chore: update Nextcloud to 27.1.11

chore: update Nextcloud to 27.1.10
chore: update Nextcloud to 27.1.9
2025-07-01 07:36:08 +00:00 · 2024-06-25 15:04:29 +02:00 · 2024-06-07 00:28:42 +02:00 · 2024-04-26 05:49:19 +02:00 · 2024-03-29 15:42:18 +01:00 · 2024-03-29 15:19:36 +01:00
4 changed files with 18 additions and 13 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -3,7 +3,7 @@ name: build
 on:
  workflow_dispatch:
  push:
-    branches: [ version-25 ]
+    branches: [ version-27 ]
  schedule:
    # Build the image regularly (each Friday)
    - cron: '23 04 * * 5'
@ -34,7 +34,7 @@ jobs:
        if: github.event_name != 'pull_request'
        uses: sigstore/cosign-installer@main
        with:
-          cosign-release: 'v1.13.1'
+          cosign-release: 'v2.2.2'

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
@ -69,4 +69,4 @@ jobs:
        if: ${{ github.event_name != 'pull_request' }}
        env:
          COSIGN_EXPERIMENTAL: "true"
-        run: cosign sign ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}
+        run: cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}
--- a/15
+++ b/15
@ -1,17 +1,17 @@
 # -------------- Build-time variables --------------
-ARG NEXTCLOUD_VERSION=25.0.13
-ARG PHP_VERSION=8.1
-ARG NGINX_VERSION=1.22
+ARG NEXTCLOUD_VERSION=27.1.11
+ARG PHP_VERSION=8.2
+ARG NGINX_VERSION=1.24

-ARG ALPINE_VERSION=3.17
+ARG ALPINE_VERSION=3.18
 ARG HARDENED_MALLOC_VERSION=11
-ARG SNUFFLEUPAGUS_VERSION=0.8.3
+ARG SNUFFLEUPAGUS_VERSION=0.10.0

 ARG UID=1000
 ARG GID=1000

-# nextcloud-25.0.13.tar.bz2
-ARG SHA256_SUM="387bac148a696244f1ec02698a082d408283a875b3de85eb9719dd4493eebe33"
+# nextcloud-27.1.11.tar.bz2
+ARG SHA256_SUM="4edd2570f4c83442f8f0f0616fb774ed2663b11cf9f6ea49e795ab43aeef9645"

 # Nextcloud Security <security@nextcloud.com> (D75899B9A724937A)
 ARG GPG_FINGERPRINT="2880 6A87 8AE4 23A2 8372  792E D758 99B9 A724 937A"
@ -64,6 +64,7 @@ RUN apk -U upgrade \
        pcntl \
        pdo_mysql \
        pdo_pgsql \
+        sysvsem \
        zip \
        gmp \
 && pecl install smbclient \
--- a/rootfs/etc/nginx/conf.d/default.conf
+++ b/rootfs/etc/nginx/conf.d/default.conf
@ -21,7 +21,7 @@ server {
        add_header X-Download-Options "noopen" always;
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-Permitted-Cross-Domain-Policies "none" always;
-        add_header X-Robots-Tag "none" always;
+        add_header X-Robots-Tag "noindex, nofollow" always;
        add_header X-XSS-Protection "0" always;

        location = /robots.txt {
@ -49,7 +49,7 @@ server {
            return 404;
        }

-        location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
+        location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/) {
            include /etc/nginx/fastcgi_params;
            fastcgi_split_path_info ^(.+\.php)(/.*)$;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
@ -62,7 +62,7 @@ server {
            fastcgi_read_timeout 1200;
        }

-        location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
+        location ~ ^\/(?:updater|ocs-provider)(?:$|\/) {
            try_files $uri/ =404;
            index index.php;
        }
--- a/rootfs/usr/local/etc/php/snuffleupagus/nextcloud-php8.rules
+++ b/rootfs/usr/local/etc/php/snuffleupagus/nextcloud-php8.rules
@ -47,6 +47,10 @@ sp.disable_function.function("ini_get").param("option").value("open_basedir").fi
 sp.disable_function.function("ini_get").param("option").value("allow_url_fopen").filename("/nextcloud/3rdparty/guzzlehttp/guzzle/src/Utils.php").allow();
 sp.disable_function.function("exec").param("command").value("apachectl -M | grep mpm").filename("/nextcloud/apps2/spreed/lib/Settings/Admin/AdminSettings.php").allow();

