From 118b1d4d30aced948c751d9853015bebf52f2c43 Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Sun, 25 Nov 2018 22:08:10 +0100 Subject: [PATCH 1/3] Major upgrade to upstream version 14.0.4 --- README.md | 2 +- manifest.json | 2 +- scripts/upgrade.d/upgrade.13.sh | 7 +++++++ scripts/upgrade.d/upgrade.last.sh | 4 ++-- 4 files changed, 11 insertions(+), 4 deletions(-) create mode 100644 scripts/upgrade.d/upgrade.13.sh diff --git a/README.md b/README.md index bf20566..97d1435 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ Nextcloud for YunoHost own data. A personal cloud which run on your own server. With Nextcloud you can synchronize your files over your devices. -**Shipped version:** 13.0.6 +**Shipped version:** 14.0.4 [![Install Nextcloud with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=nextcloud) ![](https://github.com/nextcloud/screenshots/blob/master/files/filelist.png) diff --git a/manifest.json b/manifest.json index 75a532b..d5924da 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Access & share your files, calendars, contacts, mail & more from any device, on your terms", "fr": "Consultez et partagez vos fichiers, agendas, carnets d'adresses, emails et bien plus depuis les appareils de votre choix, sous vos conditions" }, - "version": "13.0.6~ynh1", + "version": "14.0.4~ynh1", "url": "https://nextcloud.com", "license": "AGPL-3.0", "maintainer": { diff --git a/scripts/upgrade.d/upgrade.13.sh b/scripts/upgrade.d/upgrade.13.sh new file mode 100644 index 0000000..f979aa9 --- /dev/null +++ b/scripts/upgrade.d/upgrade.13.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +# Last available nextcloud version +next_version="14.0.0" + +# Nextcloud tarball checksum sha256 +nextcloud_source_sha256="f965c14286e7aabbfe49c947d86af59597af302c35d10e0b5440e7e6c53b8f47" diff --git a/scripts/upgrade.d/upgrade.last.sh b/scripts/upgrade.d/upgrade.last.sh index 4bcad4e..55c0f06 100755 --- a/scripts/upgrade.d/upgrade.last.sh +++ b/scripts/upgrade.d/upgrade.last.sh @@ -1,10 +1,10 @@ #!/bin/bash # Last available nextcloud version -next_version="13.0.6" +next_version="14.0.4" # Nextcloud tarball checksum sha256 -nextcloud_source_sha256="90fc9e960b6a477bb14ee87042b3d158bde95c3f0157677cb4547ca7649968d4" +nextcloud_source_sha256="4f5dd15a71694bd2f15fba0d2f942e5a5b1f5aba13511c507a23324d746b40e8" # Patch nextcloud files only for the last version cp -a ../sources/patches_last_version/* ../sources/patches From de3979a065e8952a3c91f3dbbc65f0253ad5e07e Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Sun, 25 Nov 2018 22:09:09 +0100 Subject: [PATCH 2/3] Adapt PHP custom patches to 14.0.4 code --- .../app-00-add-logout_url-conf.patch | 56 ++++++++++++++-- ...able-CSPv3-nonce_and_allow-YNH-fonts.patch | 66 +++++++++---------- 2 files changed, 85 insertions(+), 37 deletions(-) diff --git a/sources/patches_last_version/app-00-add-logout_url-conf.patch b/sources/patches_last_version/app-00-add-logout_url-conf.patch index 3659fb1..2e70ba7 100644 --- a/sources/patches_last_version/app-00-add-logout_url-conf.patch +++ b/sources/patches_last_version/app-00-add-logout_url-conf.patch @@ -1,14 +1,62 @@ + core/Controller/LoginController.php | 25 ++++++++++++++----------- + 1 file changed, 14 insertions(+), 11 deletions(-) + +diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php +index 182d2bc106..82523e306e 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php -@@ -119,7 +119,10 @@ +@@ -95,13 +95,13 @@ class LoginController extends Controller { + * @param Throttler $throttler + */ + public function __construct($appName, +- IRequest $request, +- IUserManager $userManager, +- IConfig $config, +- ISession $session, +- IUserSession $userSession, +- IURLGenerator $urlGenerator, +- ILogger $logger, ++ IRequest $request, ++ IUserManager $userManager, ++ IConfig $config, ++ ISession $session, ++ IUserSession $userSession, ++ IURLGenerator $urlGenerator, ++ ILogger $logger, + Manager $twoFactorManager, + Defaults $defaults, + Throttler $throttler) { +@@ -130,7 +130,10 @@ class LoginController extends Controller { } $this->userSession->logout(); - + - $response = new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm')); + $redirectUrl = $this->config->getSystemValue('logout_url', -+ $this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm') ++ $this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm') + ); + $response = new RedirectResponse($redirectUrl); - $response->addHeader('Clear-Site-Data', '"cache", "cookies", "storage", "executionContexts"'); + $response->addHeader('Clear-Site-Data', '"cache", "storage", "executionContexts"'); return $response; } +@@ -303,10 +306,10 @@ class LoginController extends Controller { + $previousUser = $user; + $user = $users[0]->getUID(); + if($user !