search

nextcloud / server

☁️ Nextcloud server, a safe home for all your data
https://nextcloud.com
GNU Affero General Public License v3.0
27.38k stars 4.07k forks source link

NC20b1 integrity warning for core/js/mimetypelist.js after Upgrade from 19.0.1 #22409

Closed nursoda closed 4 years ago

nursoda commented 4 years ago

Steps to reproduce

  1. Upgrade from 19.0.1 Release to 20.0.0 Beta 1 (using the web interface)
  2. call /settings/admin/overview → Warning

Expected behaviour

Well, no warning? As mimetypelist.js is integrity checked, it seems devs don't want me to tamper with it. I did not! If any app did modify it, there should be a warning during upgrade. If the modified version is kept, the shipped version should be saved as mimetypelist.js.original-version-VERSION. If the modified version is replaced, the modified version should be saved as mimetypelist.js.was-replaced-by-version-VERSION.

Actual behaviour

Obviously, a modified version is kept without possibility to react as admin.

Server configuration

Operating system: Arch Linux, current, Kernel 5.8.3 Web server: NGINX 1.18.0 Database: MariaDB 10.5.5. PHP version: 7.4.9 Nextcloud version: 20.0.0 Beta 1 Update path: Updated from Nextcloud 19.0.1 Release (via web updater) and before that from 19 RC, 19 beta, 18, … Where did you install Nextcloud from: Originally from nextcloud.com Signing status:

Signing status ``` Technical information ===================== The following list covers which files have failed the integrity check. Please read the previous linked documentation to learn more about the errors and how to fix them. Results ======= - core - INVALID_HASH - core/js/mimetypelist.js Raw output ========== Array ( [core] => Array ( [INVALID_HASH] => Array ( [core/js/mimetypelist.js] => Array ( [expected] => 23a3fa45757b26795f5cf8f94d9e5bce76fc916288a6458679311b312c167adcf4158ccb2c5c3db791fa0b87703b6c5863afb6c9d790b8cbac5ab3ae8c3418fb [current] => 248b1c46827f16075a92457d368b5f8c1c6d39c8dc8569e248b35443ac035501b86b8f46785cc6fb3f12fc8445284829c1e27aa82097a53d2688040b1de7da26 ) ) ) ) ```

List of activated apps:

App list ``` Enabled: - accessibility: 1.6.0 - activity: 2.13.0 - bookmarks: 3.3.4 - cloud_federation_api: 1.3.0 - comments: 1.10.0 - contactsinteraction: 1.1.0 - cospend: 1.0.5 - dashboard: 7.0.0 - dav: 1.16.0 - deck: 1.0.5 - federatedfilesharing: 1.10.1 - federation: 1.10.1 - files: 1.15.0 - files_antivirus: 2.4.1 - files_linkeditor: 1.1.1 - files_pdfviewer: 2.0.O - files_rightclick: 0.17.0 - files_sharing: 1.12.0 - files_trashbin: 1.10.1 - files_versions: 1.13.0 - files_videoplayer: 1.9.0 - logreader: 2.5.0 - lookup_server_connector: 1.8.0 - mail: 1.4.1 - metadata: 0.12.0 - nextcloud_announcements: 1.9.0 - notes: 3.6.2 - notifications: 2.8.0 - oauth2: 1.8.0 - password_policy: 1.10.1 - photos: 1.2.0 - privacy: 1.4.0 - provisioning_api: 1.10.0 - richdocuments: 3.7.3 - richdocumentscode: 4.2.602 - serverinfo: 1.10.0 - settings: 1.2.0 - sharebymail: 1.10.0 - systemtags: 1.10.0 - tasks: 0.13.3 - text: 3.1.0 - theming: 1.11.0 - twofactor_backupcodes: 1.9.0 - updatenotification: 1.10.0 - user_status: 0.0.2 - viewer: 1.4.0 - weather_status: 1.0.0 - workflowengine: 2.2.0 Disabled: - admin_audit - analytics - announcementcenter - apporder - audioplayer - bruteforcesettings - calendar - camerarawpreviews - carnet - checksum - circles - contacts - cookbook - dashboardcharts - documentserver_community - emlviewer - encryption - end_to_end_encryption - external - extract - files_accesscontrol - files_automatedtagging - files_external - files_lock - files_mindmap - firstrunwizard - flowupload - forms - groupfolders - groupquota - guests - impersonate - issuetemplate - keeweb - maps - music - news - occweb - ocr - onlyoffice - passman - passwords - phonetrack - polls - previewgenerator - quicknotes - quota_warning - rainloop - ransomware_detection - ransomware_protection - recommendations - registration - spreed - support - survey_client - suspicious_login - talk_simple_poll - terms_of_service - theming_customcss - timetracker - twofactor_admin - twofactor_email - twofactor_gateway - twofactor_nextcloud_notification - twofactor_totp - twofactor_u2f - user_external - user_ldap - video_converter - workflow_pdf_converter - workflow_script ```

