mirror of
https://github.com/openwrt/packages.git
synced 2026-05-31 23:12:02 +08:00
python-installer: bump to 1.0.1
1.0.1 fixes a false-positive path-traversal check in destinations.py: the 1.0.0 code used Path.resolve() to validate that each installed file stays within the --destdir, but Path.resolve() follows symlinks. OpenWrt's staging dir and toolchain directories contain many symlinks, so resolved paths could escape the destdir comparison and trigger: ValueError: Attempting to write <file> outside of the target directory 1.0.1 replaces Path.resolve() with os.path.abspath(), which normalises the path without following symlinks, eliminating the false positive. Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
This commit is contained in:
Alexandru Ardelean
committed by
Alexandru Ardelean
Alexandru Ardelean
parent
22cf551ffd
commit
dc83108af4
@@ -8,11 +8,11 @@
|
||||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=python-installer
|
||||
PKG_VERSION:=1.0.0
|
||||
PKG_VERSION:=1.0.1
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PYPI_NAME:=installer
|
||||
PKG_HASH:=c6d691331621cf3fec4822f5c6f83cab3705f79b316225dc454127411677c71f
|
||||
PKG_HASH:=052c7fc3721d54c696e2dea019be67539d7b144e924f559f54beb3121831c364
|
||||
|
||||
PKG_LICENSE:=MIT
|
||||
PKG_LICENSE_FILES:=LICENSE
|
||||
|
||||
Reference in New Issue
Block a user