Add pending patch fixing support for new LibreSSL version.
New LibreSSL version adds support for SHA3 algo but doesn't add support
for SHAKE ones. There is currently a logic error in the Python
test_hashlib that always expect both SHA3 and SHAKE algo to be present.
This logic error cause the Host Python3 to fail testing.
This patch fix the logic error and restore correct compilation of the
host package.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Explicitly disable readline and tkinter modules for host-build.
Host-build will not build if these fail.
- readline isn't a hard requirement for host-python; some minor lack of
functionality would be felt, but nothing terrible
- tkinter is also disabled on the target; but for the host-python we
don't need it either
Dropped patch: 010-no-ncursesw.patch
- Since we're disabling readline in the host build
Drop setuptools from python3 - the only reason we kept it there, was
because it was required by pip; pip is still there and seems to install and
work fine without setuptools. There's also a separate setuptools package in
openwrt anyway:
https://github.com/openwrt/packages/tree/master/lang/python/python-setuptools
Also, Python no longer installs it:
https://github.com/python/cpython/issues/95299
Drop python3-cgi - 08d5923896
Drop distutils - 0faa0ba240
Drop lib2to3 - ae00b810d1
Drop patch: 0001-Adjust-library-header-paths-for-cross-compilation.patch
- A lot of stuff has changed regarding cross-compilation; at this point
it's unclear what we need moving forward.
Drop patch: 006-do-not-add-multiarch-local-paths.patch
- setup.py went away, so no idea if this is needed anymore
Re-applied: 003-do-not-run-compileall.patch
Drop: 008-distutils-use-python-sysroot.patch
- Buildroot seems to have also dropped this; this patch is from them
Added: 09-don-t-run-profile-task-during-cross-build.patch
- For cross_compilation, running the profile-task will not work, it also
mentions this in a comment, but nobody dared to patch it yet (at least
in this release (3.13.9)
Re-applied: 026-openssl-feature-flags.patch
- This could have been dropped completely, but upstream decided to keep
scrypt on by default; for host-build this fails, because OpenWrt keeps
libressl
Drop patch: 100-gh-95855-Refactor-platform-triplet-detection-code-GH-107221.patch
- This was a backport; it probably should have been removed sooner
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
wip
In this release, there is updated setuptools, so update
it as well.
Fixes CVEs:
- CVE-2025-47273
- CVE-2024-6345
Release notes:
https://pythoninsider.blogspot.com/2025/10/python-31212-31114-31019-and-3924-are.html
Patch:
- 0001-Adjust-library-header-paths-for-cross-compilation.patch
comes from buildroot [1], but they removed it as they switched to Python 3.12,
however Python 3.11 still supports distutils, but it is marked as deprecated [2]
and it will be gone in 3.12. So, don't rebase it this time as this patch does not apply
anymore due to this commit [3] and sooner switch to more up-to-date Python3 version.
[1] b37e4a5f56
[2] https://peps.python.org/pep-0632/
[3] 88eb8cc66f
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Also bumps setuptools to version 24.0
Run tested: aarch64, Dynalink DL-WRX36, Master Branch
Maintainer: Jeffery To <jeffery.to@gmail.com>
Signed-off-by: Sean Khan <datapronix@protonmail.com>
When searching for readline, ncurses is needed, which can be ncursesw or
ncurses. Use pkgconfig to avoid the whole situation and simplify.
Also add readline/host as the OS one may be unusable.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
setuptools provides a local copy of distutils and when building a C
extension, this distutils will add the target LIBDIR (/usr/lib) to the
list of library paths.
If the build system has a libpython3.11.so in /usr/lib, then the linker
will try to link to this shared library and fail.
This adapts 008-distutils-use-python-sysroot.patch for host setuptools
to add the correct library directory.
Fixes: https://github.com/openwrt/packages/issues/22330
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Move the order in which BuildPackage is called, so that the libpython
package is built ahead of the module packages, to avoid forcing a
clean-build of the package when 'make package/python3/compile' is called
a second time without changes.
