Merge pull request #146 from YunoHost-Apps/enh_version_14.0.4

Upgrade to upstream version 14.0.4
2024-09-03 19:55:57 +02:00 · 2018-12-11 09:06:35 +01:00 · 2018-12-11 09:06:35 +01:00 · e289fb47b2
commit e289fb47b2
parent 46793eb1bf 2848fe3719
7 changed files with 99 additions and 41 deletions
--- a/README.md
+++ b/README.md
@ -5,7 +5,7 @@ Nextcloud for YunoHost
 own data. A personal cloud which run on your own server. With Nextcloud
 you can synchronize your files over your devices.

-**Shipped version:** 13.0.6
+**Shipped version:** 14.0.4

 [![Install Nextcloud with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=nextcloud)
 ![](https://github.com/nextcloud/screenshots/blob/master/files/filelist.png)
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@ -19,6 +19,7 @@ location ^~ __PATH__ {
  add_header X-Robots-Tag none;
  add_header X-Download-Options noopen;
  add_header X-Permitted-Cross-Domain-Policies none;
+  add_header Referrer-Policy no-referrer;

  # Set max upload size
  client_max_body_size 10G;
@ -85,6 +86,8 @@ location ^~ __PATH__ {
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
+    add_header Referrer-Policy no-referrer;
+
    # Optional: Don't log access to assets
    access_log off;
  }
--- a/manifest.json
+++ b/manifest.json
@ -6,7 +6,7 @@
        "en": "Access & share your files, calendars, contacts, mail & more from any device, on your terms",
        "fr": "Consultez et partagez vos fichiers, agendas, carnets d'adresses, emails et bien plus depuis les appareils de votre choix, sous vos conditions"
    },
-    "version": "13.0.6~ynh1",
+    "version": "14.0.4~ynh1",
    "url": "https://nextcloud.com",
    "license": "AGPL-3.0",
    "maintainer": {
--- a/scripts/upgrade.d/upgrade.13.sh
+++ b/scripts/upgrade.d/upgrade.13.sh
@ -0,0 +1,7 @@
+#!/bin/bash
+
+# Last available nextcloud version
+next_version="14.0.0"
+
+# Nextcloud tarball checksum sha256
+nextcloud_source_sha256="f965c14286e7aabbfe49c947d86af59597af302c35d10e0b5440e7e6c53b8f47"
--- a/scripts/upgrade.d/upgrade.last.sh
+++ b/scripts/upgrade.d/upgrade.last.sh
@ -1,10 +1,10 @@
 #!/bin/bash

 # Last available nextcloud version
-next_version="13.0.6"
+next_version="14.0.4"

 # Nextcloud tarball checksum sha256
-nextcloud_source_sha256="90fc9e960b6a477bb14ee87042b3d158bde95c3f0157677cb4547ca7649968d4"
+nextcloud_source_sha256="4f5dd15a71694bd2f15fba0d2f942e5a5b1f5aba13511c507a23324d746b40e8"

