diff --git a/.gitignore b/.gitignore index 9e54463..400f4f0 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ /awscrt-0.20.2.tar.gz /pkcs11.h /awscrt-0.20.5.tar.gz +/awscrt-0.27.2.tar.gz diff --git a/der-c.patch b/der-c.patch new file mode 100644 index 0000000..80b739b --- /dev/null +++ b/der-c.patch @@ -0,0 +1,36 @@ +--- a/crt/aws-c-cal/source/der.c 2025-08-29 10:43:04.487705098 +0100 ++++ B/crt/aws-c-cal/source/der.c 2025-08-29 14:27:00.649373755 +0100 +@@ -80,21 +80,28 @@ + if (len_bytes & 0x80) { + len_bytes &= 0x7f; + switch (len_bytes) { +- case 1: +- if (!aws_byte_cursor_read_u8(cur, (uint8_t *)&len)) { ++ case 1: { ++ uint8_t len8; ++ if (!aws_byte_cursor_read_u8(cur, &len8)) { + return aws_raise_error(AWS_ERROR_CAL_MALFORMED_ASN1_ENCOUNTERED); + } ++ len = len8; + break; +- case 2: +- if (!aws_byte_cursor_read_be16(cur, (uint16_t *)&len)) { ++ } ++ case 2: { ++ uint16_t len16; ++ if (!aws_byte_cursor_read_be16(cur, &len16)) { + return aws_raise_error(AWS_ERROR_CAL_MALFORMED_ASN1_ENCOUNTERED); + } ++ len = len16; + break; +- case 4: ++ } ++ case 4: { + if (!aws_byte_cursor_read_be32(cur, &len)) { + return aws_raise_error(AWS_ERROR_CAL_MALFORMED_ASN1_ENCOUNTERED); + } + break; ++ } + default: + return aws_raise_error(AWS_ERROR_CAL_MALFORMED_ASN1_ENCOUNTERED); + } diff --git a/python-awscrt.spec b/python-awscrt.spec index 37a0b99..2920490 100644 --- a/python-awscrt.spec +++ b/python-awscrt.spec @@ -3,8 +3,8 @@ Python bindings for the AWS Common Runtime} Name: python-awscrt -Version: 0.20.5 -Release: 3%{?dist} +Version: 0.27.2 +Release: 1%{?dist} Summary: Python bindings for the AWS Common Runtime # All files are licensed under Apache-2.0, except: @@ -16,8 +16,14 @@ URL: https://github.com/awslabs/aws-crt-python Source0: %{pypi_source awscrt} -# one test requires internet connection, skip it -Patch0: skip-test-requiring-network.patch +# two tests require internet connection, skip them +Patch0: skip-tests-requiring-network.patch +# SHA1 is deprecated - remove it from tests +Patch1: skip-SHA1-in-test_crypto.patch +# https://github.com/awslabs/aws-c-cal/pull/225 +Patch2: der-c.patch +# websockets test fail fix +Patch3: websockets.patch BuildRequires: python%{python3_pkgversion}-devel @@ -28,9 +34,6 @@ BuildRequires: openssl-devel BuildRequires: python%{python3_pkgversion}-websockets -# https://bugzilla.redhat.com/show_bug.cgi?id=2180988 -ExcludeArch: s390x - %description %{desc} @@ -47,17 +50,21 @@ Summary: %{summary} %prep %autosetup -p1 -n awscrt-%{version} +# relax version requirements +sed -i -e 's/setuptools>=75\.3\.1/setuptools/' -e 's/wheel>=0\.45\.1/wheel/' pyproject.toml + +# stay compatible with websockets<13 +sed -i 's/websockets\.asyncio\.server/websockets.server/' test/test_websocket.py + +# fix for osci.rpmdeplint test - package builds with the name 'unknown' +sed -i '/setuptools\.setup(/a\ name="awscrt",' setup.py + %generate_buildrequires %pyproject_buildrequires %build -%ifarch %{ix86} -# disable SSE2 instructions to prevent a crash in aws-c-common thread handling -# probably caused by a compiler bug -export CFLAGS="%{optflags} -mno-sse2" -%endif export AWS_CRT_BUILD_USE_SYSTEM_LIBCRYPTO=1 %pyproject_wheel @@ -76,6 +83,10 @@ PYTHONPATH="%{buildroot}%{python3_sitearch}:%{buildroot}%{python3_sitelib}" %{py %changelog +* Fri Sep 05 2025 Kseniia Nivnia - 0.27.2-1 +- Update to 0.27.2 + Resolves: RHEL-113230 + * Mon Apr 29 2024 Major Hayden - 0.20.5-3 - Removing extra pkcs11 source now that upstream switched to public domain headers diff --git a/skip-SHA1-in-test_crypto.patch b/skip-SHA1-in-test_crypto.patch new file mode 100644 index 0000000..c5030c7 --- /dev/null +++ b/skip-SHA1-in-test_crypto.patch @@ -0,0 +1,58 @@ +diff --git a/test/test_crypto.py b/test/test_crypto.py +index 628900f..7f2296d 100644 +--- a/test/test_crypto.py ++++ b/test/test_crypto.py +@@ -236,15 +236,11 @@ class TestCredentials(NativeResourceTest): + + def test_rsa_signing_roundtrip(self): + param_list = [RSASignatureAlgorithm.PKCS1_5_SHA256, +- RSASignatureAlgorithm.PSS_SHA256, +- RSASignatureAlgorithm.PKCS1_5_SHA1] ++ RSASignatureAlgorithm.PSS_SHA256] + + for p in param_list: + with self.subTest(msg="RSA Signing Roundtrip using algo p", p=p): +- if (p == RSASignatureAlgorithm.PKCS1_5_SHA1): +- h = Hash.sha1_new() +- else: +- h = Hash.sha256_new() ++ h = Hash.sha256_new() + h.update(b'totally original test string') + digest = h.digest() + +@@ -257,15 +253,11 @@ class TestCredentials(NativeResourceTest): + + def