Changelog: https://github.com/django/asgiref/blob/main/CHANGELOG.txt
Multiple minor/patch releases since 3.7.2 with bug fixes and
Python 3.13+ compatibility improvements. Resets PKG_RELEASE to 1.
Add test.sh to verify async_to_sync and sync_to_async adapters.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Refresh all patches for pip 26.0.1:
- 001 (pyproject-hooks-pyc-fix): vendored pyproject_hooks switched
from single to double quotes and multiline block format; restructure
to minimal diff (keep unchanged context lines as context)
- 002 (pip-runner-pyc-fix): get_runnable_pip() shifted ~20 lines;
Set[str] -> set[str] in trailing context; refresh offsets
- 003 (disable-pip-version-check): option definition moved ~174 lines;
refresh line number
pip 26 also dropped the version-specific binary (e.g. pip3.14).
Update the install rule to use pip3 as the primary binary and
symlink pip/pip$(VERSION) to it.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Update to 3.11.8 to fix the build error with Python 3.14
```
--- stderr
error: the configured Python interpreter version (3.14) is newer than PyO3's maximum supported version (3.13)
= help: please check if an updated version of PyO3 is available. Current version: 0.23.0-dev
= help: set PYO3_USE_ABI3_FORWARD_COMPATIBILITY=1 to suppress this check and build anyway using the stable ABI
warning: build failed, waiting for other jobs to finish...
💥 maturin failed
```
orjson imports uuid.py at module init to look up uuid.UUID type;
python3-uuid is a separate package not included in python3-light,
causing a segfault when python3-uuid is absent. Add it as an explicit
dependency to fix the crash on all architectures.
Crash is:
```
importing orjson...
Fatal Python error: Segmentation fault
Current thread 0xecf37c64 [python3] (most recent call first):
File "<frozen importlib._bootstrap>", line 491 in _call_with_frames_removed
File "<frozen importlib._bootstrap_external>", line 1061 in exec_module
File "<frozen importlib._bootstrap>", line 938 in _load_unlocked
File "<frozen importlib._bootstrap>", line 1342 in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 1371 in _find_and_load
File "/usr/lib/python3.14/site-packages/orjson/__init__.py", line 8 in <module>
File "<frozen importlib._bootstrap>", line 491 in _call_with_frames_removed
File "<frozen importlib._bootstrap_external>", line 759 in exec_module
File "<frozen importlib._bootstrap>", line 938 in _load_unlocked
File "<frozen importlib._bootstrap>", line 1342 in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 1371 in _find_and_load
File "<stdin>", line 5 in <module>
Current thread's C stack trace (most recent call first):
<cannot get C stack on this system>
Segmentation fault (core dumped)
Test failed
```
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
When upgrading specific packages manually, like:
apk upgrade bind-dig
the bind-libs package is not upgraded automatically, which results in
problems when running the program, for example:
root@OpenWrt:~# dig
Error loading shared library libisc-9.20.10.so: No such file or directory (needed by /usr/bin/dig)
Error loading shared library libdns-9.20.10.so: No such file or directory (needed by /usr/bin/dig)
Error loading shared library libisccfg-9.20.10.so: No such file or directory (needed by /usr/bin/dig)
Error relocating /usr/bin/dig: cfg_map_getname: symbol not found
Error relocating /usr/bin/dig: irs_resconf_getndots: symbol not found
Error relocating /usr/bin/dig: isc_managers_destroy: symbol not found
Error relocating /usr/bin/dig: dns_fixedname_init: symbol not found
Error relocating /usr/bin/dig: isc_nm_read: symbol not found
Error relocating /usr/bin/dig: dns_rdata_init: symbol not found
Error relocating /usr/bin/dig: isc_random_uniform: symbol not found
[...]
This has happened to me twice on OpenWRT 24.10.
To fix this, enforce that the version of bind-libs matches the version
of any dependent packages. Use the same approach as in
net/knot/Makefile: make the dependency be present twice, once in the
DEPENDS variable, the other one in the EXTRA_DEPENDS variable.
Also, add an explicit EXTRA_DEPENDS variable to other internal
dependencies. For example, versions of the bind-server-filter-aaaa and
bind-server packages must match.
Tested on snapshot, on x86/64.
Signed-off-by: Mateusz Jończyk <mat.jonczyk@o2.pl>
* removed needless fork/exec calls (#29010)
* removed needless eval calls
* added parallel country and ASN feed downloads (#29010)
* rework the IP monitor:
* IP extraction, counting, and threshold detection now run
entirely inside a single gawk process
* added a dynamic cache management and a three-tier IP deduplication
* added asynchronous/non-blocking RDAP requests
* hardend the cgi script and mail template
* fixed#28998
* LuCI: added more status information
* LuCI: more fixes & optimizations (e.g. #8486)
* readme update
Co-authored-by: Colin Brown <devs@coralesoft.nz>
Signed-off-by: Dirk Brenken <dev@brenken.org>
This software seems no longer maintained.
The latest upstream commit is 11 years ago,
and no package depends on this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
When we updated the zabbix agent to use username zabbix-agent
we neglected to update ubus acls for zabbix-extra-network.
Therefore update the username for the network and wifi acls.
Will close#29058 once backported to 25.12.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
Major version bump from 11.0.3 to 16.0. The legacy API
(websockets.legacy.*) was removed in 14.0; the current public
API (connect/serve in websockets.asyncio.*) is stable and
backward-compatible since 12.0. Add test.sh that verifies core
imports (frames, http11, datastructures).
Changelog: https://websockets.readthedocs.io/en/stable/changelog.html
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changelog: https://github.com/kislyuk/argcomplete/blob/develop/CHANGES.rst
Feature and bug fix releases since 3.2.1, including improvements to
shell completion and compatibility updates.
