aiosignal is a small aio-libs helper that provides a Signal class for
fan-out of coroutine callbacks. Its only practical use is as a runtime
dependency of aiohttp, which is not packaged in this repository, and no
other package here declares aiosignal as a runtime or build dependency.
Drop the package; users who pull in aiohttp via pip on the target will
get aiosignal as a transitive dependency anyway.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Exercise anyio end-to-end with the structured-concurrency example
from the upstream "Creating and managing tasks" docs: spawn 5 child
tasks via create_task_group(), each appending to a shared list, then
verify all completed.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Previous test.sh only confirmed the import smoke check. Add a $2
version check, assert MODE_* constants are distinct ints, and exercise
the loader's error paths (missing file, non-MMDB temp file).
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
maxminddb 3.x switched to PEP 517 with build-system.requires including
setuptools-scm, so the wheel build now fails with "ERROR Missing
dependencies: setuptools-scm". Wire it into PKG_BUILD_DEPENDS and bump.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
zipp is a small backport / forward-port of zipfile.Path, originally
useful when zipfile.Path was new in stdlib (Python 3.8). With the
python3 package now tracking 3.14, zipfile.Path covers what
zipp.Path exposes, and no other package in this repository declares
zipp as a runtime or build dependency.
Drop the package to remove the dead weight; users who still need it
can install it via pip on the target.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Removing the ncursesw path from include avoids seeing the wide-char
version of ncurses, so the host build picks up the narrow static lib
that the OpenWrt SDK stages. To keep that pin from leaking back in
through other curses headers the build host may have under
/usr/include, also force every header check in Python's configure.ac
AC_CHECK_HEADERS(curses.h ncurses.h ncursesw/ncurses.h
ncursesw/curses.h ncursesw/panel.h panel.h) line to "no" via cached
ac_cv_header_* variables.
The narrow ncursesw_* trio was enough on the original reporter's
host; Jan Kardell's review of the first cut hit a build where
`/usr/include/curses.h` and `/usr/include/ncurses.h` from the
distro's libncurses-dev were still being picked up. Adding the
non-wide entries (and panel.h for symmetry, in case a host also
ships /usr/include/panel.h alone) makes the override insensitive to
whichever curses dev packages the host distro happens to provide.
Reported-by: Jan Kardell <jan.kardell@telliq.com>
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
This is the latest 3.14.x point release with assorted bug fixes
from upstream. PYTHON3_PIP_VERSION is bumped from 26.0.1 to 26.1.1
to match the pip wheel bundled in the 3.14.5 source tarball; the
host build's ensurepip lookup of pip-$(PYTHON3_PIP_VERSION).whl
otherwise fails. The set of OpenWrt-side patches still applies
against the new source; only quilt context-line offsets needed
refreshing for the patches that touch Makefile.pre.in.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Bump from 46.0.7 to the current 48.0.0 release. Notable upstream
changes since 46.0.7:
- 48.0.0 drops Python 3.8 support (requires 3.9+); raises
Py_LIMITED_API floor to 0x030900f0.
- Adds ML-KEM / ML-DSA post-quantum primitives via OpenSSL 3.5.0+
(in addition to existing AWS-LC / BoringSSL paths).
- BACKWARDS INCOMPATIBLE: stricter X.509 CRL signature-algorithm
matching (mismatched inner/outer algs now raise ValueError at parse
time).
- Drops 32-bit Windows wheels and ships macOS only on arm64.
Replace the old downstream cross-compile fix with a backport of the
upstream-merged version from pyca/cryptography PR #14904
(commit 5d072cb2a685, scheduled for the release after 48.0.0).
Release notes:
https://cryptography.io/en/latest/changelog/#v48-0-0
Fixes: https://github.com/openwrt/packages/issues/29521
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
When python3 -m build is invoked during host-compile, it fails with:
/builder/staging_dir/hostpkg/bin/python3.14: No module named build
The package's HOST_BUILD_DEPENDS only pulled in python3 and
python-packaging, missing the actual host tooling for the new
pyproject build flow:
- python-build : provides the 'build' module itself
- python-installer : installs the resulting wheel
- python-wheel : wheel format support
- python-flit-core : marshmallow's declared build-backend
(build-backend = "flit_core.buildapi" in
pyproject.toml)
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
The three CLI helpers shipped by python3-argcomplete
(activate-global-python-argcomplete, register-python-argcomplete,
python-argcomplete-check-easy-install-script) don't accept a --version
flag and emit no PKG_VERSION string in their usage output. With all
three executables missing the version, the generic CI test stage
fails with "No executables in the package provided version 3.6.3".
