- Update to version 1.0.0:

* Security related: Bewit MACs were not compared in constant time
    and were thus possibly circumventable by an attacker.
  * Breaking change: Escape characters in header values (such as a
    back slash) are no longer allowed, potentially breaking clients
    that depended on this behavior.
  * A sender is allowed to omit the content hash as long as their
    request has no content. The `mohawk.Receiver` will skip the
    content hash check in this situation, regardless of the value
    of accept_untrusted_content.
  * Introduced max limit of 4096 characters in the Authorization
    header.
  * Changed default values of content and content_type arguments to
    `mohawk.base.EmptyValue` in order to differentiate between
    misconfiguration and cases where these arguments are explicitly
    given as None (as with some web frameworks).
  * Failing to pass content and content_type arguments to
    `mohawk.Receiver` or `mohawk.Sender.accept_response` without
    specifying accept_untrusted_content=True will now raise
    `mohawk.exc.MissingContent` instead of `ValueError`.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-mohawk?expand=0&rev=5

mohawk-0.3.4.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e98b331d9fa9ece7b8be26094cbe2d57613ae882133cc755167268a984bc0ab3
-size 15616

mohawk-1.0.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fca4e34d8f5492f1c33141c98b96e168a089e5692ce65fb747e4bb613f5fe552
+size 17593

python-mohawk.changes

@@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Fri Jan 11 06:41:11 UTC 2019 - antoine.belvire@opensuse.org
+
+- Update to version 1.0.0:
+  * Security related: Bewit MACs were not compared in constant time
+    and were thus possibly circumventable by an attacker.
+  * Breaking change: Escape characters in header values (such as a
+    back slash) are no longer allowed, potentially breaking clients
+    that depended on this behavior.
+  * A sender is allowed to omit the content hash as long as their
+    request has no content. The `mohawk.Receiver` will skip the
+    content hash check in this situation, regardless of the value
+    of accept_untrusted_content.
+  * Introduced max limit of 4096 characters in the Authorization
+    header.
+  * Changed default values of content and content_type arguments to
+    `mohawk.base.EmptyValue` in order to differentiate between
+    misconfiguration and cases where these arguments are explicitly
+    given as None (as with some web frameworks).
+  * Failing to pass content and content_type arguments to
+    `mohawk.Receiver` or `mohawk.Sender.accept_response` without
+    specifying accept_untrusted_content=True will now raise
+    `mohawk.exc.MissingContent` instead of `ValueError`.
+
 -------------------------------------------------------------------
 Tue Dec  4 12:50:27 UTC 2018 - Matej Cepl <mcepl@suse.com>
 

python-mohawk.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package python-mohawk
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 # Copyright (c) 2017 The openSUSE Project.
 #
 # All modifications and additions to the file contributed by third parties
@@ -20,7 +20,7 @@
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 %bcond_without test
 Name:           python-mohawk
-Version:        0.3.4
+Version:        1.0.0
 Release:        0
 Summary:        Library for Hawk HTTP authorization
 License:        MPL-2.0