From c046535b4eb0aa402601e090c44a7be07763e4a5 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Sun, 24 Jun 2018 19:20:13 +0200 Subject: [PATCH 01/23] Don't use /tmp anymore --- scripts/upgrade | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/upgrade b/scripts/upgrade index 6c54ca5..ab91500 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -189,7 +189,7 @@ do ynh_replace_string "__SHA256_SUM__" "$nextcloud_source_sha256" "../conf/app.src" # Create a temporary directory - tmpdir=$(mktemp -d) + tmpdir="${final_path}_temp_upgrade_dir" # Install the next nextcloud version in $tmpdir ynh_setup_source "$tmpdir" @@ -208,6 +208,7 @@ do # Replace the old nextcloud by the new one ynh_secure_remove "$final_path" mv "$tmpdir" "$final_path" + ynh_secure_remove "$tmpdir" # Set write access for the following commands chown -R $app: "$final_path" "$datadir" From 30c19929cbcad3443c67d410e816b30026f659a2 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Wed, 29 Aug 2018 21:07:53 +0200 Subject: [PATCH 02/23] Add a new helper to create temporary directory --- scripts/_common.sh | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/scripts/_common.sh b/scripts/_common.sh index 7ce131e..77b2812 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -356,3 +356,27 @@ ynh_multimedia_addaccess () { groupadd -f multimedia usermod -a -G multimedia $user_name } + +ynh_smart_mktemp () { + local min_size="${1:-300}" + # Transform the minimum size from megabytes to kilobytes + min_size=$(( $min_size * 1024 )) + + # Check if there's enough free space in a directory + is_there_enough_space () { + local free_space=$(df --output=avail "$1" | sed 1d) + test $free_space -ge $min_size + } + + if is_there_enough_space /tmp; then + local tmpdir=/tmp + elif is_there_enough_space /var; then + local tmpdir=/var + elif is_there_enough_space /; then + local tmpdir=/ + elif is_there_enough_space /home; then + local tmpdir=/home + fi + + echo "$(sudo mktemp --directory --tmpdir="$tmpdir")" +} From 87d92b35a02e5c929c4b57d59e6d61da22da7222 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Wed, 29 Aug 2018 21:10:08 +0200 Subject: [PATCH 03/23] Use ynh_smart_mktemp --- scripts/upgrade | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/upgrade b/scripts/upgrade index ab91500..44327db 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -189,7 +189,7 @@ do ynh_replace_string "__SHA256_SUM__" "$nextcloud_source_sha256" "../conf/app.src" # Create a temporary directory - tmpdir="${final_path}_temp_upgrade_dir" + tmpdir="$(ynh_smart_mktemp 300)" # Install the next nextcloud version in $tmpdir ynh_setup_source "$tmpdir" From d76dc401512c378649918b4a7c6d0c372d3c7e5a Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Fri, 21 Sep 2018 23:32:02 +0200 Subject: [PATCH 04/23] ynh_die if no free space --- scripts/_common.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/_common.sh b/scripts/_common.sh index 77b2812..1e2bd82 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -376,6 +376,8 @@ ynh_smart_mktemp () { local tmpdir=/ elif is_there_enough_space /home; then local tmpdir=/home + else + ynh_die "Insufficient free space to continue..." fi echo "$(sudo mktemp --directory --tmpdir="$tmpdir")" From e60cb644060479245e7a8ddfdf4f5087508784c0 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Thu, 8 Nov 2018 13:44:50 +0100 Subject: [PATCH 05/23] Set maintainer as "YunoHost Contributors" --- manifest.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest.json b/manifest.json index 1c09dac..75a532b 100644 --- a/manifest.json +++ b/manifest.json @@ -10,8 +10,8 @@ "url": "https://nextcloud.com", "license": "AGPL-3.0", "maintainer": { - "name": "-", - "email": "-" + "name": "YunoHost Contributors", + "email": "apps@yunohost.org" }, "requirements": { "yunohost": ">= 2.7.2" From 118b1d4d30aced948c751d9853015bebf52f2c43 Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Sun, 25 Nov 2018 22:08:10 +0100 Subject: [PATCH 06/23] Major upgrade to upstream version 14.0.4 --- README.md | 2 +- manifest.json | 2 +- scripts/upgrade.d/upgrade.13.sh | 7 +++++++ scripts/upgrade.d/upgrade.last.sh | 4 ++-- 4 files changed, 11 insertions(+), 4 deletions(-) create mode 100644 scripts/upgrade.d/upgrade.13.sh diff --git a/README.md b/README.md index bf20566..97d1435 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ Nextcloud for YunoHost own data. A personal cloud which run on your own server. With Nextcloud you can synchronize your files over your devices. -**Shipped version:** 13.0.6 +**Shipped version:** 14.0.4 [![Install Nextcloud