hoellen/docker-nextcloud
1
0
Fork 0
mirror of https://github.com/hoellen/docker-nextcloud.git synced 2025-07-05 01:26:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: hoellen:version-26
Branches Tags
hoellen:master hoellen:version-30 hoellen:version-29 hoellen:version-28 hoellen:version-27 hoellen:version-26 hoellen:version-25 hoellen:version-24 hoellen:version-23 hoellen:version-22
..
compare: hoellen:0ee4012ae6adee9420c511fc9e0316b5f7dcb8ec
Branches Tags
hoellen:master hoellen:version-30 hoellen:version-29 hoellen:version-28 hoellen:version-27 hoellen:version-26 hoellen:version-25 hoellen:version-24 hoellen:version-23 hoellen:version-22

8 Commits
version-26 ... 0ee4012ae6

Author SHA1 Message Date
hoellen
0ee4012ae6 Update Snuffleupagus to 0.10.0 2023-09-21 16:17:49 +02:00
hoellen
18da631215 Drop call of libxml_set_external_entity_loader 
ref:
  - https://github.com/jvoisin/snuffleupagus/issues/463
  - https://github.com/hoellen/docker-nextcloud/issues/42
 2023-09-21 16:12:33 +02:00
Jan Wagner
e627d1fd4c chore: update Nextcloud to 27.1.1 2023-09-21 15:52:33 +02:00
hoellen
86012886af chore: update Nextcloud to 27.1.0 2023-09-15 22:22:15 +02:00
hoellen
de096e78a4 chore: update Nextcloud to 27.0.2 2023-08-10 12:34:01 +02:00
hoellen
2d3fd8f5c3 fix: disable snuffleupagus xxe protection 
Nextcloud now prevents loading external entities by using libxml_set_external_entity_loader.

ref:
https://github.com/nextcloud/server/pull/39490
https://github.com/hoellen/docker-nextcloud/issues/42
 2023-07-25 06:34:32 +02:00
hoellen
9070495ad0 chore: update Nextcloud to 27.0.1 2023-07-21 00:15:21 +03:00
hoellen
4ba3589149 chore: update Nextcloud to 27, PHP to 8.2 and Alpine to 3.18 2023-06-13 16:06:23 +02:00
3 changed files with 14 additions and 9 deletions
Expand all files Collapse all files

7
.github/workflows/build.yml vendored
View File

@ -3,7 +3,7 @@ name: build
on: on:
workflow_dispatch: workflow_dispatch:
push: push:
branches: [ version-26 ] branches: [ master ]
schedule: schedule:
# Build the image regularly (each Friday) # Build the image regularly (each Friday)
- cron: '23 04 * * 5' - cron: '23 04 * * 5'
@ -34,7 +34,7 @@ jobs:
if: github.event_name != 'pull_request' if: github.event_name != 'pull_request'
uses: sigstore/cosign-installer@main uses: sigstore/cosign-installer@main
with: with:
cosign-release: 'v2.2.2' cosign-release: 'v1.13.1'
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1 uses: docker/setup-buildx-action@v1
@ -53,6 +53,7 @@ jobs:
with: with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: | tags: |
latest
${{ env.FULL_VERSION }} ${{ env.FULL_VERSION }}
${{ env.MAJOR_VERSION }} ${{ env.MAJOR_VERSION }}
@ -69,4 +70,4 @@ jobs:
if: ${{ github.event_name != 'pull_request' }} if: ${{ github.event_name != 'pull_request' }}
env: env:
COSIGN_EXPERIMENTAL: "true" COSIGN_EXPERIMENTAL: "true"
run: cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }} run: cosign sign ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}

12
Dockerfile
View File

@ -1,17 +1,17 @@
# -------------- Build-time variables -------------- # -------------- Build-time variables --------------
ARG NEXTCLOUD_VERSION=26.0.13 ARG NEXTCLOUD_VERSION=27.1.1
ARG PHP_VERSION=8.1 ARG PHP_VERSION=8.2
ARG NGINX_VERSION=1.24 ARG NGINX_VERSION=1.24
ARG ALPINE_VERSION=3.17 ARG ALPINE_VERSION=3.18
ARG HARDENED_MALLOC_VERSION=11 ARG HARDENED_MALLOC_VERSION=11
ARG SNUFFLEUPAGUS_VERSION=0.9.0 ARG SNUFFLEUPAGUS_VERSION=0.10.0
ARG UID=1000 ARG UID=1000
ARG GID=1000 ARG GID=1000
# nextcloud-26.0.13.tar.bz2 # nextcloud-27.1.1.tar.bz2
ARG SHA256_SUM="0a362df7a1233348f99d1853fd7e79f0667b552c145dc45012fab54ac31c79ae" ARG SHA256_SUM="3a91500566874675676fa3b5bfae2587a839cde41dfac5318043b162c1311fab"
# Nextcloud Security <security@nextcloud.com> (D75899B9A724937A) # Nextcloud Security <security@nextcloud.com> (D75899B9A724937A)
ARG GPG_FINGERPRINT="2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A" ARG GPG_FINGERPRINT="2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A"

4
rootfs/usr/local/etc/php/snuffleupagus/nextcloud-php8.rules
View File

@ -47,6 +47,10 @@ sp.disable_function.function("ini_get").param("option").value("open_basedir").fi
sp.disable_function.function("ini_get").param("option").value("allow_url_fopen").filename("/nextcloud/3rdparty/guzzlehttp/guzzle/src/Utils.php").allow(); sp.disable_function.function("ini_get").param("option").value("allow_url_fopen").filename("/nextcloud/3rdparty/guzzlehttp/guzzle/src/Utils.php").allow();
sp.disable_function.function("exec").param("command").value("apachectl -M | grep mpm").filename("/nextcloud/apps2/spreed/lib/Settings/Admin/AdminSettings.php").allow(); sp.disable_function.function("exec").param("command").value("apachectl -M | grep mpm").filename("/nextcloud/apps2/spreed/lib/Settings/Admin/AdminSettings.php").allow();
# Nextcloud inherently enables XXE-Protection since 27.0.1, therefore, drop setting a new external entity loader
sp.disable_function.function("libxml_set_external_entity_loader").filename("/nextcloud/lib/base.php").allow();
sp.disable_function.function("libxml_set_external_entity_loader").drop();
# Harden the `chmod` function (0777 (oct = 511, 0666 = 438) # Harden the `chmod` function (0777 (oct = 511, 0666 = 438)
sp.disable_function.function("chmod").param("permissions").value("438").drop(); sp.disable_function.function("chmod").param("permissions").value("438").drop();
sp.disable_function.function("chmod").param("permissions").value("511").drop(); sp.disable_function.function("chmod").param("permissions").value("511").drop();