From 3d9bb77591ca555fd4a42159b7d69cff8d88ed0e Mon Sep 17 00:00:00 2001
From: Kseniia Nivnia <knivnia@redhat.com>
Date: Fri, 13 Mar 2026 10:40:36 +0000
Subject: [PATCH] Update to v0.31.1

Resolves: RHEL-155806

Signed-off-by: Kseniia Nivnia <knivnia@redhat.com>
---
 .gitignore                          |  1 +
 python-awscrt.spec                  | 72 ++++++++++++++---------------
 s2n-remove-fips-version-check.patch | 29 ++++++++++++
 skip-SHA1-in-test_crypto.patch      |  1 -
 skip-tests-requiring-network.patch  | 34 ++++++++++++--
 sources                             |  2 +-
 websockets.patch                    | 24 ++++++++++
 7 files changed, 122 insertions(+), 41 deletions(-)
 create mode 100644 s2n-remove-fips-version-check.patch
 create mode 100644 websockets.patch

diff --git a/.gitignore b/.gitignore
index d6e4562..41d83a0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -17,3 +17,4 @@
 /awscrt-0.20.2.tar.gz
 /awscrt-0.23.8.tar.gz
 /awscrt-0.27.2.tar.gz
+/awscrt-0.31.1.tar.gz
diff --git a/python-awscrt.spec b/python-awscrt.spec
index 5e21255..0042b9e 100644
--- a/python-awscrt.spec
+++ b/python-awscrt.spec
@@ -1,10 +1,11 @@
 %global desc %{expand:
 Python bindings for the AWS Common Runtime}
- 
- 
+
+
 Name:           python-awscrt
-Version:        0.27.2
+Version:        0.31.1
 Release:        %autorelease
+
 Summary:        Python bindings for the AWS Common Runtime
 # All files are licensed under Apache-2.0, except:
 # - crt/aws-c-common/include/aws/common/external/cJSON.h is MIT
@@ -12,68 +13,67 @@ Summary:        Python bindings for the AWS Common Runtime
 # - crt/s2n/pq-crypto/kyber_r3/KeccakP-brg_endian_avx2.h is BSD-3-Clause
 License:        Apache-2.0 AND MIT AND BSD-3-Clause
 URL:            https://github.com/awslabs/aws-crt-python
- 
+
 Source0:        %{pypi_source awscrt}
- 
+
 # two tests require internet connection, skip them
 Patch0:         skip-tests-requiring-network.patch
 # skip SHA1 in test_crypto
 Patch1:         skip-SHA1-in-test_crypto.patch
- 
+# websockets test fail fix
+Patch2:         websockets.patch
+# remove FIPS version check in s2n
+Patch3:         s2n-remove-fips-version-check.patch
+
 BuildRequires:  python%{python3_pkgversion}-devel
- 
 BuildRequires:  gcc
 BuildRequires:  gcc-c++
 BuildRequires:  cmake
 BuildRequires:  openssl-devel
- 
 BuildRequires:  python%{python3_pkgversion}-websockets
- 
-# s390x: https://bugzilla.redhat.com/show_bug.cgi?id=2180988	
-ExcludeArch:    %{ix86} s390x
- 
- 
+
+
 %description
 %{desc}
- 
- 
+
+
 %package -n python%{python3_pkgversion}-awscrt
 Summary:        %{summary}
- 
- 
+
+
 %description -n python%{python3_pkgversion}-awscrt
 %{desc}
- 
- 
+
+
 %prep
 %autosetup -p1 -n awscrt-%{version}
- 
-# relax version requirements
-sed -i -e 's/setuptools>=75\.3\.1/setuptools/' -e 's/wheel>=0\.45\.1/wheel/' pyproject.toml
- 
-# stay compatible with websockets<13
-sed -i 's/websockets\.asyncio\.server/websockets.server/' test/test_websocket.py
- 
- 
+
+# relax version requirements and add wheel to build requirements
+sed -i -e 's/"setuptools>=75\.3\.1",/"setuptools",\n  "wheel",/' pyproject.toml
+# fix bdist_wheel import for setuptools 70.0.0+
+sed -i -e 's/from setuptools\.command\.bdist_wheel import bdist_wheel/from wheel.bdist_wheel import bdist_wheel/' setup.py
+
 %generate_buildrequires
 %pyproject_buildrequires
- 
+
+
 %build
 export AWS_CRT_BUILD_USE_SYSTEM_LIBCRYPTO=1
 %pyproject_wheel
- 
+
+
 %install
 %pyproject_install
 %pyproject_save_files _awscrt awscrt
- 
- 
+
+
 %check
-PYTHONPATH="%{buildroot}%{python3_sitearch}:%{buildroot}%{python3_sitelib}" %{python3} -m unittest
- 
- 
+%{py3_test_envvars} %{python3} -m unittest
+
+
 %files -n python%{python3_pkgversion}-awscrt -f %{pyproject_files}
 %doc README.md
- 
- 
+
+
