diff --git a/Dockerfile b/Dockerfile index 991ba7a869f50186428347c1121ee0bcdeb7ef0a..624b50fa5f4e4b06b7b6a5d119d7d8819c8a1886 100644 --- a/Dockerfile +++ b/Dockerfile @@ -53,7 +53,6 @@ RUN curl -fsSL -o email-recovery.tar.gz \ rm email-recovery.tar.gz; # Patches -#RUN patch -u ${BASE_DIR}/core/signature.json -i ${TMP_PATCH_DIR}/001-sha512-signature.patch RUN patch -u ${BASE_DIR}/core/Controller/LoginController.php -i ${TMP_PATCH_DIR}/002-login-without-domain.patch RUN patch -u ${BASE_DIR}/core/templates/layout.user.php -i ${TMP_PATCH_DIR}/003-contact-search-removal.patch RUN patch -u ${BASE_DIR}/core/Controller/ContactsMenuController.php -i ${TMP_PATCH_DIR}/004-contact-search-controller-removal.patch diff --git a/patches/001-sha512-signature.patch b/patches/001-sha512-signature.patch deleted file mode 100644 index 105846447c0d49ef500869208f0f538d54099572..0000000000000000000000000000000000000000 --- a/patches/001-sha512-signature.patch +++ /dev/null @@ -1,25 +0,0 @@ ---- files/signature_1908.json 2021-02-04 12:42:17.000000000 +0100 -+++ files/signature_1908-patched.json 2021-02-04 12:43:42.000000000 +0100 -@@ -4873,11 +4873,11 @@ - "core\/Controller\/ClientFlowLoginController.php": "71587f8fe5e11d3ae3d4cbc1ac27dc85ede307c77152bf0633ad2edfd990be7eebd1f5d39b1e7667139773e28577c8b1dc35d08dce094cca58846bd894039447", - "core\/Controller\/ClientFlowLoginV2Controller.php": "ff0bd22fb9d921f8c5d76881bfadcafae6681a561cfd8bcb1a86a0c6376fda06613bf44c9976908b7ede8d4d4f9cd4da8bcc688387cd26212780dc963a9be356", - "core\/Controller\/CollaborationResourcesController.php": "d56b420c51e4a85d8c998d9aeaa13fc044334f33e06a37d9b9f79541317ff6f9b987fbca954273285e412403f33ac22580855939bdb1923cdcc75f61a7e2d349", -- "core\/Controller\/ContactsMenuController.php": "3d5184a92a17914659a00f99768c51e5e86cba89409c862de8cab2051fc69bbd4b3bd3634ada375f7bf456284c1fed26c95e6a4b2bac8721c40b7c0922e236b5", -+ "core\/Controller\/ContactsMenuController.php": "da33f2e16937fe82641e14eb032a2d3666f52450b36474ea4543937f3400fe0b82c2a0b0c6f5a1d3b00d97e23f744161551f93d36297fb12e17c4b72cfcd77b9", - "core\/Controller\/CssController.php": "755803437284837250c5e13bf8e3764d2d96a2b29712f1e36e0c8f7e7ff684b438c5b06c3ac7da6c8e5ddd39ba5c7a8bdd4e258f902e50d3b45b5003c9c673c1", - "core\/Controller\/GuestAvatarController.php": "095faa68bd569a77ddb7b1d67aaca87b02c731deb70d21391191e66bede5ea1e06226c23f70c05a27608557eb599a65b3f923f66f39d24ae80b52061990d79d3", - "core\/Controller\/JsController.php": "46019b859527ee13bb248bcf64e6cdaf0c792d04b48871e569e0fe2c2f884e425d85623b5a7bf6c750fb85023eeede9aa13db94028e9e41133ac624b9b75aa8c", -- "core\/Controller\/LoginController.php": "600ef1e0c70f532ea07f7240ddd7090d4016a13c52b9a925e89226966b5e976a358f01c2f222e661fd126a25ec8289bde5dd6027aa2f51a742ec9931c33e2f35", -+ "core\/Controller\/LoginController.php": "29517ffc4ab6436e44ab33e17d28234e1ea7fa0376618596ed13033e925d3598c69c7faefa3419f5f677103c730837a18c5395946ba673df8dc9b01cd2b1b23d", - "core\/Controller\/LostController.php": "c9a7867646ef47466c0626f92052afa3442aa8c5a642b991a3936421ac7a64904611d5a6d66ccbdf3290bb5b2bcda094cf5cc7fc051863b27a07a0cf1e7c9f4d", - "core\/Controller\/NavigationController.php": "b0b558b7b561fd5396e19168ba46da932eaf5b813a6600e4b59829ec82d625407b47f08249b1791dd1a7066beed87fcf6bf8b09691799ad269310d6535a7cd37", - "core\/Controller\/OCJSController.php": "1dca2b59d295d3d533d3874f4a9efbe21747d505ff1381dd020bbac7993bd322f5ab883406bbd611af04b07998432585b11122067058fae33b2d8501bf5166da", -@@ -5960,7 +5960,7 @@ - "core\/templates\/layout.guest.php": "811fa50d904f8aa71b8d447a4e605448f41e461e0cc87fb855cdaced13e49cf30e4aecd27eab35faa2c56717bea9dd01131d92e10df0a5608d31e86687ff40b9", - "core\/templates\/layout.noscript.warning.php": "285c39896a1349b320900d4f07354a5b7528d0a8e1c85451e05c8e20aec1d67c2b3fe62b38eb75064dfcef77fd3828d66435cb10f7520f68cf5a0063ac4fa0c8", - "core\/templates\/layout.public.php": "a7225a5aabc6a349547360a0cae9e060e8e4ba7c1c0ca60957508d4e69bab01e808dfee9cf96331125376bc121f6b69b38e3610c108cbc5a40ed1147c34d23a1", -- "core\/templates\/layout.user.php": "af6bb312eb862e61a77e9001ee854e9aab20c0ea479ac05da307ff7832ad6cc8b9d3532e2c83863bb5448f3f7328955d06caf11d8590a42c65c1d6c1376cfc9c", -+ "core\/templates\/layout.user.php": "23e530850fc01fde0ba3c3d114c575edd75756988d1aa10ebb84dbd6bec4e7e3f43d2d33dc8a02c4858ffefe722adb52b7e09c1d91bf9a2a6d4477966dd2f162", - "core\/templates\/login.php": "d700a5edfd2dc67ffbc9e7410194d2ecd88fcba237a2c6fa3136d3ba8d38ba2893c8b0b759ddc5551a3c4ea25fe94b0276c220ea8501e278b9ee4ceae5d53155", - "core\/templates\/loginflow\/authpicker.php": "981cba91b82b133f68bf802b8f53383f9c12ce9a895338fc7bea47d9eaff7e0815f6724db52f760d6f6bcd353b164932e47e6d31c12007c8d222b2d4fbf639c7", - "core\/templates\/loginflow\/grant.php": "008e7dee5d572acf18ba404e95ca9acb4dc7e77769a02f8ef329bbb6cfee73affb86166f893406b876c74074beb5e7f20f27ff627392ade29e2a09e50505388f", diff --git a/patches/002-login-without-domain.patch b/patches/002-login-without-domain.patch index 934665fec1a65e6513a87473218a4d593d8ca15f..6e6706286120b34c1605ae32aa7756ef61e0956a 100644 --- a/patches/002-login-without-domain.patch +++ b/patches/002-login-without-domain.patch @@ -1,3 +1,12 @@ +From: Arnau +Date: Thu, 04 Feb 2021 11:24:27 +0100 +Subject: [PATCH] auto append domain when user logs in only with his username, except admin user + +This patch auto append the domain handled by nc, configured in env var. + +only the admin user (also configured in env var) will not have his login appended with a @domain suffix + +diff --git files/LoginController.php files/LoginController-new.php --- files/LoginController.php 2021-02-04 11:20:48.000000000 +0100 +++ files/LoginController-new.php 2021-02-04 11:24:27.000000000 +0100 @@ -299,6 +299,15 @@ diff --git a/patches/003-contact-search-removal.patch b/patches/003-contact-search-removal.patch index a7b284006548737b3efa6a0617e0dd66b6781ac5..a4887e0784585fa7129ef78c4ee8b6565113c20b 100644 --- a/patches/003-contact-search-removal.patch +++ b/patches/003-contact-search-removal.patch @@ -1,3 +1,10 @@ +From: diroots +Date: Tue, 02 Feb 2021 16:47:33 +0100 +Subject: [PATCH] remove user search icon in header tab + +This patch removes the top right icon enabling the global user search function available to all in nextcloud. + +diff --git layout.user.php layout.user.php-new --- layout.user.php 2021-02-02 16:47:17.348572250 +0100 +++ layout.user.php-new 2021-02-02 16:47:33.128646878 +0100 @@ -111,14 +111,6 @@ diff --git a/patches/004-contact-search-controller-removal.patch b/patches/004-contact-search-controller-removal.patch index 0ada43124a942cbe36f074d64d75e2d01cbb5879..d4dc24da37d1ed46fe6186d48e19037b1477894a 100644 --- a/patches/004-contact-search-controller-removal.patch +++ b/patches/004-contact-search-controller-removal.patch @@ -1,3 +1,10 @@ +From: diroots +Date: Thu, 04 Feb 2021 10:30:13 +0100 +Subject: [PATCH] do not return these results in user search + +This patch removes some results from the contact menu controller, not to leak user informations + +diff --git ContactsMenuController.php ContactsMenuController-new.php --- ContactsMenuController.php 2021-02-04 10:20:18.000000000 +0100 +++ ContactsMenuController-new.php 2021-02-04 10:30:13.000000000 +0100 @@ -58,7 +58,7 @@ diff --git a/patches/005-autocomplete-user-leak-core.patch b/patches/005-autocomplete-user-leak-core.patch index c89672620b6a6c64075f9cdf02c574c69acad98e..1b7a38bdb5306d52415a5a7f2aec80c2e2bf46b1 100644 --- a/patches/005-autocomplete-user-leak-core.patch +++ b/patches/005-autocomplete-user-leak-core.patch @@ -1,3 +1,17 @@ +From: diroots +Date: Fri, 19 Feb 2021 10:30:13 +0100 +Subject: [PATCH] filter and convert user search results during file sharing - NC core changes + +This patch : + +1 - filter results from user search not to return users by their displayname, but only return users with full username, ie. username@ecloud_domain so no user leaks with their display name (as some users can set John as their displayname) + +this filtering works in conjunction with the autocomplete feature disabled in nextcloud settings + +2 - converts the users found in addressbook as instance users during file sharing, so users are notified within nextcloud in the notification area of the new share available, instead of firing a mail if considered as external users + + +diff --git lib/private/Collaboration/Collaborators/UserPlugin.php lib/private/Collaboration/Collaborators/UserPlugin-new.php --- lib/private/Collaboration/Collaborators/UserPlugin.php 2021-01-25 15:56:05.000000000 +0100 +++ lib/private/Collaboration/Collaborators/UserPlugin-new.php 2021-02-16 14:56:26.778152834 +0100 @@ -114,7 +114,7 @@ @@ -9,6 +23,7 @@ strtolower($userEmail) === $lowerSearch) ) { if (strtolower($uid) === $lowerSearch) { +diff --git lib/private/Collaboration/Collaborators/MailPlugin.php lib/private/Collaboration/Collaborators/MailPlugin-new.php --- lib/private/Collaboration/Collaborators/MailPlugin.php 2021-02-16 14:55:37.281914086 +0100 +++ lib/private/Collaboration/Collaborators/MailPlugin-new.php 2021-02-19 16:22:07.662189199 +0100 @@ -36,6 +36,7 @@ diff --git a/patches/005-autocomplete-user-leak-custom-app.patch b/patches/005-autocomplete-user-leak-custom-app.patch index 5455ba660c30fdf259898ae0a35e268413a8a5b0..d686b2a238b7d8c715813539f9df16ad7e32becc 100644 --- a/patches/005-autocomplete-user-leak-custom-app.patch +++ b/patches/005-autocomplete-user-leak-custom-app.patch @@ -1,3 +1,16 @@ +From: diroots +Date: Tue, 02 Mar 2021 15:43:12 +0100 +Subject: [PATCH] filter user search results during file sharing - user_backend_sql_raw app changes + +This patch filter results from user