diff options
author | adam <adam@pkgsrc.org> | 2019-01-17 13:22:00 +0000 |
---|---|---|
committer | adam <adam@pkgsrc.org> | 2019-01-17 13:22:00 +0000 |
commit | d873cde9ed4adfc409f8df647d783b155e5bedac (patch) | |
tree | af78322fcde6f33161b6189fd3e4fc11c0f61409 /security | |
parent | a1bdd8e1245b5028b91541bb8c5a50fe0ee71a89 (diff) | |
download | pkgsrc-d873cde9ed4adfc409f8df647d783b155e5bedac.tar.gz |
py-mohawk: updated to 1.0.0
1.0.0:
Security related: Bewit MACs were not compared in constant time and were thus possibly circumventable by an attacker.
Breaking change: Escape characters in header values (such as a back slash) are no longer allowed, potentially breaking clients that depended on this behavior. See https://github.com/kumar303/mohawk/issues/34
A sender is allowed to omit the content hash as long as their request has no content. The mohawk.Receiver will skip the content hash check in this situation, regardless of the value of accept_untrusted_content. See Empty requests for more details.
Introduced max limit of 4096 characters in the Authorization header
Changed default values of content and content_type arguments to mohawk.base.EmptyValue in order to differentiate between misconfiguration and cases where these arguments are explicitly given as None (as with some web frameworks). See Skipping content checks for more details.
Failing to pass content and content_type arguments to mohawk.Receiver or mohawk.Sender.accept_response() without specifying accept_untrusted_content=True will now raise mohawk.exc.MissingContent instead of ValueError.
Diffstat (limited to 'security')
-rw-r--r-- | security/py-mohawk/Makefile | 6 | ||||
-rw-r--r-- | security/py-mohawk/distinfo | 10 |
2 files changed, 8 insertions, 8 deletions
diff --git a/security/py-mohawk/Makefile b/security/py-mohawk/Makefile index c6f0c26d217..4a4ca1d4f91 100644 --- a/security/py-mohawk/Makefile +++ b/security/py-mohawk/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.1 2017/07/03 21:03:29 adam Exp $ +# $NetBSD: Makefile,v 1.2 2019/01/17 13:22:00 adam Exp $ -DISTNAME= mohawk-0.3.4 +DISTNAME= mohawk-1.0.0 PKGNAME= ${PYPKGPREFIX}-${DISTNAME} CATEGORIES= net python MASTER_SITES= ${MASTER_SITE_PYPI:=m/mohawk/} @@ -12,7 +12,7 @@ LICENSE= mpl-2.0 DEPENDS+= ${PYPKGPREFIX}-six-[0-9]*:../../lang/py-six -USE_LANGUAGES= # none +USE_LANGUAGES= # none .include "../../lang/python/egg.mk" .include "../../mk/bsd.pkg.mk" diff --git a/security/py-mohawk/distinfo b/security/py-mohawk/distinfo index 347b7133429..a02e5839895 100644 --- a/security/py-mohawk/distinfo +++ b/security/py-mohawk/distinfo @@ -1,6 +1,6 @@ -$NetBSD: distinfo,v 1.1 2017/07/03 21:03:29 adam Exp $ +$NetBSD: distinfo,v 1.2 2019/01/17 13:22:00 adam Exp $ -SHA1 (mohawk-0.3.4.tar.gz) = c164f113a0bfbb38f9fc36c25bc5520b27b0b283 -RMD160 (mohawk-0.3.4.tar.gz) = df9a7812085cc06fa7106301d5ce04613d46fbce -SHA512 (mohawk-0.3.4.tar.gz) = f5a5d99d80e7806f92d5078d4d6a7f0b1fd1d4759a9897cfd178fe1ed07b27831c707dbd9b8b6a735d392845e532f2805e27cfd78e69ea72f22efaac1dafc9a5 -Size (mohawk-0.3.4.tar.gz) = 15616 bytes +SHA1 (mohawk-1.0.0.tar.gz) = 31969339d4debbace957dd8a1e62c91fc1c319d7 +RMD160 (mohawk-1.0.0.tar.gz) = d9a7d4528668a10d5f7092378bf9443a849b756d +SHA512 (mohawk-1.0.0.tar.gz) = 5bd360f26276181b1384d62e0929b2dc52e9cce39bf9293e85eef94bfc70b91954bc8ac1eb869fb7a8073cec17daf66c67e4c4af726c9f231792f2cb2f0bc7ac +Size (mohawk-1.0.0.tar.gz) = 17593 bytes |