python-installer: bump to 1.0.1

1.0.1 fixes a false-positive path-traversal check in destinations.py:
the 1.0.0 code used Path.resolve() to validate that each installed file
stays within the --destdir, but Path.resolve() follows symlinks.
OpenWrt's staging dir and toolchain directories contain many symlinks,
so resolved paths could escape the destdir comparison and trigger:

  ValueError: Attempting to write <file> outside of the target directory

1.0.1 replaces Path.resolve() with os.path.abspath(), which normalises
the path without following symlinks, eliminating the false positive.

Signed-off-by: Alexandru Ardelean <redacted>

diff --git a/lang/python/python-installer/Makefile b/lang/python/python-installer/Makefile
index 604bbe934e2104a8d69fe069234df1f02fb3231a..02c879553d592184ebf24f26963237714de5b894 100644 (file)
--- a/lang/python/python-installer/Makefile
+++ b/lang/python/python-installer/Makefile
@@ -8,11 +8,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=python-installer
-PKG_VERSION:=1.0.0
+PKG_VERSION:=1.0.1
 PKG_RELEASE:=1
 
 PYPI_NAME:=installer
-PKG_HASH:=c6d691331621cf3fec4822f5c6f83cab3705f79b316225dc454127411677c71f
+PKG_HASH:=052c7fc3721d54c696e2dea019be67539d7b144e924f559f54beb3121831c364
 
 PKG_LICENSE:=MIT
 PKG_LICENSE_FILES:=LICENSE