The library must be built first, so that when the buildsystem checks for
ABI version changes using libpython3.version, its timestamp should be
older than the dependent package's STAMP_PREPARED file.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This removes 014-remove-platform-so-suffix.patch and
016-adjust-config-paths.patch, restoring the platform triplet to paths
for:
* C extensions (*.cpython-311-*.so)
* Build config data directory (/usr/lib/python3.11/config-3.11-*/)
* sysconfig data file (/usr/lib/python3.11/_sysconfigdata_*.py)
Setting `_PYTHON_SYSCONFIGDATA_NAME` during package builds ensures that
sysconfig data for target Python is loaded, in particular so that C
extensions built will have the correct extension / platform triplet.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Currently, configure does not find the correct platform triplet for musl
as the default build/host values passed by OpenWrt buildroot does not
contain the text "linux-musl".
This backports
c163d7f0b6
to add detection for mips soft float and musl.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* Support wildcards in install (`+`) paths
* Add fourth parameter to set directory permissions
If file permissions are given (third parameter), these will now apply
to files only.
* Add non-recursive set permissions command (`==`)
* Be more strict about filespec format
Blank lines and lines starting with `#` will be ignored. Other errors
(unknown command, missing path parameter, etc.) will cause the script
to exit.
* Be more strict about ensuring paths exist for all commands
* Avoid spawning subshells
This also removes outdated filespec paths in the python3 package; these
paths delete files that are no longer present.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* Fix default Python package description not included in individual
package descriptions
* Update default Python package description text (from General Python
FAQ, "What is Python?")
* Add package descriptions for Python module packages
* Reduce duplication in package titles
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
There is no need to use Py3Package for python3 as it does not package
any Python files; it is an empty package with dependencies to install
the full Python installation.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Packaging setuptools from a separate source package allows it to stay
updated with upstream.
Host setuptools will remain installed as part of python3. Host
setuptools is used in a much more controlled way and so is less critical
for it to track upstream.
setuptools was in a separate source package that was removed in
a53d0c5a403d1669e2cf6c59c2be6a9d3ed633a0; this work is not based on that
earlier package.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Packaging pip from a separate source package allows it to stay updated
with upstream.
Host pip will remain installed as part of python3. Host pip is used in a
much more controlled way and so is less critical for it to track
upstream.
This also removes the python-pip-conf package and installs the pip.conf
file as part of python3-pip.
The patch 003-disable-pip-version-check.patch is originally from Debian:
bb079efb8c/debian/patches/disable-pip-version-check.patch
pip was in a separate source package that was removed in
a53d0c5a403d1669e2cf6c59c2be6a9d3ed633a0; this work is not based on that
earlier package.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This adds a new subpackage for the venv module. This also moves the
ensurepip module from python3-pip into python3-venv, as ensurepip is not
necessary for pip but often used for venv.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* Removed patches:
* 001-enable-zlib.patch: zlib module should be enabled automatically
* 007-distutils-do-not-adjust-path.patch: Not necessary since we
process shebang lines for all scripts (in python3-package.mk)
* 030-bpo-43112-detect-musl-as-a-separate-SOABI-GH-24502.patch:
Already merged
* Move configure vars from config.site back into Makefile
Centralizing all build information into one file makes it easier to
maintain
* No longer set ac_cv_header_uuid_h=yes as configure should detect
libuuid
* Order configure args by enable-/disable-/with-/without-, then
alphabetically
* Set ac_cv_working_openssl_hashlib=yes for host configure to bypass the
OpenSSL API tests with LibreSSL
* Use the default Host/Compile recipe instead of picking out specific
targets to make
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
026-openssl-feature-flags.patch and
028-host-python-support-ssl-with-libressl.patch were removed in
4ecd9d67e9 to fix the ssl module after
libressl was upgraded to 3.7.0[1].
However, the cause of the ssl module build failure was only
028-host-python-support-ssl-with-libressl.patch.
Removing 026-openssl-feature-flags.patch caused a build failure for the
hashlib module.
This restores 026-openssl-feature-flags.patch with an updated version of
the patch from OpenBSD[2].
[1]: https://github.com/openwrt/packages/issues/20107
[2]: 26a04435bf/lang/python/3.10/patches/patch-Modules__hashopenssl_c
Fixes: 4ecd9d67e9 ("python3: fix ssl support by removing libressl patches")
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This adds $(STAGING_DIR_HOST)/include/e2fsprogs to HOST_CFLAGS and
HOST_CPPFLAGS so that configure can find uuid/uuid.h.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
By default, the Python build process will add /usr/local/{lib,include},
and multiarch paths (e.g. /usr/{lib,include}/x86_64-linux-gnu) if
building on Debian/Ubuntu, to its library and includes paths.