with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=nextcloud) ![](https://github.com/nextcloud/screenshots/blob/master/files/filelist.png) diff --git a/manifest.json b/manifest.json index 75a532b..d5924da 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Access & share your files, calendars, contacts, mail & more from any device, on your terms", "fr": "Consultez et partagez vos fichiers, agendas, carnets d'adresses, emails et bien plus depuis les appareils de votre choix, sous vos conditions" }, - "version": "13.0.6~ynh1", + "version": "14.0.4~ynh1", "url": "https://nextcloud.com", "license": "AGPL-3.0", "maintainer": { diff --git a/scripts/upgrade.d/upgrade.13.sh b/scripts/upgrade.d/upgrade.13.sh new file mode 100644 index 0000000..f979aa9 --- /dev/null +++ b/scripts/upgrade.d/upgrade.13.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +# Last available nextcloud version +next_version="14.0.0" + +# Nextcloud tarball checksum sha256 +nextcloud_source_sha256="f965c14286e7aabbfe49c947d86af59597af302c35d10e0b5440e7e6c53b8f47" diff --git a/scripts/upgrade.d/upgrade.last.sh b/scripts/upgrade.d/upgrade.last.sh index 4bcad4e..55c0f06 100755 --- a/scripts/upgrade.d/upgrade.last.sh +++ b/scripts/upgrade.d/upgrade.last.sh @@ -1,10 +1,10 @@ #!/bin/bash # Last available nextcloud version -next_version="13.0.6" +next_version="14.0.4" # Nextcloud tarball checksum sha256 -nextcloud_source_sha256="90fc9e960b6a477bb14ee87042b3d158bde95c3f0157677cb4547ca7649968d4" +nextcloud_source_sha256="4f5dd15a71694bd2f15fba0d2f942e5a5b1f5aba13511c507a23324d746b40e8" # Patch nextcloud files only for the last version cp -a ../sources/patches_last_version/* ../sources/patches From de3979a065e8952a3c91f3dbbc65f0253ad5e07e Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Sun, 25 Nov 2018 22:09:09 +0100 Subject: [PATCH 07/23] Adapt PHP custom patches to 14.0.4 code --- .../app-00-add-logout_url-conf.patch | 56 ++++++++++++++-- ...able-CSPv3-nonce_and_allow-YNH-fonts.patch | 66 +++++++++---------- 2 files changed, 85 insertions(+), 37 deletions(-) diff --git a/sources/patches_last_version/app-00-add-logout_url-conf.patch b/sources/patches_last_version/app-00-add-logout_url-conf.patch index 3659fb1..2e70ba7 100644 --- a/sources/patches_last_version/app-00-add-logout_url-conf.patch +++ b/sources/patches_last_version/app-00-add-logout_url-conf.patch @@ -1,14 +1,62 @@ + core/Controller/LoginController.php | 25 ++++++++++++++----------- + 1 file changed, 14 insertions(+), 11 deletions(-) + +diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php +index 182d2bc106..82523e306e 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php -@@ -119,7 +119,10 @@ +@@ -95,13 +95,13 @@ class LoginController extends Controller { + * @param Throttler $throttler + */ + public function __construct($appName, +- IRequest $request, +- IUserManager $userManager, +- IConfig $config, +- ISession $session, +- IUserSession $userSession, +- IURLGenerator $urlGenerator, +- ILogger $logger, ++ IRequest $request, ++ IUserManager $userManager, ++ IConfig $config, ++ ISession $session, ++ IUserSession $userSession, ++ IURLGenerator $urlGenerator, ++ ILogger $logger, + Manager $twoFactorManager, + Defaults $defaults, + Throttler $throttler) { +@@ -130,7 +130,10 @@ class LoginController extends Controller { } $this->userSession->logout(); - + - $response = new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm')); + $redirectUrl = $this->config->getSystemValue('logout_url', -+ $this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm') ++ $this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm') + ); + $response = new RedirectResponse($redirectUrl); - $response->addHeader('Clear-Site-Data', '"cache", "cookies", "storage", "executionContexts"'); + $response->addHeader('Clear-Site-Data', '"cache", "storage", "executionContexts"'); return $response; } +@@ -303,10 +306,10 @@ class LoginController extends Controller { + $previousUser = $user; + $user = $users[0]->getUID(); + if($user !