== $previousUser) { +- $loginResult = $this->userManager->checkPassword($user, $password); +- } ++ $loginResult = $this->userManager->checkPassword($user, $password); + } + } ++ } + + if ($loginResult === false) { + $this->logger->warning('Login failed: \''. $user . +@@ -314,7 +317,7 @@ class LoginController extends Controller { + ['app' => 'core']); + return $this->createLoginFailedResponse($user, $originalUser, + $redirect_url, self::LOGIN_MSG_INVALIDPASSWORD); +- } ++ } + + // TODO: remove password checks from above and let the user session handle failures + // requires https://github.com/owncloud/core/pull/24616 diff --git a/sources/patches_last_version/app-01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch b/sources/patches_last_version/app-01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch index f5ced3a..42d6d99 100644 --- a/sources/patches_last_version/app-01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch +++ b/sources/patches_last_version/app-01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch @@ -1,33 +1,33 @@ - lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php | 4 ++++ - lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php | 3 ++- - 2 files changed, 6 insertions(+), 1 deletion(-) - -diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php -index 85ae127f5f..91618a09fc 100644 ---- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php -+++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php -@@ -65,6 +65,10 @@ class ContentSecurityPolicyNonceManager { - * @return bool - */ - public function browserSupportsCspV3() { -+ // YunoHost patch: disable CSPv3 nonces to: -+ // - avoid white page on first login from YunoHost portal -+ // - allow YunoHost tile display -+ return false; - $browserWhitelist = [ - Request::USER_AGENT_CHROME, - // Firefox 45+ -diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php -index 64d4eb6e5d..59d5885620 100644 ---- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php -+++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php -@@ -377,7 +377,8 @@ class EmptyContentSecurityPolicy { - - if(!empty($this->allowedFontDomains)) { - $policy .= 'font-src ' . implode(' ', $this->allowedFontDomains); -- $policy .= ';'; -+ // YunoHost patch: extend font-src to load data fonts embedded in YunoHost tile script -+ $policy .= ' data:;'; - } - - if(!empty($this->allowedConnectDomains)) { + lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php | 4 ++++ + lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php | 3 ++- + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php +index 088fb2d859..15b05b75d1 100644 +--- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php ++++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php +@@ -70,6 +70,10 @@ class ContentSecurityPolicyNonceManager { + * @return bool + */ + public function browserSupportsCspV3(): bool { ++ // YunoHost patch: disable CSPv3 nonces to: ++ // - avoid white page on first login from YunoHost portal ++ // - allow YunoHost tile display ++ return false; + $browserWhitelist = [ + Request::USER_AGENT_CHROME, + // Firefox 45+ +diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php +index 6397d32cb9..32281a1734 100644 +--- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php ++++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php +@@ -406,7 +406,8 @@ class EmptyContentSecurityPolicy { + + if(!empty($this->allowedFontDomains)) { + $policy .= 'font-src ' . implode(' ', $this->allowedFontDomains); +- $policy .= ';'; ++ // YunoHost patch: extend font-src to load data fonts embedded in YunoHost tile script ++ $policy .= ' data:;'; + } + + if(!empty($this->allowedConnectDomains)) { From 2848fe3719a217585ed2dbcc8df19c9d97d461ac Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Sun, 25 Nov 2018 22:10:06 +0100 Subject: [PATCH 3/3] Upgrade nginx configuration following release 14 recommendations (https://docs.nextcloud.com/server/14/admin_manual/installation/nginx.html) --- conf/nginx.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/conf/nginx.conf b/conf/nginx.conf index 3eee860..1691095 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -19,6 +19,7 @@ location ^~ __PATH__ { add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy no-referrer; # Set max upload size client_max_body_size 10G; @@ -85,6 +86,8 @@ location ^~ __PATH__ { add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy no-referrer; + # Optional: Don't log access to assets access_log off; }