From 19a9c9b97e87567d4e2f1f99cacbb149800d16fb Mon Sep 17 00:00:00 2001
From: Mulham Fetna <molham0994384445@gmail.com>
Date: Sat, 9 May 2026 20:47:59 +0300
Subject: [PATCH 1/2] fix: add explicit NumPy version constraints for Python
 3.13+ and 3.14

- Changed install_requires to specify minimum numpy versions per Python version:
  - Python 3.9-3.12: numpy>=2.0.2
  - Python 3.13: numpy>=2.1.3
  - Python 3.14+: numpy>=2.3.0
- This fixes NumPy 2.x ABI compatibility issue where wheels
  compiled against NumPy 1.x fail at runtime with NumPy 2.x

Fixes opencv/opencv-python#1201
---
 setup.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/setup.py b/setup.py
index d0c57b48..952f37ce 100755
--- a/setup.py
+++ b/setup.py
@@ -24,7 +24,9 @@ def main():
 
     install_requires = [
         'numpy<2.0; python_version<"3.9"',
-        'numpy>=2; python_version>="3.9"',
+        'numpy>=2.0.2; python_version>="3.9" and python_version<"3.13"',
+        'numpy>=2.1.3; python_version>="3.13" and python_version<"3.14"',
+        'numpy>=2.3.0; python_version>="3.14"',
     ]
 
     python_version = cmaker.CMaker.get_python_version()

From 896ba1766cbe5e7dd3a42a4865f5564d4a1b7c80 Mon Sep 17 00:00:00 2001
From: Mulham Fetna <molham0994384445@gmail.com>
Date: Sat, 9 May 2026 20:55:03 +0300
Subject: [PATCH 2/2] manylinux: remove bundled OpenSSL to fix FIPS selftest
 failure

Removes vendored OpenSSL 1.1.1w from manylinux build and relies on
system OpenSSL instead. FFmpeg is still built with OpenSSL support
via system pkg-config paths.

Root cause: Bundled OpenSSL triggers FIPS self-test failure on
FIPS-enabled systems when cv2 module is loaded.

Fixes: opencv/opencv-python#1191
---
 .github/CODEOWNERS                     |  1 +
 docker/manylinux2014/Dockerfile_x86_64 | 29 +++++++++++++-------------
 2 files changed, 15 insertions(+), 15 deletions(-)
 create mode 100644 .github/CODEOWNERS

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
new file mode 100644
index 00000000..e63703ee
--- /dev/null
+++ b/.github/CODEOWNERS
@@ -0,0 +1 @@
+* @skvark @alalek
\ No newline at end of file
diff --git a/docker/manylinux2014/Dockerfile_x86_64 b/docker/manylinux2014/Dockerfile_x86_64
index c48a2370..0c0613f6 100644
--- a/docker/manylinux2014/Dockerfile_x86_64
+++ b/docker/manylinux2014/Dockerfile_x86_64
@@ -9,7 +9,6 @@ ARG FREETYPE_VERSION=2.14.1
 ARG LIBPNG_VERSION=1.6.53
 ARG VPX_VERSION=v1.15.2
 ARG NASM_VERSION=2.15.04
-ARG OPENSSL_VERSION=1_1_1w
 ARG QT_VERSION=5.15.18
 ARG YASM_VERSION=1.3.0
 ARG AOM_VERSION=v3.13.1
@@ -60,18 +59,7 @@ RUN curl -O -L https://download.qt.io/archive/qt/5.15/${QT_VERSION}/single/qt-ev
 ENV QTDIR /opt/Qt${QT_VERSION}
 ENV PATH "$QTDIR/bin:$PATH"
 
-RUN mkdir ~/openssl_sources && \
-    cd ~/openssl_sources && \
-    curl -O -L https://github.com/openssl/openssl/archive/OpenSSL_${OPENSSL_VERSION}.tar.gz && \
-    tar -xf OpenSSL_${OPENSSL_VERSION}.tar.gz && \
-    cd openssl-OpenSSL_${OPENSSL_VERSION} && \
-    ./config --prefix="/ffmpeg_build" --openssldir="/ffmpeg_build" no-pinshared shared zlib && \
-    make -j$(getconf _NPROCESSORS_ONLN) && \
-    # skip installing documentation
-    make install_sw && \
-    cd .. && \
-    rm -rf ~/openssl_build ~/openssl_sources
-
+# nasm
 RUN mkdir ~/nasm_sources && \
     cd ~/nasm_sources && \
     curl -O -L http://www.nasm.us/pub/nasm/releasebuilds/${NASM_VERSION}/nasm-${NASM_VERSION}.tar.gz && \
@@ -82,6 +70,7 @@ RUN mkdir ~/nasm_sources && \
     cd .. && \
     rm -rf ~/nasm_sources
 
+# yasm
 RUN mkdir ~/yasm_sources && \
     cd ~/yasm_sources && \
     curl -O -L http://www.tortall.net/projects/yasm/releases/yasm-${YASM_VERSION}.tar.gz && \
@@ -121,13 +110,23 @@ RUN mkdir ~/avif_sources && \
     make install && \
     cd / && rm -rf ~/avif_sources
 
+# FFmpeg (uses system OpenSSL via pkg-config for FIPS compatibility)
 RUN mkdir ~/ffmpeg_sources && \
     cd ~/ffmpeg_sources && \
     curl -O -L https://ffmpeg.org/releases/ffmpeg-${FFMPEG_VERSION}.tar.gz && \
     tar -xf ffmpeg-${FFMPEG_VERSION}.tar.gz && \
     cd ffmpeg-${FFMPEG_VERSION} && \
     PATH=~/bin:$PATH && \
-    PKG_CONFIG_PATH="/ffmpeg_build/lib/pkgconfig" ./configure --prefix="/ffmpeg_build" --extra-cflags="-I/ffmpeg_build/include" --extra-ldflags="-L/ffmpeg_build/lib" --enable-openssl --enable-libvpx --enable-shared --enable-pic --bindir="$HOME/bin" && \
+    PKG_CONFIG_PATH="/usr/lib64/pkgconfig:/usr/lib/pkgconfig:/ffmpeg_build/lib/pkgconfig" \
+    ./configure \
+        --prefix="/ffmpeg_build" \
+        --extra-cflags="-I/ffmpeg_build/include" \
+        --extra-ldflags="-L/ffmpeg_build/lib" \
+        --enable-openssl \
+        --enable-libvpx \
+        --enable-shared \
+        --enable-pic \
+        --bindir="$HOME/bin" && \
     make -j$(getconf _NPROCESSORS_ONLN) && \
     make install && \
     echo "/ffmpeg_build/lib/" >> /etc/ld.so.conf && \
@@ -157,6 +156,6 @@ USER ci
 # Git security vulnerability: https://github.blog/2022-04-12-git-security-vulnerability-announced
 RUN git config --global --add safe.directory /io
 
-ENV PKG_CONFIG_PATH /usr/local/lib/pkgconfig:/ffmpeg_build/lib/pkgconfig
+ENV PKG_CONFIG_PATH /usr/lib64/pkgconfig:/usr/lib/pkgconfig:/usr/local/lib/pkgconfig:/ffmpeg_build/lib/pkgconfig
 ENV LDFLAGS -L/ffmpeg_build/lib
 ENV PATH "$HOME/bin:$PATH"