== $previousUser) { +- $loginResult = $this->userManager->checkPassword($user, $password); +- } ++ $loginResult = $this->userManager->checkPassword($user, $password); + } + } ++ } + + if ($loginResult === false) { + $this->logger->warning('Login failed: \''. $user . +@@ -314,7 +317,7 @@ class LoginController extends Controller { + ['app' => 'core']); + return $this->createLoginFailedResponse($user, $originalUser, + $redirect_url, self::LOGIN_MSG_INVALIDPASSWORD); +- } ++ } + + // TODO: remove password checks from above and let the user session handle failures + // requires https://github.com/owncloud/core/pull/24616 diff --git a/sources/patches_last_version/app-01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch b/sources/patches_last_version/app-01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch index f5ced3a..42d6d99 100644 --- a/sources/patches_last_version/app-01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch +++ b/sources/patches_last_version/app-01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch @@ -1,33 +1,33 @@ - lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php | 4 ++++ - lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php | 3 ++- - 2 files changed, 6 insertions(+), 1 deletion(-) - -diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php -index 85ae127f5f..91618a09fc 100644 ---- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php -+++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php -@@ -65,6 +65,10 @@ class ContentSecurityPolicyNonceManager { - * @return bool - */ - public function browserSupportsCspV3() { -+ // YunoHost patch: disable CSPv3 nonces to: -+ // - avoid white page on first login from YunoHost portal -+ // - allow YunoHost tile display -+ return false; - $browserWhitelist = [ - Request::USER_AGENT_CHROME, - // Firefox 45+ -diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php -index 64d4eb6e5d..59d5885620 100644 ---- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php -+++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php -@@ -377,7 +377,8 @@ class EmptyContentSecurityPolicy { - - if(!empty($this->allowedFontDomains)) { - $policy .= 'font-src ' . implode(' ', $this->allowedFontDomains); -- $policy .= ';'; -+ // YunoHost patch: extend font-src to load data fonts embedded in YunoHost tile script -+ $policy .= ' data:;'; - } - - if(!empty($this->allowedConnectDomains)) { + lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php | 4 ++++ + lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php | 3 ++- + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php +index 088fb2d859..15b05b75d1 100644 +--- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php ++++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php +@@ -70,6 +70,10 @@ class ContentSecurityPolicyNonceManager { + * @return bool + */ + public function browserSupportsCspV3(): bool { ++ // YunoHost patch: disable CSPv3 nonces to: ++ // - avoid white page on first login from YunoHost portal ++ // - allow YunoHost tile display ++ return false; + $browserWhitelist = [ + Request::USER_AGENT_CHROME, + // Firefox 45+ +diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php +index 6397d32cb9..32281a1734 100644 +--- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php ++++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php +@@ -406,7 +406,8 @@ class EmptyContentSecurityPolicy { + + if(!empty($this->allowedFontDomains)) { + $policy .= 'font-src ' . implode(' ', $this->allowedFontDomains); +- $policy .= ';'; ++ // YunoHost patch: extend font-src to load data fonts embedded in YunoHost tile script ++ $policy .= ' data:;'; + } + + if(!empty($this->allowedConnectDomains)) { From 2848fe3719a217585ed2dbcc8df19c9d97d461ac Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Sun, 25 Nov 2018 22:10:06 +0100 Subject: [PATCH 08/23] Upgrade nginx configuration following release 14 recommendations (https://docs.nextcloud.com/server/14/admin_manual/installation/nginx.html) --- conf/nginx.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/conf/nginx.conf b/conf/nginx.conf index 3eee860..1691095 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -19,6 +19,7 @@ location ^~ __PATH__ { add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy no-referrer; # Set max upload size client_max_body_size 10G; @@ -85,6 +86,8 @@ location ^~ __PATH__ { add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy no-referrer; + # Optional: Don't log access to assets access_log off; } From 53c4fb686b427fd72fa5686e80efd786b49ac1c4 Mon Sep 17 00:00:00 2001 From: Nathanael Date: Sat, 15 Dec 2018 12:04:09 +0100 Subject: [PATCH 09/23] Upgrade to upstream version 15.0.0 Upgrade to upstream version 15.0.0 --- README.md | 2 +- scripts/upgrade.d/upgrade.14.sh | 10 ++++++++++ scripts/upgrade.d/upgrade.last.sh | 4 ++-- 3 files changed, 13 insertions(+), 3 deletions(-) create mode 100755 scripts/upgrade.d/upgrade.14.sh diff --git a/README.md b/README.md index 97d1435..8bc16ea 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ Nextcloud for YunoHost own data. A personal cloud which run on your own server. With Nextcloud you can synchronize your files over your devices. -**Shipped version:** 14.0.4 +**Shipped version:** 15.0.0 [![Install Nextcloud with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=nextcloud) ![](https://github.com/nextcloud/screenshots/blob/master/files/filelist.png) diff --git a/scripts/upgrade.d/upgrade.14.sh b/scripts/upgrade.d/upgrade.14.sh new file mode 100755 index 0000000..55c0f06 --- /dev/null +++ b/scripts/upgrade.d/upgrade.14.