Add a test-version.sh that emits a line containing PKG_VERSION so the
framework's "Version check override" passes. The existing test.sh
already exercises the Python module import.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
New features (pipx 1.12.0):
- Add --fetch-python / PIPX_FETCH_PYTHON env var (always|missing|never)
to control standalone Python interpreter downloads
- Add opt-in "uv" backend: pipx can now use "uv venv" and "uv pip" for
managing virtual environments
* When "uv" is on PATH, defaults to using uv for NEW venvs
* Existing venvs keep their recorded backend (pip or uv)
* Set PIPX_DEFAULT_BACKEND=pip to force pip even with uv available
* pipx install pip always uses the pip backend (uv venvs have no pip)
Deprecations:
- --fetch-missing-python and PIPX_FETCH_MISSING_PYTHON deprecated;
use --fetch-python=missing or PIPX_FETCH_PYTHON=missing instead
Changelog:
https://github.com/pypa/pipx/releases/tag/1.12.0
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Fixes:
- Moved "headers" input type back to Mapping to avoid invariance issues
with MutableMapping and inferred dict types.
Users calling Request.headers.update() may need to narrow typing in code
(Closes#7441).
Security:
- CVE-2026-25645: Fixed extract_zipped_paths to extract contents to
a non-deterministic temp directory, to prevent malicious file replacement.
Does not affect default usage of Requests, only apps calling this utility
directly.
Changelog:
https://github.com/psf/requests/releases/tag/v2.34.2
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Fixes (click 8.3.3):
- Fix help strings for "help_option_names" that do not contain "-"
- Help string generation now properly handles option names with dashes
Changelog:
https://github.com/pallets/click/releases
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Add source packages and library to version check overrides.
Fixes: b5d3a38e ("python3: move version checks to override")
Signed-off-by: George Sapkin <george@sapk.in>
1.0.1 fixes a false-positive path-traversal check in destinations.py:
the 1.0.0 code used Path.resolve() to validate that each installed file
stays within the --destdir, but Path.resolve() follows symlinks.
OpenWrt's staging dir and toolchain directories contain many symlinks,
so resolved paths could escape the destdir comparison and trigger:
ValueError: Attempting to write <file> outside of the target directory
1.0.1 replaces Path.resolve() with os.path.abspath(), which normalises
the path without following symlinks, eliminating the false positive.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Starlette is a lightweight ASGI framework/toolkit, which is ideal for
building async web services in Python.
Signed-off-by: George Sapkin <george@sapk.in>
Lightweight JSON-RPC 2.0 protocol implementation and asynchronous server
powered by asyncio. This library is a successor of json-rpc and written
by the same team.
Signed-off-by: George Sapkin <george@sapk.in>
micropython-lib is a companion repository to micropython, versioned in
lockstep. Both are now at 1.28.0 (released 2026-04-06).
The 001-build-unix-ffi.patch remains needed as the upstream has not yet
incorporated the --unix-ffi argument into the tools/build.py script.
test.sh:
- micropython-lib: verify stdlib-replacement modules (collections,
functools, base64) can be imported via the /usr/lib/micropython path
- micropython-lib-unix: verify the micropython-unix wrapper script exists
and that sqlite3/select are importable via the unix-ffi path
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changes since 1.27.0:
- New machine.CAN class with bindings for the stm32 port; support across
all ports to follow
- machine.PWM support added to stm32 and alif ports, completing coverage
of all Tier 1/2 MCU-based ports
- Template strings (t-strings, PEP 750) added at the "full feature" level
- weakref module added with weakref.ref and weakref.finalize classes
- f-strings now support nested f-strings within expressions
- Optimisations to native emitter; new RISC-V Zcmp arch flag for RV32
- extmod.mk: add extmod/machine_can.c (shifts the mbedtls hunk by 1 line;
update 040-extmod-use-external-mbedtls.patch accordingly)
micropython-lib is updated in lockstep in a separate commit.
Ref: https://github.com/micropython/micropython/releases/tag/v1.28.0
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Flup was heavily used in downstream distribution (Turris OS)
for their Web UI - reForis. Since there are no other
dependent packages in this repository, Flup is no longer needed.
The package appears to be abandoned and is no longer maintained
The latest version dates back to 2009.
It was previously required for Seafile.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Changes in 3.10:
- improve semanage man pages: add examples for -r RANGE flag usage
- semanage: reset active value when deleting boolean customizations
- various libsemanage/libsepol bug fixes and security hardening
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
The pyproject.toml for zope.event 6.1 specifies a strict build
dependency of setuptools>=78.1.1,<81. We currently package
setuptools>=81, causing pip to report a missing dependency and
fail the build.
Add patch 001-relax-setuptools-version.patch to drop the <81 upper
bound, allowing the package to build with any recent setuptools.
Add test.sh to verify the installed version and exercise the core
event API (subscribers list, notify(), event dispatch).
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Alexandru Ardelean