006-remove-multi-arch-and-local-paths.patch was added in
84202f17e1 to stop the Python build
process from adding these paths.
006-remove-multi-arch-and-local-paths.patch was removed in
48277ec915.
006-do-not-add-multiarch-paths-when-cross-compiling.patch was added in
0c8b0b0bf7 to stop the Python build
process from adding these paths for target Python.
These paths are still added by the Python build process when building
host Python.
This replaces the cross-compiling-only patch with the original patch,
renamed slightly and adapted for Python 3.10.
Fixes: 48277ec915 ("python3: bump to version 3.8")
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
When doing parallel builds, host Python can install the python3 symlink
before the Python standard library is installed completely.
When this occurs, it is possible for other packages to detect the
python3 symlink and try to use host Python before it is fully installed.
This adds a patch to make commoninstall (where the standard library is
installed) a prerequisite of bininstall (where the python3 symlink is
installed), so that commoninstall is fully completed before bininstall
begins.
Patch has been submitted upstream:
https://github.com/python/cpython/pull/104693
Fixes: https://github.com/openwrt/packages/issues/19241
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The Makefile lines to add READELF to TARGET_CONFIGURE_OPTS was removed
in 4e05541782.
Without setting READELF, configure finds the symlink to
$(TARGET_CROSS)readelf (e.g. arm-openwrt-linux-readelf) instead of
$(TARGET_CROSS)readelf (e.g. arm-openwrt-linux-muslgnueabi-readelf).
This leads to the symlink name being saved to _sysconfigdata.py, and so
the readelf name is not replaced correctly (in
Py3Package/python3-base/install).
This restores the removed Makefile lines.
Fixes: 4e05541782 ("python3: bump to version 3.10.0")
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
003-do-not-run-distutils-tests.patch was removed in
4e05541782. This patch stopped "make
install" from, among other things, running compileall.
When this patch was removed, "make install" ran compileall as normal and
created bytecode files in __pycache__ directories. These files were then
packaged in python3-light.
This adds a patch to stop compileall from being run during "make
install".
Fixes: 4e05541782 ("python3: bump to version 3.10.0")
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This removes the changes made in
61f202c017 and adds actual support for
pyproject.toml-based (PEP 517) builds of Python packages.
Packages can force the use of the old build process by setting
PYTHON3_PKG_FORCE_DISTUTILS_SETUP:=1; this should only be a temporary
workaround until the package can be updated/fixed to use the new build
process.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Fixes:
https://github.com/openwrt/packages/issues/12707
Seems to work.
Looking into the 'venv' lib, it seems it's installing pip & setuptools
inside a virtual environment.
`python3-pip` is already ~6 MB.
This adds another ~3 MB.
But, this gives users the ability to run Python virtual environments, which
is a pretty common feature of Python in production cases (usually web
stuff).
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Remove libressl specific patches. With commit
("tools/libressl: update to 3.7.0") they are no longer needed,
rather they cause python3 to be compiled without working ssl-support.
Fixes: #20107
Suggested-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Nick Hainke <vincent@systemli.org>
Patch 030:
Backported from Python main branch[^1] for Python to distinguish between glibc and musl libc SOABI.
Patch 131:
Changes PLATFORM_TRIPLET -gnu/-musl suffix detection (performed by the backported patch)
to be based on the target OS instead of the building OS.
See included patches for more detailed descriptions.
Specifically this fixes cross-compilation for mpc8548 CPUs with SPE instructions[^2] enabled.
[^1]: merged to python:main as https://github.com/python/cpython/pull/24502 'bpo-43112: detect musl as a separate SOABI'
[^2]: https://www.nxp.com/docs/en/reference-manual/SPEPEM.pdf
Co-authored-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
Includes fixes for:
* Windows builds updated to bzip2 1.0.8 to mitigate CVE-2016-3189 and
CVE-2019-12900
* CVE-2022-26488: Escalation of privilege via Windows Installer
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