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +# Last available nextcloud version +next_version="14.0.4" + +# Nextcloud tarball checksum sha256 +nextcloud_source_sha256="4f5dd15a71694bd2f15fba0d2f942e5a5b1f5aba13511c507a23324d746b40e8" + +# Patch nextcloud files only for the last version +cp -a ../sources/patches_last_version/* ../sources/patches diff --git a/scripts/upgrade.d/upgrade.last.sh b/scripts/upgrade.d/upgrade.last.sh index 55c0f06..62e17eb 100755 --- a/scripts/upgrade.d/upgrade.last.sh +++ b/scripts/upgrade.d/upgrade.last.sh @@ -1,10 +1,10 @@ #!/bin/bash # Last available nextcloud version -next_version="14.0.4" +next_version="15.0.0" # Nextcloud tarball checksum sha256 -nextcloud_source_sha256="4f5dd15a71694bd2f15fba0d2f942e5a5b1f5aba13511c507a23324d746b40e8" +nextcloud_source_sha256="5bb0c58171353da844019b64080c21078002a59ab956ab72adb958844a98eb78" # Patch nextcloud files only for the last version cp -a ../sources/patches_last_version/* ../sources/patches From a5d7aac75d181883abd49ca51961c698cbc05e65 Mon Sep 17 00:00:00 2001 From: Nathanael Date: Sat, 15 Dec 2018 18:16:30 +0100 Subject: [PATCH 10/23] Upgrade to upstream version 15.0.0 (fix) Upgrade to upstream version 15.0.0 (fix) --- scripts/upgrade.d/upgrade.14.sh | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/scripts/upgrade.d/upgrade.14.sh b/scripts/upgrade.d/upgrade.14.sh index 55c0f06..8c5e80c 100755 --- a/scripts/upgrade.d/upgrade.14.sh +++ b/scripts/upgrade.d/upgrade.14.sh @@ -1,10 +1,7 @@ #!/bin/bash # Last available nextcloud version -next_version="14.0.4" +next_version="15.0.0" # Nextcloud tarball checksum sha256 -nextcloud_source_sha256="4f5dd15a71694bd2f15fba0d2f942e5a5b1f5aba13511c507a23324d746b40e8" - -# Patch nextcloud files only for the last version -cp -a ../sources/patches_last_version/* ../sources/patches +nextcloud_source_sha256="5bb0c58171353da844019b64080c21078002a59ab956ab72adb958844a98eb78" \ No newline at end of file From 698218cacd4b4e77e55207d7bf60bf8a2389b981 Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Sun, 16 Dec 2018 18:02:59 +0100 Subject: [PATCH 11/23] Plan required maintenance operations after upgrade --- scripts/_common.sh | 2 +- scripts/upgrade.d/upgrade.last.sh | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 7ce131e..566494d 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -3,7 +3,7 @@ # COMMON VARIABLES #================================================= -pkg_dependencies="php5-gd php5-json php5-intl php5-mcrypt php5-curl php5-apcu php5-redis php5-ldap php5-imagick imagemagick acl tar smbclient" +pkg_dependencies="php5-gd php5-json php5-intl php5-mcrypt php5-curl php5-apcu php5-redis php5-ldap php5-imagick imagemagick acl tar smbclient at" if [ "$(lsb_release --codename --short)" != "jessie" ]; then pkg_dependencies="$pkg_dependencies php-zip php-apcu php-mbstring php-xml" diff --git a/scripts/upgrade.d/upgrade.last.sh b/scripts/upgrade.d/upgrade.last.sh index 55c0f06..0a21846 100755 --- a/scripts/upgrade.d/upgrade.last.sh +++ b/scripts/upgrade.d/upgrade.last.sh @@ -8,3 +8,6 @@ nextcloud_source_sha256="4f5dd15a71694bd2f15fba0d2f942e5a5b1f5aba13511c507a23324 # Patch nextcloud files only for the last version cp -a ../sources/patches_last_version/* ../sources/patches + +# Execute post-upgrade operations later on +(cd /tmp ; at now + 10 minutes <<< "(cd $final_path ; sudo -u nextcloud php occ db:add-missing-indices ; sudo -u nextcloud php occ db:convert-filecache-bigint -n) > /tmp/nextcloud_maintenance.log") From f1f95274a283206f1cb9bfcc5c11ddbc3273c34c Mon Sep 17 00:00:00 2001 From: Nathanael Date: Sun, 16 Dec 2018 20:49:31 +0100 Subject: [PATCH 12/23] Version 15 : add occ commands to improve db performances --- scripts/upgrade | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/upgrade b/scripts/upgrade index 6c54ca5..355cff6 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -223,6 +223,8 @@ do # Print the current version number of nextcloud exec_occ -V + exec_occ db:add-missing-indices + exec_occ db:convert-filecache-bigint done #================================================= From 134a44cc3fee83bdce40caab2518c89bd30fd0cc