+# Nextcloud inherently enables XXE-Protection since 27.0.1, therefore, drop setting a new external entity loader
+sp.disable_function.function("libxml_set_external_entity_loader").filename("/nextcloud/lib/base.php").allow(); 
+sp.disable_function.function("libxml_set_external_entity_loader").drop(); 
+
 # Harden the `chmod` function (0777 (oct = 511, 0666 = 438)
 sp.disable_function.function("chmod").param("permissions").value("438").drop();
 sp.disable_function.function("chmod").param("permissions").value("511").drop();
Author	SHA1	Message	Date
Jan Wagner	266855c572	chore: update Nextcloud to 27.1.11	2024-06-25 15:04:29 +02:00
hoellen	ddc63fa70e	chore: update Nextcloud to 27.1.10	2024-06-07 00:28:42 +02:00
Jan Wagner	208ed68fc3	chore: update Nextcloud to 27.1.9	2024-04-26 05:49:19 +02:00
hoellen	fe44206881	chore: update cosign	2024-03-29 15:42:18 +01:00
hoellen	6f10e62a16	chore: update Nextcloud to 27.1.8	2024-03-29 15:19:36 +01:00
Jan Wagner	d8fde6dc0a	chore: update Nextcloud to 27.1.7	2024-03-02 05:01:49 +01:00
hoellen	adf43bb5bf	chore: update Nextcloud to 27.1.6	2024-01-25 14:00:54 +01:00
hoellen	7422210f7c	chore: adjust build pipeline for new version branch	2023-12-16 02:10:09 +01:00
Jan Wagner	0221fa4f33	chore: update Nextcloud to 27.1.5	2023-12-15 21:21:48 +01:00
hoellen	112339b5c8	chore: update Nextcloud to 27.1.4	2023-11-24 09:21:16 +01:00
Jan Wagner	2334b3e231	chore: update Nextcloud to 27.1.3	2023-10-30 10:18:22 +01:00
Jan Wagner	6adf9e6bf8	Fix resolving osc-provider (Closes: #47 ) Accordingly to `dc0b8d9c39`	2023-10-21 09:40:13 +02:00
Jan Wagner	0bb63de5b4	chore: update Nextcloud to 27.1.2	2023-10-06 00:44:08 +02:00
hoellen	0ee4012ae6	Update Snuffleupagus to 0.10.0	2023-09-21 16:17:49 +02:00
hoellen	18da631215	Drop call of libxml_set_external_entity_loader ref: - https://github.com/jvoisin/snuffleupagus/issues/463 - https://github.com/hoellen/docker-nextcloud/issues/42	2023-09-21 16:12:33 +02:00
Jan Wagner	e627d1fd4c	chore: update Nextcloud to 27.1.1	2023-09-21 15:52:33 +02:00
hoellen	86012886af	chore: update Nextcloud to 27.1.0	2023-09-15 22:22:15 +02:00
hoellen	de096e78a4	chore: update Nextcloud to 27.0.2	2023-08-10 12:34:01 +02:00
hoellen	2d3fd8f5c3	fix: disable snuffleupagus xxe protection Nextcloud now prevents loading external entities by using libxml_set_external_entity_loader. ref: https://github.com/nextcloud/server/pull/39490 https://github.com/hoellen/docker-nextcloud/issues/42	2023-07-25 06:34:32 +02:00
hoellen	9070495ad0	chore: update Nextcloud to 27.0.1	2023-07-21 00:15:21 +03:00
hoellen	4ba3589149	chore: update Nextcloud to 27, PHP to 8.2 and Alpine to 3.18	2023-06-13 16:06:23 +02:00
hoellen	a7ba180598	Update Nextcloud to 26.0.2	2023-05-25 21:08:59 +02:00
hoellen	4ea95f826a	chore: update Nextcloud to 26.0.1	2023-04-20 09:36:26 +02:00
hoellen	8451b3d94d	chore: update nginx to new stable (1.24.0)	2023-04-12 10:42:30 +02:00
hoellen	9c24fd91b2	chore: update Alpine Linux to 3.17	2023-04-01 12:30:42 +02:00
hoellen	0bb5b1fa73	chore: update Nextcloud to 26.0.0	2023-03-21 21:30:47 +01:00