 # Patch nextcloud files only for the last version
 cp -a ../sources/patches_last_version/* ../sources/patches
--- a/sources/patches_last_version/app-00-add-logout_url-conf.patch
+++ b/sources/patches_last_version/app-00-add-logout_url-conf.patch
@ -1,14 +1,62 @@
+ core/Controller/LoginController.php | 25 ++++++++++++++-----------
+ 1 file changed, 14 insertions(+), 11 deletions(-)
+
+diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php
+index 182d2bc106..82523e306e 100644
 --- a/core/Controller/LoginController.php
 +++ b/core/Controller/LoginController.php
-@@ -119,7 +119,10 @@
+@@ -95,13 +95,13 @@ class LoginController extends Controller {
+ 	 * @param Throttler $throttler
+ 	 */
+ 	public function __construct($appName,
+-								IRequest $request,
+-								IUserManager $userManager,
+-								IConfig $config,
+-								ISession $session,
+-								IUserSession $userSession,
+-								IURLGenerator $urlGenerator,
+-								ILogger $logger,
+						 IRequest $request,
+						 IUserManager $userManager,
+						 IConfig $config,
+						 ISession $session,
+						 IUserSession $userSession,
+						 IURLGenerator $urlGenerator,
+						 ILogger $logger,
+ 								Manager $twoFactorManager,
+ 								Defaults $defaults,
+ 								Throttler $throttler) {
+@@ -130,7 +130,10 @@ class LoginController extends Controller {
 		}
 		$this->userSession->logout();
-
+ 
 -		$response = new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
 +		$redirectUrl = $this->config->getSystemValue('logout_url',
-+			$this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm')
+		$this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm')
 +		);
 +		$response = new RedirectResponse($redirectUrl);
- 		$response->addHeader('Clear-Site-Data', '"cache", "cookies", "storage", "executionContexts"');
+ 		$response->addHeader('Clear-Site-Data', '"cache", "storage", "executionContexts"');
 		return $response;
 	}
+@@ -303,10 +306,10 @@ class LoginController extends Controller {
+ 				$previousUser = $user;
+ 				$user = $users[0]->getUID();
+ 				if($user !== $previousUser) {
+-					$loginResult = $this->userManager->checkPassword($user, $password);
+-				}
+				$loginResult = $this->userManager->checkPassword($user, $password);
+ 			}
+ 		}
+		}
+ 
+ 		if ($loginResult === false) {
+ 			$this->logger->warning('Login failed: \''. $user .
+@@ -314,7 +317,7 @@ class LoginController extends Controller {
+ 				['app' => 'core']);
+ 			return $this->createLoginFailedResponse($user, $originalUser,
+ 				$redirect_url, self::LOGIN_MSG_INVALIDPASSWORD);
+-		}
+			}
+ 
+ 		// TODO: remove password checks from above and let the user session handle failures
+ 		// requires https://github.com/owncloud/core/pull/24616
--- a/sources/patches_last_version/app-01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch
+++ b/sources/patches_last_version/app-01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch
@ -1,33 +1,33 @@
- lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php | 4 ++++
- lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php    | 3 ++-
- 2 files changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
-index 85ae127f5f..91618a09fc 100644
--- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
-+++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
-@@ -65,6 +65,10 @@ class ContentSecurityPolicyNonceManager {
- 	 * @return bool
- 	 */
- 	public function browserSupportsCspV3() {
-+		// YunoHost patch: disable CSPv3 nonces to:
-+		// - avoid white page on first login from YunoHost portal
-+		// - allow YunoHost tile display
-+		return false;
- 		$browserWhitelist = [
- 			Request::USER_AGENT_CHROME,
- 			// Firefox 45+
-diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
-index 64d4eb6e5d..59d5885620 100644
--- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
-+++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
-@@ -377,7 +377,8 @@ class EmptyContentSecurityPolicy {
- 
- 		if(!empty($this->allowedFontDomains)) {
- 			$policy .= 'font-src ' . implode(' ', $this->allowedFontDomains);
-			$policy .= ';';
-+			// YunoHost patch: extend font-src to load data fonts embedded in YunoHost tile script
-+			$policy .= ' data:;';
- 		}
- 
- 		if(!empty($this->allowedConnectDomains)) {
+ lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php | 4 ++++
+ lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php    | 3 ++-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
+index 088fb2d859..15b05b75d1 100644
+--- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
+++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
+@@ -70,6 +70,10 @@ class ContentSecurityPolicyNonceManager {
+ 	 * @return bool
+ 	 */
+ 	public function browserSupportsCspV3(): bool {
+		// YunoHost patch: disable CSPv3 nonces to:
+		// - avoid white page on first login from YunoHost portal
+		// - allow YunoHost tile display
+		return false;
+ 		$browserWhitelist = [
+ 			Request::USER_AGENT_CHROME,
+ 			// Firefox 45+
+diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
+index 6397d32cb9..32281a1734 100644
+--- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
+++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
+@@ -406,7 +406,8 @@ class EmptyContentSecurityPolicy {
+ 
+ 		if(!empty($this->allowedFontDomains)) {
+ 			$policy .= 'font-src ' . implode(' ', $this->allowedFontDomains);
+-			$policy .= ';';
+			// YunoHost patch: extend font-src to load data fonts embedded in YunoHost tile script
+			$policy .= ' data:;';
+ 		}
+ 
+ 		if(!empty($this->allowedConnectDomains)) {