Mon Sep 17 00:00:00 2001 From: Nathanael Date: Sun, 16 Dec 2018 21:29:45 +0100 Subject: [PATCH 13/23] Revert "Version 15 : add occ commands to improve db performances" Because of https://github.com/YunoHost-Apps/nextcloud_ynh/pull/149 This reverts commit f1f95274a283206f1cb9bfcc5c11ddbc3273c34c. --- scripts/upgrade | 2 -- 1 file changed, 2 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index 355cff6..6c54ca5 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -223,8 +223,6 @@ do # Print the current version number of nextcloud exec_occ -V - exec_occ db:add-missing-indices - exec_occ db:convert-filecache-bigint done #================================================= From 33c3ecb3dcfd61340a6aed15f1569288e189c58f Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Fri, 21 Dec 2018 00:09:01 +0100 Subject: [PATCH 14/23] Adapt CSPv3 disabling patch and add a patch to allow eval in JS scripts for YunoHost tile --- ...isable-CSPv3-nonce_and_allow-YNH-fonts.patch | 14 +++++++------- ...r-eval-in-JS-scripts-for-YunoHost-tile.patch | 17 +++++++++++++++++ 2 files changed, 24 insertions(+), 7 deletions(-) create mode 100644 sources/patches_last_version/app-02-Allow-for-eval-in-JS-scripts-for-YunoHost-tile.patch diff --git a/sources/patches_last_version/app-01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch b/sources/patches_last_version/app-01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch index 42d6d99..d5a609a 100644 --- a/sources/patches_last_version/app-01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch +++ b/sources/patches_last_version/app-01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch @@ -1,9 +1,9 @@ - lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php | 4 ++++ - lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php | 3 ++- + .../Security/CSP/ContentSecurityPolicyNonceManager.php | 4 ++++ + lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php -index 088fb2d859..15b05b75d1 100644 +index 795d8cc864..5f3c961445 100644 --- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php +++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php @@ -70,6 +70,10 @@ class ContentSecurityPolicyNonceManager { @@ -18,16 +18,16 @@ index 088fb2d859..15b05b75d1 100644 Request::USER_AGENT_CHROME, // Firefox 45+ diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php -index 6397d32cb9..32281a1734 100644 +index 3fcef1d0ef..7ce01a68fc 100644 --- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php +++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php -@@ -406,7 +406,8 @@ class EmptyContentSecurityPolicy { - +@@ -449,7 +449,8 @@ class EmptyContentSecurityPolicy { + if(!empty($this->allowedFontDomains)) { $policy .= 'font-src ' . implode(' ', $this->allowedFontDomains); - $policy .= ';'; + // YunoHost patch: extend font-src to load data fonts embedded in YunoHost tile script + $policy .= ' data:;'; } - + if(!empty($this->allowedConnectDomains)) { diff --git a/sources/patches_last_version/app-02-Allow-for-eval-in-JS-scripts-for-YunoHost-tile.patch b/sources/patches_last_version/app-02-Allow-for-eval-in-JS-scripts-for-YunoHost-tile.patch new file mode 100644 index 0000000..38f37f9 --- /dev/null +++ b/sources/patches_last_version/app-02-Allow-for-eval-in-JS-scripts-for-YunoHost-tile.patch @@ -0,0 +1,17 @@ + lib/public/AppFramework/Http/ContentSecurityPolicy.php | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/lib/public/AppFramework/Http/ContentSecurityPolicy.php b/lib/public/AppFramework/Http/ContentSecurityPolicy.php +index e9ecf00036..8e69c8d2dc 100644 +--- a/lib/public/AppFramework/Http/ContentSecurityPolicy.php ++++ b/lib/public/AppFramework/Http/ContentSecurityPolicy.php +@@ -44,7 +44,8 @@ class ContentSecurityPolicy extends EmptyContentSecurityPolicy { + /** @var bool Whether inline JS snippets are allowed */ + protected $inlineScriptAllowed = false; + /** @var bool Whether eval in JS scripts is allowed */ +- protected $evalScriptAllowed = false; ++ // YunoHost patch: allow for eval in JS scripts for YunoHost tile ++ protected $evalScriptAllowed = true; + /** @var array Domains from which scripts can get loaded */ + protected $allowedScriptDomains = [ + '\'self\'', From c3d725c45bc14c110419924d5a8c544c15527b7e Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Fri, 21 Dec 2018 19:40:20 +0100 Subject: [PATCH 15/23] Fix README screenshot URL (fixes #153) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8bc16ea..278dc05 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ you can synchronize your files over your devices. **Shipped