 %changelog
 %autochangelog
diff --git a/s2n-remove-fips-version-check.patch b/s2n-remove-fips-version-check.patch
new file mode 100644
index 0000000..0919927
--- /dev/null
+++ b/s2n-remove-fips-version-check.patch
@@ -0,0 +1,29 @@
+diff --git a/crt/s2n/crypto/s2n_fips.c b/crt/s2n/crypto/s2n_fips.c
+index 13f9f77c0..b8af2e36e 100644
+--- a/crt/s2n/crypto/s2n_fips.c
++++ b/crt/s2n/crypto/s2n_fips.c
+@@ -57,15 +57,15 @@ int s2n_fips_init(void)
+ {
+     s2n_fips_mode_enabled = s2n_libcrypto_is_fips();
+ 
+-    /* When using Openssl, ONLY 3.0 currently supports FIPS.
+-     * openssl-1.0.2-fips is no longer supported.
+-     * openssl >= 3.5 will likely have a FIPS 140-3 certificate instead of a
+-     * FIPS 140-2 certificate, which will require additional review in order
+-     * to properly integrate.
+-     */
+-#if defined(OPENSSL_FIPS) || S2N_OPENSSL_VERSION_AT_LEAST(3, 5, 0)
+-    POSIX_ENSURE(!s2n_fips_mode_enabled, S2N_ERR_FIPS_MODE_UNSUPPORTED);
+-#endif
++//     /* When using Openssl, ONLY 3.0 currently supports FIPS.
++//      * openssl-1.0.2-fips is no longer supported.
++//      * openssl >= 3.5 will likely have a FIPS 140-3 certificate instead of a
++//      * FIPS 140-2 certificate, which will require additional review in order
++//      * to properly integrate.
++//      */
++// #if defined(OPENSSL_FIPS) || S2N_OPENSSL_VERSION_AT_LEAST(3, 5, 0)
++//     POSIX_ENSURE(!s2n_fips_mode_enabled, S2N_ERR_FIPS_MODE_UNSUPPORTED);
++// #endif
+ 
+     return S2N_SUCCESS;
+ }
diff --git a/skip-SHA1-in-test_crypto.patch b/skip-SHA1-in-test_crypto.patch
index c5030c7..5935942 100644
--- a/skip-SHA1-in-test_crypto.patch
+++ b/skip-SHA1-in-test_crypto.patch
@@ -55,4 +55,3 @@ index 628900f..7f2296d 100644
 +                h = Hash.sha256_new()
                  h.update(b'totally original test string')
                  digest = h.digest()
- 
diff --git a/skip-tests-requiring-network.patch b/skip-tests-requiring-network.patch
index da37539..9416586 100644
--- a/skip-tests-requiring-network.patch
+++ b/skip-tests-requiring-network.patch
@@ -1,8 +1,36 @@
+diff --git a/test/test_aiohttp_client.py b/test/test_aiohttp_client.py
+index f3fa544..3b04218 100644
+--- a/test/test_aiohttp_client.py
++++ b/test/test_aiohttp_client.py
+@@ -288,6 +288,7 @@ class TestAsyncClient(NativeResourceTest):
+ 
+         return connection
+ 
++    @unittest.skip("Requires network")
+     async def _test_h2_client(self):
+         url = urlparse("https://d1cz66xoahf9cl.cloudfront.net/http_test_doc.txt")
+         connection = await self._new_h2_client_connection(url)
+@@ -309,6 +310,7 @@ class TestAsyncClient(NativeResourceTest):
+ 
+         await connection.close()
+ 
++    @unittest.skip("Requires network")
+     async def _test_h2_manual_write_exception(self):
+         url = urlparse("https://d1cz66xoahf9cl.cloudfront.net/http_test_doc.txt")
+         connection = await self._new_h2_client_connection(url)
+@@ -428,6 +430,7 @@ class TestAsyncClient(NativeResourceTest):
+         finally:
+             self._stop_server()
+ 
++    @unittest.skip("Requires network")
+     async def _test_cross_thread_http2_client(self):
+         """Test using an HTTP/2 client from a different thread/event loop."""
+         url = urlparse("https://d1cz66xoahf9cl.cloudfront.net/http_test_doc.txt")
 diff --git a/test/test_http_client.py b/test/test_http_client.py
-index f79f39a..7498a96 100644
+index 6aa9917..ad4b700 100644
 --- a/test/test_http_client.py
 +++ b/test/test_http_client.py
-@@ -353,6 +353,7 @@ class TestClient(NativeResourceTest):
+@@ -354,6 +354,7 @@ class TestClient(NativeResourceTest):
                                                        tls_connection_options=tls_conn_opt)
          return connection_future.result(self.timeout)
  
