cgit-70, branch upstream

Merge remote-tracking branch 'upstream/master' into upstream

2018-08-06T11:16:09+00:00

Bump version.

2018-08-03T15:04:03+00:00

Signed-off-by: Jason A. Donenfeld

clone: fix directory traversal

2018-08-03T15:04:03+00:00

This was introduced in the initial version of this code, way back when
in 2008.

$ curl http://127.0.0.1/cgit/repo/objects/?path=../../../../../../../../../etc/passwd
root:x:0:0:root:/root:/bin/sh
...

Signed-off-by: Jason A. Donenfeld 
Reported-by: Jann Horn

config: record repo.snapshot-prefix in the per-repo config

2018-08-03T14:12:21+00:00

Even if we find snapshot-prefix in the repo configuration, we are not
writing it out into the rc- file, so setting the value does not have any
effect.

Signed-off-by: Konstantin Ryabitsev

auth-filters: add simple file-based authentication scheme

2018-08-03T14:12:21+00:00

Signed-off-by: Jason A. Donenfeld

config: record repo.snapshot-prefix in the per-repo config

2018-07-17T17:11:49+00:00

Even if we find snapshot-prefix in the repo configuration, we are not
writing it out into the rc- file, so setting the value does not have any
effect.

Signed-off-by: Konstantin Ryabitsev

auth-filters: use crypt() in simple-authentication

2018-07-15T02:18:03+00:00

There's no use in giving a silly example to folks who will just copy it,
so instead try to do something slightly better.

Signed-off-by: Jason A. Donenfeld

auth-filters: generate secret securely

2018-07-15T01:30:57+00:00

This is much better than having the user generate it themselves.

Signed-off-by: Jason A. Donenfeld

auth-filters: do not crash on nil username

2018-07-14T03:10:28+00:00

Signed-off-by: Jason A. Donenfeld

auth-filter: do not write more than we've read

2018-07-14T03:09:27+00:00

Signed-off-by: Jason A. Donenfeld