version:** 15.0.0 [![Install Nextcloud with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=nextcloud) -![](https://github.com/nextcloud/screenshots/blob/master/files/filelist.png) +![](https://raw.githubusercontent.com/nextcloud/screenshots/master/files/Files%20Overview.png) ## Features From d62e8c411c25d114235c29ed6ae67452364f1d76 Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Sat, 22 Dec 2018 09:26:05 +0100 Subject: [PATCH 16/23] Limit upgrade operations (patches, maintenance, etc.) to the last upgrade --- scripts/upgrade | 2 ++ scripts/upgrade.d/upgrade.last.sh | 11 +++++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index 6c54ca5..d0c6329 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -176,6 +176,8 @@ do # then it's the last upgrade to do if [ "$major_version" -eq "$current_major_version" ]; then current_major_version=last + # Execute the commands dedicated to the last upgrade + last_upgrade_operations fi # Load the value for this version diff --git a/scripts/upgrade.d/upgrade.last.sh b/scripts/upgrade.d/upgrade.last.sh index 2bed20b..e061d31 100755 --- a/scripts/upgrade.d/upgrade.last.sh +++ b/scripts/upgrade.d/upgrade.last.sh @@ -6,8 +6,11 @@ next_version="15.0.0" # Nextcloud tarball checksum sha256 nextcloud_source_sha256="5bb0c58171353da844019b64080c21078002a59ab956ab72adb958844a98eb78" -# Patch nextcloud files only for the last version -cp -a ../sources/patches_last_version/* ../sources/patches +# This function will only be executed upon applying the last upgrade referenced above +last_upgrade_operations () { + # Patch nextcloud files only for the last version + cp -a ../sources/patches_last_version/* ../sources/patches -# Execute post-upgrade operations later on -(cd /tmp ; at now + 10 minutes <<< "(cd $final_path ; sudo -u nextcloud php occ db:add-missing-indices ; sudo -u nextcloud php occ db:convert-filecache-bigint -n) > /tmp/nextcloud_maintenance.log") + # Execute post-upgrade operations later on + (cd /tmp ; at now + 10 minutes <<< "(cd $final_path ; sudo -u nextcloud php occ db:add-missing-indices ; sudo -u nextcloud php occ db:convert-filecache-bigint -n) > /tmp/nextcloud_maintenance.log") +} From 0857601c4fc5e183c7bdc289f7773c91b9129b2e Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Sun, 30 Dec 2018 20:05:20 +0100 Subject: [PATCH 17/23] Change version in manifest as well --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index d5924da..9b9f080 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Access & share your files, calendars, contacts, mail & more from any device, on your terms", "fr": "Consultez et partagez vos fichiers, agendas, carnets d'adresses, emails et bien plus depuis les appareils de votre choix, sous vos conditions" }, - "version": "14.0.4~ynh1", + "version": "15.0.0~ynh1", "url": "https://nextcloud.com", "license": "AGPL-3.0", "maintainer": { From a1e51bb9927889d66c876e5d1f9951a83d3908f9 Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Sat, 5 Jan 2019 21:48:29 +0100 Subject: [PATCH 18/23] Fix patches not applied on installation --- scripts/install | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/install b/scripts/install index f46d396..7173e1d 100755 --- a/scripts/install +++ b/scripts/install @@ -79,6 +79,8 @@ ynh_replace_string "__VERSION__" "$next_version" "../conf/app.src" ynh_replace_string "__SHA256_SUM__" "$nextcloud_source_sha256" "../conf/app.src" ynh_app_setting_set $app final_path $final_path +# Enable YunoHost patches on Nextcloud sources +cp -a ../sources/patches_last_version/* ../sources/patches # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source "$final_path" From d934a9192db4b9504d0364d99147ed8eef38eed9 Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Mon, 7 Jan 2019 07:30:42 +0100 Subject: [PATCH 19/23] Maintenance operations: fix user for multi-instance and apply at installation --- scripts/install | 5 +++++ scripts/upgrade.d/upgrade.last.sh | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/scripts/install b/scripts/install index 7173e1d..246f6ea 100755 --- a/scripts/install +++ b/scripts/install @@ -236,6 +236,11 @@ ynh_replace_string "#DESTDIR#" "$final_path" "$cron_path" exec_occ background:cron +#================================================= +# POST-INSTALL MAINTENANCE +#================================================= +(cd /tmp ; at now + 10 minutes <<< "(cd $final_path ; sudo -u $app php occ db:add-missing-indices ; sudo -u $app php occ db:convert-filecache-bigint -n) > /tmp/nextcloud_maintenance.log") + #================================================= # CONFIGURE