140s             path = 
os.path.abspath(f'{__file__}/../../tests/test_4767.pdf')

140s             document.save(path)

140s         testdir = 
os.path.abspath(f'{__file__}/../../tests/test_4767_dir').replace('\\', 
'/')

140s         shutil.rmtree(testdir, ignore_errors=1)
140s         os.makedirs(f'{testdir}/one/two', exist_ok=1)
140s
140s         def run(command, *, check=0, capture=1):
140s             print(f'Running: {command}')
140s             cp = subprocess.run(
140s                     command, shell=1,
140s                     text=1,
140s                     check=check,
140s                     stdout=subprocess.PIPE if capture else None,
140s                     stderr=subprocess.STDOUT if capture else None,
140s                     )
140s             print(cp.stdout)
140s             return cp
140s
140s         def get_paths():
140s             paths = list()
140s             for dirpath, dirnames, filenames in os.walk(testdir):
140s                 for filename in filenames:

140s                     path = f'{dirpath}/{filename}'.replace('\\', 
'/')

140s                     paths.append(path)
140s             return paths
140s

140s         cp = run(f'cd {testdir}/one/two && {sys.executable} -m 
pymupdf embed-extract {path} -name evil_entry')

140s         print(cp.stdout)
140s         assert cp.returncode

140s >       assert cp.stdout == 'refusing to write stored name 
outside current directory: ../../test.txt\n'
140s E       AssertionError: assert '<frozen impo..._ attribute\n' == 
'refusing to ...../test.txt\n'

140s E

140s E         + <frozen importlib._bootstrap>:488: 
DeprecationWarning: builtin type SwigPyPacked has no __module__ attribute
140s E         + <frozen importlib._bootstrap>:488: 
DeprecationWarning: builtin type SwigPyObject has no __module__ attribute
140s E         + <frozen importlib._bootstrap>:488: 
DeprecationWarning: builtin type swigvarlink has no __module__ attribute
140s E           refusing to write stored name outside current 
directory: ../../test.txt
140s E         + <sys>:0: DeprecationWarning: builtin type swigvarlink 
has no __module__ attribute






















					Reply via email to