openwrt/packages
1
0
Fork 0
mirror of https://github.com/openwrt/packages.git synced 2026-05-31 06:51:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

python-installer: bump to 1.0.1

Browse Source 
1.0.1 fixes a false-positive path-traversal check in destinations.py:
the 1.0.0 code used Path.resolve() to validate that each installed file
stays within the --destdir, but Path.resolve() follows symlinks.
OpenWrt's staging dir and toolchain directories contain many symlinks,
so resolved paths could escape the destdir comparison and trigger:

  ValueError: Attempting to write <file> outside of the target directory

1.0.1 replaces Path.resolve() with os.path.abspath(), which normalises
the path without following symlinks, eliminating the false positive.

Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
This commit is contained in:
Alexandru Ardelean
2026-05-15 16:33:46 +03:00
committed by Alexandru Ardelean
parent 22cf551ffd
commit dc83108af4
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lang/python/python-installer/Makefile
+2 -2
View File
@@ -8,11 +8,11 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=python-installer PKG_NAME:=python-installer
PKG_VERSION:=1.0.0 PKG_VERSION:=1.0.1
PKG_RELEASE:=1 PKG_RELEASE:=1
PYPI_NAME:=installer PYPI_NAME:=installer
PKG_HASH:=c6d691331621cf3fec4822f5c6f83cab3705f79b316225dc454127411677c71f PKG_HASH:=052c7fc3721d54c696e2dea019be67539d7b144e924f559f54beb3121831c364
PKG_LICENSE:=MIT PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE PKG_LICENSE_FILES:=LICENSE