"\r\n" sequences were not properly filtered when handling redirections.
This allowed an attacker to perform CRLF attacks such as HTTP header
injection:
https://github.com/bottlepy/bottle/issues/913
Python-bottle now uses setuptools instead of distutils.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit aa64e33c51)
As discussed on the list:
http://lists.busybox.net/pipermail/buildroot/2014-November/112509.html
We currently have a mix of python packages explicitly depending on python ||
python3 in their Config.in and packages that don't. As all python packages
are inside a python || python3 conditional in the main Config.in, the
explicit dependencies inside the package Config.in is redundant, so drop it
for consistency.
Automated using:
sed -i '/depends on BR2_PACKAGE_PYTHON.*PYTHON3/d' package/python-*/Config.in
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump to version 0.11.6
Add the --executable shebang fixup option to the build phase so that the
script ends with a proper #!/usr/bin/python interpeter line set.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
