From dc83108af4f09474eef54c7df4633c9714184dd7 Mon Sep 17 00:00:00 2001
From: Alexandru Ardelean <alex@shruggie.ro>
Date: Fri, 15 May 2026 16:33:46 +0300
Subject: [PATCH] python-installer: bump to 1.0.1

1.0.1 fixes a false-positive path-traversal check in destinations.py:
the 1.0.0 code used Path.resolve() to validate that each installed file
stays within the --destdir, but Path.resolve() follows symlinks.
OpenWrt's staging dir and toolchain directories contain many symlinks,
so resolved paths could escape the destdir comparison and trigger:

  ValueError: Attempting to write <file> outside of the target directory

1.0.1 replaces Path.resolve() with os.path.abspath(), which normalises
the path without following symlinks, eliminating the false positive.

Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
---
 lang/python/python-installer/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lang/python/python-installer/Makefile b/lang/python/python-installer/Makefile
index 604bbe934e..02c879553d 100644
--- a/lang/python/python-installer/Makefile
+++ b/lang/python/python-installer/Makefile
@@ -8,11 +8,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=python-installer
-PKG_VERSION:=1.0.0
+PKG_VERSION:=1.0.1
 PKG_RELEASE:=1
 
 PYPI_NAME:=installer
-PKG_HASH:=c6d691331621cf3fec4822f5c6f83cab3705f79b316225dc454127411677c71f
+PKG_HASH:=052c7fc3721d54c696e2dea019be67539d7b144e924f559f54beb3121831c364
 
 PKG_LICENSE:=MIT
 PKG_LICENSE_FILES:=LICENSE