- Update to version 1.0.0:

* Security related: Bewit MACs were not compared in constant time
    and were thus possibly circumventable by an attacker.
  * Breaking change: Escape characters in header values (such as a
    back slash) are no longer allowed, potentially breaking clients
    that depended on this behavior.
  * A sender is allowed to omit the content hash as long as their
    request has no content. The `mohawk.Receiver` will skip the
    content hash check in this situation, regardless of the value
    of accept_untrusted_content.
  * Introduced max limit of 4096 characters in the Authorization
    header.
  * Changed default values of content and content_type arguments to
    `mohawk.base.EmptyValue` in order to differentiate between
    misconfiguration and cases where these arguments are explicitly
    given as None (as with some web frameworks).
  * Failing to pass content and content_type arguments to
    `mohawk.Receiver` or `mohawk.Sender.accept_response` without
    specifying accept_untrusted_content=True will now raise
    `mohawk.exc.MissingContent` instead of `ValueError`.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-mohawk?expand=0&rev=5

python-mohawk.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package python-mohawk
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 # Copyright (c) 2017 The openSUSE Project.
 #
 # All modifications and additions to the file contributed by third parties
@@ -20,7 +20,7 @@
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 %bcond_without test
 Name:           python-mohawk
-Version:        0.3.4
+Version:        1.0.0
 Release:        0
 Summary:        Library for Hawk HTTP authorization
 License:        MPL-2.0