@@ -10,7 +38,7 @@ index f79f39a..7498a96 100644
      def test_h2_client(self):
          url = urlparse("https://d1cz66xoahf9cl.cloudfront.net/http_test_doc.txt")
          connection = self._new_h2_client_connection(url)
-@@ -375,6 +376,7 @@ class TestClient(NativeResourceTest):
+@@ -376,6 +377,7 @@ class TestClient(NativeResourceTest):
  
          self.assertEqual(None, connection.close().exception(self.timeout))
  
diff --git a/sources b/sources
index 0f5a518..d67d699 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (awscrt-0.27.2.tar.gz) = 0b8ee3ed71a69957ef07e43542cb9c342bb0865668f95a4e3227a4e877d03648c70417c2e2ea7aaae44bbeace0a906dff7ab82bbf4d1e51498b382c5c624f9c7
+SHA512 (awscrt-0.31.1.tar.gz) = 5ded69bdbf3d475764dad79d42492453e07ff6e8b9d61e753cd76c910f7ecfd3055c4d58b90e0449a92e88e2b27a103434aa56cca08f64b32ea8592ee0aeef18
diff --git a/websockets.patch b/websockets.patch
new file mode 100644
index 0000000..143d7b3
--- /dev/null
+++ b/websockets.patch
@@ -0,0 +1,24 @@
+diff --git a/test/test_websocket.py b/test/test_websocket.py
+index fcbcedb..ebebbcb 100644
+--- a/test/test_websocket.py
++++ b/test/test_websocket.py
+@@ -122,6 +122,7 @@ class WebSocketServer:
+         # that the asyncio server thread has finished startup.
+         self._server_started_event = threading.Event()
+         self._server_thread = threading.Thread(target=self._run_server_thread)
++        self._current_connection = None
+ 
+     def __enter__(self):
+         # main thread is entering the `with` block: start the server...
+@@ -179,6 +180,13 @@ class WebSocketServer:
+             self._current_connection = None
+ 
+     def send_async(self, msg):
++        # Wait for a connection to be established before trying to send
++        max_wait = time() + TIMEOUT
++        while self._current_connection is None:
++            if time() > max_wait:
++                raise RuntimeError("Timeout waiting for WebSocket connection to be established")
++            sleep(0.01)
++
+         asyncio.run_coroutine_threadsafe(self._current_connection.send(msg), self._server_loop)