pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/py-mohawk py-mohawk: updated to 1.0.0



details:   https://anonhg.NetBSD.org/pkgsrc/rev/ed7ae8f1a803
branches:  trunk
changeset: 328209:ed7ae8f1a803
user:      adam <adam%pkgsrc.org@localhost>
date:      Thu Jan 17 13:22:00 2019 +0000

description:
py-mohawk: updated to 1.0.0

1.0.0:
Security related: Bewit MACs were not compared in constant time and were thus possibly circumventable by an attacker.
Breaking change: Escape characters in header values (such as a back slash) are no longer allowed, potentially breaking clients that depended on this behavior. See 
https://github.com/kumar303/mohawk/issues/34
A sender is allowed to omit the content hash as long as their request has no content. The mohawk.Receiver will skip the content hash check in this situation, regardless of the value of 
accept_untrusted_content. See Empty requests for more details.
Introduced max limit of 4096 characters in the Authorization header
Changed default values of content and content_type arguments to mohawk.base.EmptyValue in order to differentiate between misconfiguration and cases where these arguments are explicitly given as None 
(as with some web frameworks). See Skipping content checks for more details.
Failing to pass content and content_type arguments to mohawk.Receiver or mohawk.Sender.accept_response() without specifying accept_untrusted_content=True will now raise mohawk.exc.MissingContent 
instead of ValueError.

diffstat:

 security/py-mohawk/Makefile |   6 +++---
 security/py-mohawk/distinfo |  10 +++++-----
 2 files changed, 8 insertions(+), 8 deletions(-)

diffs (36 lines):

diff -r 3d27347767b2 -r ed7ae8f1a803 security/py-mohawk/Makefile
--- a/security/py-mohawk/Makefile       Thu Jan 17 13:19:36 2019 +0000
+++ b/security/py-mohawk/Makefile       Thu Jan 17 13:22:00 2019 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.1 2017/07/03 21:03:29 adam Exp $
+# $NetBSD: Makefile,v 1.2 2019/01/17 13:22:00 adam Exp $
 
-DISTNAME=      mohawk-0.3.4
+DISTNAME=      mohawk-1.0.0
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME}
 CATEGORIES=    net python
 MASTER_SITES=  ${MASTER_SITE_PYPI:=m/mohawk/}
@@ -12,7 +12,7 @@
 
 DEPENDS+=      ${PYPKGPREFIX}-six-[0-9]*:../../lang/py-six
 
-USE_LANGUAGES=         # none
+USE_LANGUAGES= # none
 
 .include "../../lang/python/egg.mk"
 .include "../../mk/bsd.pkg.mk"
diff -r 3d27347767b2 -r ed7ae8f1a803 security/py-mohawk/distinfo
--- a/security/py-mohawk/distinfo       Thu Jan 17 13:19:36 2019 +0000
+++ b/security/py-mohawk/distinfo       Thu Jan 17 13:22:00 2019 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.1 2017/07/03 21:03:29 adam Exp $
+$NetBSD: distinfo,v 1.2 2019/01/17 13:22:00 adam Exp $
 
-SHA1 (mohawk-0.3.4.tar.gz) = c164f113a0bfbb38f9fc36c25bc5520b27b0b283
-RMD160 (mohawk-0.3.4.tar.gz) = df9a7812085cc06fa7106301d5ce04613d46fbce
-SHA512 (mohawk-0.3.4.tar.gz) = f5a5d99d80e7806f92d5078d4d6a7f0b1fd1d4759a9897cfd178fe1ed07b27831c707dbd9b8b6a735d392845e532f2805e27cfd78e69ea72f22efaac1dafc9a5
-Size (mohawk-0.3.4.tar.gz) = 15616 bytes
+SHA1 (mohawk-1.0.0.tar.gz) = 31969339d4debbace957dd8a1e62c91fc1c319d7
+RMD160 (mohawk-1.0.0.tar.gz) = d9a7d4528668a10d5f7092378bf9443a849b756d
+SHA512 (mohawk-1.0.0.tar.gz) = 5bd360f26276181b1384d62e0929b2dc52e9cce39bf9293e85eef94bfc70b91954bc8ac1eb869fb7a8073cec17daf66c67e4c4af726c9f231792f2cb2f0bc7ac
+Size (mohawk-1.0.0.tar.gz) = 17593 bytes



Home | Main Index | Thread Index | Old Index