search not to return users by their displayname, but only return users with full username, +ie. username@ecloud_domain so no user leaks with their display name which could be username + +this filtering works in conjunction with the autocomplete feature disabled in nextcloud settings + +this patch is applied to the user_backend_sql_raw app as this application superseeds the nextcloud's core UserBackend class + + +diff --git user_backend_sql_raw/lib/UserBackend.php user_backend_sql_raw/lib/UserBackend-new.php --- user_backend_sql_raw/lib/UserBackend.php 2020-10-06 01:56:49.000000000 +0200 +++ user_backend_sql_raw/lib/UserBackend-new.php 2021-03-02 15:43:12.615868478 +0100 @@ -108,7 +108,8 @@ diff --git a/patches/006-notes-url-fix.patch b/patches/006-notes-url-fix.patch index 5749edefed33c19480ca7ae251eedb9501832014..dab16bdf05ee8c4af94ea3502e390219c97d8b11 100644 --- a/patches/006-notes-url-fix.patch +++ b/patches/006-notes-url-fix.patch @@ -1,3 +1,10 @@ +From: Akhil +Date: Mon, 21 Dec 2020 13:47:24 +0530 +Subject: [PATCH] Changes for notes with long filenames that generate endless recursion and memory issues + +This patch replaces a buggy recursion method with an iterative procedure. When there is a very long filename the recursion doesn't end. An iterative procedure works well. + +diff --git ../../notes-3.6.4/lib/Service/NoteUtilOriginal.php ../../notes-3.6.4/lib/Service/NoteUtil.php --- ../../notes-3.6.4/lib/Service/NoteUtilOriginal.php 2020-12-21 13:45:50.215222624 +0530 +++ ../../notes-3.6.4/lib/Service/NoteUtil.php 2020-12-21 13:47:24.277418659 +0530 @@ -86,23 +86,25 @@ diff --git a/patches/007-recovery-email-changes.patch b/patches/007-recovery-email-changes.patch index 7b8b1393b0fd2147510549b37f20cb0a85cb0447..a44e13f78cf62c4006fafa2a1f4f3434dafdf3b0 100644 --- a/patches/007-recovery-email-changes.patch +++ b/patches/007-recovery-email-changes.patch @@ -1,3 +1,10 @@ +From: Akhil +Date: Thu, 22 Apr 2021 07:50:00 +0530 +Subject: [PATCH] Makes password reset links use recovery email set through "email-recovery" app, makes "email" uneditable by user + +This patch adds the necessary changes to core NC controller and template for "email-recovery" app to work correctly. Instead of the user's email address, the user's recovery email address set through the "email-recovery" app is used for the password reset email. Further the user's "email" in the template(so that users cannot edit it). + +diff --git ./core/Controller/LostController.php ./core/Controller/LostController.new.php --- ./core/Controller/LostController.php 2021-03-26 09:51:09.317785801 +0530 +++ ./core/Controller/LostController.new.php 2021-03-26 09:51:35.490073707 +0530 @@ -205,8 +205,9 @@ @@ -21,6 +28,7 @@ if (empty($email)) { throw new ResetPasswordException('Could not send reset e-mail since there is no email for username ' . $input); +diff --git ./apps/settings/templates/settings/personal/personal.info.php ./apps/settings/templates/settings/personal/personal.info.new.php --- ./apps/settings/templates/settings/personal/personal.info.php 2021-04-22 07:49:34.926418855 +0530 +++ ./apps/settings/templates/settings/personal/personal.info.new.php 2021-04-22 07:50:00.026660710 +0530 @@ -160,7 +160,7 @@