Switch build system from setuptools+setuptools_scm to hatchling+hatch-vcs
(upstream changed in 3.3.0). Remove now-obsolete 001-unpin-setuptools.patch.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Update package to 2.1.0. This is a major version bump with API changes
including new callback signatures.
Add PYPI_SOURCE_NAME since PyPI switched sdist filename to use
underscores (paho_mqtt-2.1.0.tar.gz).
Add PKG_BUILD_DEPENDS for python-hatchling since upstream switched
build backend from setuptools to hatchling.
Add test.sh to verify basic client functionality.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Current description is getting
cut off and is formatted incorrectly
in LuCI when viewing packages.
Rewrote description to shorten,
correct and provide a more
concise description that will
work in LuCI.
Signed-off-by: Joshua Criss <owlsy@outlook.com.au>
This is a security release.
Notable Changes
* (CVE-2026-21637) wrap SNICallback invocation in try/catch (Matteo Collina) - High
* (CVE-2026-21710) use null prototype for headersDistinct/trailersDistinct (Matteo Collina) - High
* (CVE-2026-21713) use timing-safe comparison in Web Cryptography HMAC (Filip Skokan) - Medium
* (CVE-2026-21714) handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) - Medium
* (CVE-2026-21717) test array index hash collision (Joyee Cheung) - Medium
* (CVE-2026-21715) add permission check to realpath.native (RafaelGSS) - Low
* (CVE-2026-21716) include permission check on lib/fs/promises (RafaelGSS) - Low
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Changelog: https://github.com/python-poetry/poetry-core/releases/tag/2.3.2
Changes include:
- Fix handling of PEP 440 post-releases in version constraints
- Minor bug fixes and internal improvements
Add test.sh to validate basic version parsing and constraint evaluation.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
The 0001-distutils-use-python-sysroot.patch was written against an
older setuptools where the build_ext LIBDIR yield had less indentation.
In 82.0.1, a z/OS platform check wrapped the code adding an extra
indentation level. Regenerate the patch against the actual 82.0.1 source.
Signed-off-by: Alexandru Ardelean <alex@mesatop.com>
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Starting with 46.x, cryptography switched its build backend from
setuptools-rust to maturin. Update PKG_BUILD_DEPENDS accordingly:
replace python-setuptools-rust/host with python-maturin/host and
python-setuptools/host (setuptools is still required by cffi).
Drop 001-Update-ouroboros.patch: the ouroboros crate is no longer a
dependency in 46.x, so the patch (which bumped it from 0.15 to 0.18
to fix RUSTSEC-2023-0042) no longer applies.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Required by python-maturin as a build dependency (maturin >= 1.12.6
requires setuptools-rust >= 1.11.0).
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Needed by python-cryptography 46.x, which switched its build backend
from setuptools-rust to maturin (requires maturin >= 1.9.4).
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
When Python3 was updated via commit 97a92f2e7 , distutils was
disappeared from Python3 and moved to setuptools.
So that patch should have moved here as well.
This should fix all packages which still use the 'build_ext'
module from setuptools.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
As we're seeing in various test.sh scrip runs, importing 'email' fails
with not finding 'urllib' and vice-versa.
Then via a7e96ec91 ("python3-email: add python3-urllib as dependency")
I created a circular dependency.
So, might as well merge the two packages into one (named python3-urllib)
and updates all dependencies to pull python3-urllib.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
The python3-pkg-resources package does not exist in OpenWrt.
The only distutils/setuptools usage in fail2ban 1.1.0 is in
filterpyinotify.py and filtersystemd.py, both of which are
optional backends not available on OpenWrt. They are loaded
lazily via ImportError-guarded calls and the default auto
backend falls through to polling without them.
Also add test.sh with basic import and CLI smoke test.
Add me as maintainer.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Fix dependency with python3-pkg-resources (it got removed).
And add test.sh
- Bump from 4.5.1 to 4.6.0
- Drop python3-pkg-resources dependency: setools uses
'from importlib import resources as pkg_resources' which is stdlib,
not the external pkg_resources package
- Update 010-no-gui.patch: pyproject.toml now manages script-files and
package-data (was setup.py in 4.5.1); rewrite patch to target it
- Update 030-remove-host-paths.patch: lib_dirs now uses list[str] type
hint; fix hunk header line numbers to match new upstream layout
- Add test.sh: verify core query classes (SELinuxPolicy, BoolQuery,
TypeQuery, RoleQuery, UserQuery) are accessible
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
cpe:/a:beep_project:beep is the correct CPE ID for beep:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:beep_project:beep
Indeed, spkr-beep is a fork of https://github.com/johnath/beep as
clearly stated in README.md: "This version of beep has been forked from
Johnathan Nightingales' original beep when johnath/beep#11 required
fixes in 2018, while Johnathan Nightingales' github.com/johnath/beep/
and johnath.com/beep/ was only maintained from around 2000 until around
2013.
So, it is still appropriate to use beep_project:beep CPE ID since the
code base remains the same and no new CPE has been assigned to the fork
(as there have been no new CVEs since 2018).
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
The LMDB shared library (liblmdb.so) does not currently have a SONAME
set, which can cause issues when linking against it. Specifically, when
an object is linked against the library using its absolute path (for
example, in Meson builds), that path (as seen in the build environment)
is stored in the resulting object's DT_NEEDED entry. This can prevent
the library from being found during runtime linking. Set the SONAME to
liblmdb.so to ensure proper runtime linking.
Signed-off-by: Michał Kępień <michal@isc.org>