THE HOOK FILE FOR USER CREATE #================================================= diff --git a/scripts/upgrade.d/upgrade.last.sh b/scripts/upgrade.d/upgrade.last.sh index e061d31..0d0d7a2 100755 --- a/scripts/upgrade.d/upgrade.last.sh +++ b/scripts/upgrade.d/upgrade.last.sh @@ -12,5 +12,5 @@ last_upgrade_operations () { cp -a ../sources/patches_last_version/* ../sources/patches # Execute post-upgrade operations later on - (cd /tmp ; at now + 10 minutes <<< "(cd $final_path ; sudo -u nextcloud php occ db:add-missing-indices ; sudo -u nextcloud php occ db:convert-filecache-bigint -n) > /tmp/nextcloud_maintenance.log") + (cd /tmp ; at now + 10 minutes <<< "(cd $final_path ; sudo -u $app php occ db:add-missing-indices ; sudo -u $app php occ db:convert-filecache-bigint -n) > /tmp/nextcloud_maintenance.log") } From 5ffb18ca0653538da35c4efd0aa3150a8569b410 Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Mon, 14 Jan 2019 20:42:25 +0100 Subject: [PATCH 20/23] Upgrade to upstream version 15.0.2 --- README.md | 2 +- manifest.json | 2 +- scripts/upgrade.d/upgrade.last.sh | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 278dc05..146d35d 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ Nextcloud for YunoHost own data. A personal cloud which run on your own server. With Nextcloud you can synchronize your files over your devices. -**Shipped version:** 15.0.0 +**Shipped version:** 15.0.2 [![Install Nextcloud with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=nextcloud) ![](https://raw.githubusercontent.com/nextcloud/screenshots/master/files/Files%20Overview.png) diff --git a/manifest.json b/manifest.json index 9b9f080..568d011 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Access & share your files, calendars, contacts, mail & more from any device, on your terms", "fr": "Consultez et partagez vos fichiers, agendas, carnets d'adresses, emails et bien plus depuis les appareils de votre choix, sous vos conditions" }, - "version": "15.0.0~ynh1", + "version": "15.0.2~ynh1", "url": "https://nextcloud.com", "license": "AGPL-3.0", "maintainer": { diff --git a/scripts/upgrade.d/upgrade.last.sh b/scripts/upgrade.d/upgrade.last.sh index e061d31..937263d 100755 --- a/scripts/upgrade.d/upgrade.last.sh +++ b/scripts/upgrade.d/upgrade.last.sh @@ -1,10 +1,10 @@ #!/bin/bash # Last available nextcloud version -next_version="15.0.0" +next_version="15.0.2" # Nextcloud tarball checksum sha256 -nextcloud_source_sha256="5bb0c58171353da844019b64080c21078002a59ab956ab72adb958844a98eb78" +nextcloud_source_sha256="c1f4cc33e39994ddbe6777370b62c30b7ae52136a0530c0b9922770803ca0fea" # This function will only be executed upon applying the last upgrade referenced above last_upgrade_operations () { @@ -12,5 +12,5 @@ last_upgrade_operations () { cp -a ../sources/patches_last_version/* ../sources/patches # Execute post-upgrade operations later on - (cd /tmp ; at now + 10 minutes <<< "(cd $final_path ; sudo -u nextcloud php occ db:add-missing-indices ; sudo -u nextcloud php occ db:convert-filecache-bigint -n) > /tmp/nextcloud_maintenance.log") + (cd /tmp ; at now + 10 minutes <<< "(cd $final_path ; sudo -u $app php occ db:add-missing-indices ; sudo -u $app php occ db:convert-filecache-bigint -n) > /tmp/nextcloud_maintenance.log") } From 8e75ccbee95e7d78194ca20529bc351db492b5a8 Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Sun, 27 Jan 2019 08:58:18 +0100 Subject: [PATCH 21/23] Use one log file per nextcloud instance --- scripts/install | 2 +- scripts/upgrade.d/upgrade.last.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install b/scripts/install index 246f6ea..5bc37bf 100755 --- a/scripts/install +++ b/scripts/install @@ -239,7 +239,7 @@ exec_occ background:cron #================================================= # POST-INSTALL MAINTENANCE #================================================= -(cd /tmp ; at now + 10 minutes <<< "(cd $final_path ; sudo -u $app php occ db:add-missing-indices ; sudo -u $app php occ db:convert-filecache-bigint -n) > /tmp/nextcloud_maintenance.log") +(cd /tmp ; at now + 10 minutes <<< "(cd $final_path ; sudo -u $app php occ db:add-missing-indices ; sudo -u $app php occ db:convert-filecache-bigint -n) > /tmp/${app}_maintenance.log") #================================================= # CONFIGURE THE HOOK FILE FOR USER CREATE diff --git a/scripts/upgrade.d/upgrade.last.sh b/scripts/upgrade.d/upgrade.last.sh index 0d0d7a2..2e16813 100755 --- a/scripts/upgrade.d/upgrade.last.sh +++ b/scripts/upgrade.d/upgrade.last.sh @@ -12,5 +12,5 @@ last_upgrade_operations () { cp -a ../sources/patches_last_version/* ../sources/patches # Execute post-upgrade operations later on - (cd /tmp ; at now + 10 minutes <<< "(cd $final_path ; sudo -u $app php occ db:add-missing-indices ; sudo -u $app php occ db:convert-filecache-bigint -n) > /tmp/nextcloud_maintenance.log") + (cd /tmp ; at now + 10 minutes <<< "(cd $final_path ; sudo -u $app php occ db:add-missing-indices ; sudo -u $app php occ db:convert-filecache-bigint -n) > /tmp/${app}_maintenance.log") } From 94087e89d51dae733994c9b2495410566a0fd1bb Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Thu, 7 Feb 2019 21:38:17 +0100 Subject: [PATCH 22/23] Upgrade to upstream version 15.0.4 --- README.md | 2 +- manifest.json | 2 +- scripts/upgrade.d/upgrade.last.sh | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 146d35d..865fc0c 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ Nextcloud for YunoHost own data. A personal cloud which run on your own server. With Nextcloud you can synchronize your files over your devices. -**Shipped version:** 15.0.2 +**Shipped version:** 15.0.4 [![Install Nextcloud with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=nextcloud) ![](https://raw.githubusercontent.com/nextcloud/screenshots/master/files/Files%20Overview.png) diff --git a/manifest.json b/manifest.json index 568d011..43bf976 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Access & share your files, calendars, contacts, mail & more from any device, on your terms", "fr": "Consultez et partagez vos fichiers, agendas, carnets d'adresses, emails et bien plus depuis les appareils de votre choix, sous vos conditions" }, - "version": "15.0.2~ynh1", + "version": "15.0.4~ynh1", "url": "https://nextcloud.com", "license": "AGPL-3.0", "maintainer": { diff --git a/scripts/upgrade.d/upgrade.last.sh b/scripts/upgrade.d/upgrade.last.sh index 1a77d52..80d65dd 100755 --- a/scripts/upgrade.d/upgrade.last.sh +++ b/scripts/upgrade.d/upgrade.last.sh @@ -1,10 +1,10 @@ #!/bin/bash # Last available nextcloud version -next_version="15.0.2" +next_version="15.0.4" # Nextcloud tarball checksum sha256 -nextcloud_source_sha256="c1f4cc33e39994ddbe6777370b62c30b7ae52136a0530c0b9922770803ca0fea" +nextcloud_source_sha256="f87db047c174f563e391a22c959d9ace767ca14ef0f97fc394f3061fc63d8f77" # This function will only be executed upon applying the last upgrade referenced above last_upgrade_operations () { From c3480daae60f402982754c152c4e663616d977a6 Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Thu, 7 Feb 2019 21:41:32 +0100 Subject: [PATCH 23/23] Adapt nginx configuration to avoid double headers due to core change (https://github.com/YunoHost/yunohost/commit/8cb029a55e471e1ece3a8a2d7bba00975a6f2d17) --- conf/nginx.conf | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 1691095..2e085c9 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -13,23 +13,23 @@ location ^~ __PATH__ { } # Add headers to serve security related headers - add_header Strict-Transport-Security "max-age=15768000;"; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; - add_header Referrer-Policy no-referrer; + more_set_headers "Strict-Transport-Security: max-age=15768000"; + more_set_headers "X-Content-Type-Options: nosniff"; + more_set_headers "X-XSS-Protection: 1; mode=block"; + more_set_headers "X-Robots-Tag: none"; + more_set_headers "X-Download-Options: noopen"; + more_set_headers "X-Permitted-Cross-Domain-Policies: none"; + more_set_headers "Referrer-Policy: no-referrer"; # Set max upload size client_max_body_size 10G; fastcgi_buffers 64 4K; - + # Extend timeouts client_body_timeout 60m; proxy_read_timeout 60m; fastcgi_read_timeout 60m; - + # Disable gzip to avoid the removal of the ETag header gzip off; @@ -78,15 +78,15 @@ location ^~ __PATH__ { # Adding the cache control header for js and css files location ~* \.(?:css|js)$ { - add_header Cache-Control "public, max-age=7200"; + more_set_headers "Cache-Control: public, max-age=7200"; # Add headers to serve security related headers - add_header Strict-Transport-Security "max-age=15768000;"; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; - add_header Referrer-Policy no-referrer; + more_set_headers "Strict-Transport-Security: max-age=15768000"; + more_set_headers "X-Content-Type-Options: nosniff"; + more_set_headers "X-XSS-Protection: 1; mode=block"; + more_set_headers "X-Robots-Tag: none"; + more_set_headers "X-Download-Options: noopen"; + more_set_headers "X-Permitted-Cross-Domain-Policies: none"; + more_set_headers "Referrer-Policy: no-referrer"; # Optional: Don't log access to assets access_log off;