From 97089fe14172ce1ca678310c5f1572ed74e10e34 Mon Sep 17 00:00:00 2001
From: Marian Beermann <public@enkore.de>
Date: Sat, 17 Jun 2017 11:54:06 +0200
Subject: [PATCH 1/3] init: note possible denial of service with "none" mode

---
 src/borg/archiver.py | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/borg/archiver.py b/src/borg/archiver.py
index 95ef1f0cc..2f01d5a1d 100644
--- a/src/borg/archiver.py
+++ b/src/borg/archiver.py
@@ -2453,12 +2453,14 @@ def define_common_options(add_common_option):
         | Hash/MAC | Not encrypted | Not encrypted,         | Encrypted (AEAD w/ AES)  |
         |          | no auth       | but authenticated      | and authenticated        |
         +----------+---------------+------------------------+--------------------------+
-        | SHA-256  | none          | authenticated          | repokey, keyfile         |
+        | SHA-256  | none          | `authenticated`        | repokey, keyfile         |
         +----------+---------------+------------------------+--------------------------+
-        | BLAKE2b  | n/a           | authenticated-blake2   | repokey-blake2,          |
-        |          |               |                        | keyfile-blake2           |
+        | BLAKE2b  | n/a           | `authenticated-blake2` | `repokey-blake2`,        |
+        |          |               |                        | `keyfile-blake2`         |
         +----------+---------------+------------------------+--------------------------+
 
+        `Marked modes` are new in Borg 1.1 and are not backwards-compatible with Borg 1.0.x.
+
         On modern Intel/AMD CPUs (except very cheap ones), AES is usually
         hardware-accelerated.
         BLAKE2b is faster than SHA256 on Intel/AMD 64-bit CPUs
@@ -2491,7 +2493,8 @@ def define_common_options(add_common_option):
 
         `none` mode uses no encryption and no authentication. It uses SHA256 as chunk
         ID hash. Not recommended, rather consider using an authenticated or
-        authenticated/encrypted mode.
+        authenticated/encrypted mode. This mode has possible denial-of-service issues
+        when running ``borg create`` on contents controlled by an attacker.
         Use it only for new repositories where no encryption is wanted **and** when compatibility
         with 1.0.x is important. If compatibility with 1.0.x is not important, use
         `authenticated-blake2` or `authenticated` instead.

From a04625cd13799a1697b91288cf5803906a564f46 Mon Sep 17 00:00:00 2001
From: Marian Beermann <public@enkore.de>
Date: Sat, 17 Jun 2017 12:07:12 +0200
Subject: [PATCH 2/3] nanorst: better inline formatting in tables

---
 src/borg/archiver.py |  9 +++++++--
 src/borg/nanorst.py  | 10 ++++++++++
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/src/borg/archiver.py b/src/borg/archiver.py
index 2f01d5a1d..496d14d4d 100644
--- a/src/borg/archiver.py
+++ b/src/borg/archiver.py
@@ -2449,16 +2449,21 @@ def define_common_options(add_common_option):
         Encryption modes
         ++++++++++++++++
 
+        .. nanorst: inline-fill
+
         +----------+---------------+------------------------+--------------------------+
         | Hash/MAC | Not encrypted | Not encrypted,         | Encrypted (AEAD w/ AES)  |
         |          | no auth       | but authenticated      | and authenticated        |
         +----------+---------------+------------------------+--------------------------+
-        | SHA-256  | none          | `authenticated`        | repokey, keyfile         |
+        | SHA-256  | none          | `authenticated`        | repokey                  |
+        |          |               |                        | keyfile                  |
         +----------+---------------+------------------------+--------------------------+
-        | BLAKE2b  | n/a           | `authenticated-blake2` | `repokey-blake2`,        |
+        | BLAKE2b  | n/a           | `authenticated-blake2` | `repokey-blake2`         |
         |          |               |                        | `keyfile-blake2`         |
         +----------+---------------+------------------------+--------------------------+
 
+        .. nanorst: inline-replace
+
         `Marked modes` are new in Borg 1.1 and are not backwards-compatible with Borg 1.0.x.
 
         On modern Intel/AMD CPUs (except very cheap ones), AES is usually
diff --git a/src/borg/nanorst.py b/src/borg/nanorst.py
index 113a86a11..ba4ad2a34 100644
--- a/src/borg/nanorst.py
+++ b/src/borg/nanorst.py
@@ -58,6 +58,7 @@ def rst_to_text(text, state_hook=None, references=None):
     state_hook = state_hook or (lambda old_state, new_state, out: None)
     references = references or {}
     state = 'text'
+    inline_mode = 'replace'
     text = TextPecker(text)
     out = io.StringIO()
 
@@ -117,17 +118,26 @@ def rst_to_text(text, state_hook=None, references=None):
                 directive, is_directive, arguments = text.readline().partition('::')
                 text.read(1)
                 if not is_directive:
+                    # partition: if the separator is not in the text, the leftmost output is the entire input
+                    if directive == 'nanorst: inline-fill':
+                        inline_mode = 'fill'
+                    elif directive == 'nanorst: inline-replace':
+                        inline_mode = 'replace'
                     continue
                 process_directive(directive, arguments.strip(), out, state_hook)
                 continue
         if state in inline_single and char == state:
             state_hook(state, 'text', out)
             state = 'text'
+            if inline_mode == 'fill':
+                out.write(2 * ' ')
             continue
         if state == '``' and char == next == '`':
             state_hook(state, 'text', out)
             state = 'text'
             text.read(1)
+            if inline_mode == 'fill':
+                out.write(4 * ' ')
             continue
         if state == '**' and char == next == '*':
             state_hook(state, 'text', out)

From 868749579301089f4f1836ee94301e7eaa1da81e Mon Sep 17 00:00:00 2001
From: Marian Beermann <public@enkore.de>
Date: Sat, 17 Jun 2017 12:12:55 +0200
Subject: [PATCH 3/3] docs: css: avoid scroll bars on tables

---
 docs/borg_theme/css/borg.css | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/docs/borg_theme/css/borg.css b/docs/borg_theme/css/borg.css
index ae4ce24c6..0ba4c01f0 100644
--- a/docs/borg_theme/css/borg.css
+++ b/docs/borg_theme/css/borg.css
@@ -61,6 +61,14 @@ dt code {
     border-right: 2px solid #4e4a4a;;
 }
 
+/* the rtd theme has "nowrap" here which causes tables to have scroll bars.
+ * undo that setting. it does not seem to cause issues, even when making the
+ * viewport narrow.
+ */
+.wy-table-responsive table td, .wy-table-responsive table th {
+    white-space: normal;
+}
+
 p .literal,
 p .literal span {
     border: none;
@@ -73,8 +81,8 @@ cite {
     white-space: nowrap;
     color: black; /* slight contrast with #404040 of regular text */
     font-size: 75%;
-    font-family: Consolas,"Andale Mono WT","Andale Mono","Lucida Console","Lucida Sans Typewriter",
-    "DejaVu Sans Mono","Bitstream Vera Sans Mono","Liberation Mono","Nimbus Mono L",Monaco,"Courier New",Courier,monospace;
+    font-family: Consolas, "Andale Mono WT", "Andale Mono", "Lucida Console", "Lucida Sans Typewriter",
+    "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Liberation Mono", "Nimbus Mono L", Monaco, "Courier New", Courier, monospace;
     font-style: normal;
     text-decoration: underline;
 }