- Update to version 1.0.0:

* Security related: Bewit MACs were not compared in constant time and were thus possibly circumventable by an attacker. * Breaking change: Escape characters in header values (such as a back slash) are no longer allowed, potentially breaking clients that depended on this behavior. * A sender is allowed to omit the content hash as long as their request has no content. The `mohawk.Receiver` will skip the content hash check in this situation, regardless of the value of accept_untrusted_content. * Introduced max limit of 4096 characters in the Authorization header. * Changed default values of content and content_type arguments to `mohawk.base.EmptyValue` in order to differentiate between misconfiguration and cases where these arguments are explicitly given as None (as with some web frameworks). * Failing to pass content and content_type arguments to `mohawk.Receiver` or `mohawk.Sender.accept_response` without specifying accept_untrusted_content=True will now raise `mohawk.exc.MissingContent` instead of `ValueError`. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-mohawk?expand=0&rev=5
2019-01-11 06:56:08 +00:00
parent 9bceef0851
commit be79f764f9
4 changed files with 29 additions and 5 deletions
--- a/mohawk-0.3.4.tar.gz
+++ b/mohawk-0.3.4.tar.gz
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e98b331d9fa9ece7b8be26094cbe2d57613ae882133cc755167268a984bc0ab3
-size 15616
--- a/mohawk-1.0.0.tar.gz
+++ b/mohawk-1.0.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fca4e34d8f5492f1c33141c98b96e168a089e5692ce65fb747e4bb613f5fe552
+size 17593
--- a/python-mohawk.changes
+++ b/python-mohawk.changes
@@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Fri Jan 11 06:41:11 UTC 2019 - antoine.belvire@opensuse.org
+
+- Update to version 1.0.0:
+  * Security related: Bewit MACs were not compared in constant time
+    and were thus possibly circumventable by an attacker.
+  * Breaking change: Escape characters in header values (such as a
+    back slash) are no longer allowed, potentially breaking clients
+    that depended on this behavior.
+  * A sender is allowed to omit the content hash as long as their
+    request has no content. The `mohawk.Receiver` will skip the
+    content hash check in this situation, regardless of the value
+    of accept_untrusted_content.
+  * Introduced max limit of 4096 characters in the Authorization
+    header.
+  * Changed default values of content and content_type arguments to
+    `mohawk.base.EmptyValue` in order to differentiate between
+    misconfiguration and cases where these arguments are explicitly
+    given as None (as with some web frameworks).
+  * Failing to pass content and content_type arguments to
+    `mohawk.Receiver` or `mohawk.Sender.accept_response` without
+    specifying accept_untrusted_content=True will now raise
+    `mohawk.exc.MissingContent` instead of `ValueError`.
+
 -------------------------------------------------------------------
 Tue Dec  4 12:50:27 UTC 2018 - Matej Cepl <mcepl@suse.com>

--- a/python-mohawk.spec
+++ b/python-mohawk.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package python-mohawk
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 # Copyright (c) 2017 The openSUSE Project.
 #
 # All modifications and additions to the file contributed by third parties
@@ -20,7 +20,7 @@
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 %bcond_without test
 Name:           python-mohawk
-Version:        0.3.4
+Version:        1.0.0
 Release:        0
 Summary:        Library for Hawk HTTP authorization
 License:        MPL-2.0