python-bottle: security bump to 0.12.11

"\r\n" sequences were not properly filtered when handling redirections.
This allowed an attacker to perform CRLF attacks such as HTTP header
injection:

https://github.com/bottlepy/bottle/issues/913

Python-bottle now uses setuptools instead of distutils.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

1 files changed, 3 insertions, 3 deletions

diff --git a/package/python-bottle/python-bottle.mk b/package/python-bottle/python-bottle.mk
index ec0939890d..4757062146 100644
--- a/package/python-bottle/python-bottle.mk
+++ b/package/python-bottle/python-bottle.mk
@@ -4,11 +4,11 @@
 #
 ################################################################################
 
-PYTHON_BOTTLE_VERSION = 0.12.9
+PYTHON_BOTTLE_VERSION = 0.12.11
 PYTHON_BOTTLE_SOURCE = bottle-$(PYTHON_BOTTLE_VERSION).tar.gz
-PYTHON_BOTTLE_SITE = http://pypi.python.org/packages/source/b/bottle
+PYTHON_BOTTLE_SITE = https://pypi.python.org/packages/a1/f6/0db23aeeb40c9a7c5d226b1f70ce63822c567178eee5b623bca3e0cc3bef
 PYTHON_BOTTLE_LICENSE = MIT
 # README.rst refers to the file "LICENSE" but it's not included
-PYTHON_BOTTLE_SETUP_TYPE = distutils
+PYTHON_BOTTLE_SETUP_TYPE = setuptools
 
 $(eval $(python-package))