test_rsa_signing_roundtrip_pkcs8(self): + param_list = [RSASignatureAlgorithm.PKCS1_5_SHA256, +- RSASignatureAlgorithm.PSS_SHA256, +- RSASignatureAlgorithm.PKCS1_5_SHA1] ++ RSASignatureAlgorithm.PSS_SHA256] + + for p in param_list: + with self.subTest(msg="RSA Signing Roundtrip using algo p", p=p): +- if (p == RSASignatureAlgorithm.PKCS1_5_SHA1): +- h = Hash.sha1_new() +- else: +- h = Hash.sha256_new() ++ h = Hash.sha256_new() + h.update(b'totally original test string') + digest = h.digest() + +@@ -275,15 +267,11 @@ class TestCredentials(NativeResourceTest): + + def test_rsa_signing_roundtrip_der(self): + param_list = [RSASignatureAlgorithm.PKCS1_5_SHA256, +- RSASignatureAlgorithm.PSS_SHA256, +- RSASignatureAlgorithm.PKCS1_5_SHA1] ++ RSASignatureAlgorithm.PSS_SHA256] + + for p in param_list: + with self.subTest(msg="RSA Signing Roundtrip using algo p", p=p): +- if (p == RSASignatureAlgorithm.PKCS1_5_SHA1): +- h = Hash.sha1_new() +- else: +- h = Hash.sha256_new() ++ h = Hash.sha256_new() + h.update(b'totally original test string') + digest = h.digest() + diff --git a/skip-test-requiring-network.patch b/skip-test-requiring-network.patch deleted file mode 100644 index 1cd7b50..0000000 --- a/skip-test-requiring-network.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/test/test_http_client.py b/test/test_http_client.py -index 5af87b6..dd2631a 100644 ---- a/test/test_http_client.py -+++ b/test/test_http_client.py -@@ -347,6 +347,7 @@ class TestClient(NativeResourceTest): - tls_connection_options=tls_conn_opt) - return connection_future.result(self.timeout) - -+ @unittest.skip("Requires network") - def test_h2_client(self): - url = urlparse("https://d1cz66xoahf9cl.cloudfront.net/http_test_doc.txt") - connection = self._new_h2_client_connection(url) diff --git a/skip-tests-requiring-network.patch b/skip-tests-requiring-network.patch new file mode 100644 index 0000000..da37539 --- /dev/null +++ b/skip-tests-requiring-network.patch @@ -0,0 +1,20 @@ +diff --git a/test/test_http_client.py b/test/test_http_client.py +index f79f39a..7498a96 100644 +--- a/test/test_http_client.py ++++ b/test/test_http_client.py +@@ -353,6 +353,7 @@ class TestClient(NativeResourceTest): + tls_connection_options=tls_conn_opt) + return connection_future.result(self.timeout) + ++ @unittest.skip("Requires network") + def test_h2_client(self): + url = urlparse("https://d1cz66xoahf9cl.cloudfront.net/http_test_doc.txt") + connection = self._new_h2_client_connection(url) +@@ -375,6 +376,7 @@ class TestClient(NativeResourceTest): + + self.assertEqual(None, connection.close().exception(self.timeout)) + ++ @unittest.skip("Requires network") + def test_h2_manual_write_exception(self): + url = urlparse("https://d1cz66xoahf9cl.cloudfront.net/http_test_doc.txt") + connection = self._new_h2_client_connection(url) diff --git a/sources b/sources index 5c9e81a..0f5a518 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ -SHA512 (awscrt-0.20.5.tar.gz) = fbd1e8d97b9d9d3916757f772d37e5ac2aeab6ac4b9802c9318d9fde01a202b8e262803c5214a94c74e05e503c56563380065d94090cbf3a6fc94d53a29faf44 -SHA512 (pkcs11.h) = 36dba0fcde2327cff6a13d1492d2ae38161e73a088854235052abd79198943c0697fb66ce6f71e89eb1c6ce41ef727eaec96669d3ae013f76b291d3334e062f3 +SHA512 (awscrt-0.27.2.tar.gz) = 0b8ee3ed71a69957ef07e43542cb9c342bb0865668f95a4e3227a4e877d03648c70417c2e2ea7aaae44bbeace0a906dff7ab82bbf4d1e51498b382c5c624f9c7 diff --git a/websockets.patch b/websockets.patch new file mode 100644 index 0000000..3b2334b --- /dev/null +++ b/websockets.patch @@ -0,0 +1,26 @@ +diff --git a/test/test_websocket.py b/test/test_websocket.py +index fcbcedb..ebebbcb 100644 +--- a/test/test_websocket.py ++++ b/test/test_websocket.py +@@ -122,6 +122,7 @@ class WebSocketServer: + # that the asyncio server thread has finished startup. + self._server_started_event = threading.Event() + self._server_thread = threading.Thread(target=self._run_server_thread) ++ self._current_connection = None + + def __enter__(self): + # main thread is entering the `with` block: start the server... +@@ -179,6 +180,13 @@ class WebSocketServer: + self._current_connection = None + + def send_async(self, msg): ++ # Wait for a connection to be established before trying to send ++ max_wait = time() + TIMEOUT ++ while self._current_connection is None: ++ if time() > max_wait: ++ raise RuntimeError("Timeout waiting for WebSocket connection to be established") ++ sleep(0.01) ++ + asyncio.run_coroutine_threadsafe(self._current_connection.send(msg), self._server_loop) + +