Nextcloud configuration:

Config report ``` { "system": { "instanceid": "***REMOVED SENSITIVE VALUE***", "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": { "0": "test.seyfarth.de", "1": "cloud.seyfarth.de", "2": "cloud.datenschutz-individuell.de", "3": "stage.datenschutz-individuell.de", "4": "cloud.selbstbestimmt-digital.de", "6": "stage.selbstbestimmt-digital.de", "7": "cloud.suevia-ka.de", "8": "cloud.bvdnet.de", "9": "efdpo.owncube.com", "10": "cloud.owncube.com" }, "datadirectory": "***REMOVED SENSITIVE VALUE***", "dbtype": "mysql", "version": "20.0.0.3", "overwrite.cli.url": "https:\/\/test.seyfarth.de", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbport": "", "dbtableprefix": "oc_", "mysql.utf8mb4": true, "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "installed": true, "memcache.local": "\\OC\\Memcache\\APCu", "memcache.distributed": "\\OC\\Memcache\\Redis", "memcache.locking": "\\OC\\Memcache\\Redis", "redis": { "host": "***REMOVED SENSITIVE VALUE***", "port": 0, "dbindex": 0, "timeout": 1.5 }, "logtimezone": "Europe\/Berlin", "mail_from_address": "***REMOVED SENSITIVE VALUE***", "mail_smtpmode": "smtp", "mail_domain": "***REMOVED SENSITIVE VALUE***", "mail_smtpsecure": "tls", "mail_sendmailmode": "smtp", "mail_smtphost": "***REMOVED SENSITIVE VALUE***", "mail_smtpport": "25", "trashbin_retention_obligation": "auto,30", "versions_retention_obligation": "auto,366", "skeletondirectory": "", "default_language": "de", "default_locale": "de_DE", "theme": "", "loglevel": 3, "simpleSignUpLink.shown": false, "twofactor_enforced": "true", "twofactor_enforced_groups": [ "admin" ], "twofactor_enforced_excluded_groups": [ "2FA-Ausnahme" ], "has_rebuilt_cache": true, "updater.release.channel": "beta", "app_install_overwrite": [], "maintenance": false } } ```

Are you using external storage: no Are you using encryption: no Are you using an external user-backend: no

Client configuration

Irrelevant

Logs

Web server error log

(filtered out CODE and corresponding CODE proxy timeout errors using 'grep -Ev '(timed out|richdocuments)' seyfarth_test.err')

Web server error log ``` 2020/08/04 14:12:54 [error] 709#709: *100560 access forbidden by rule, client: 34.89.233.217, server: test.seyfarth.de, request: "GET /.git/HEAD HTTP/1.1", host: "test.seyfarth.de" 2020/08/04 20:46:28 [error] 706#706: *166492 access forbidden by rule, client: 35.246.219.243, server: test.seyfarth.de, request: "GET /.git/HEAD HTTP/1.1", host: "test.seyfarth.de" 2020/08/07 17:58:22 [error] 716#716: *113592 access forbidden by rule, client: 35.242.203.37, server: test.seyfarth.de, request: "GET /.git/HEAD HTTP/1.1", host: "test.seyfarth.de" 2020/08/07 17:58:22 [error] 716#716: *113602 access forbidden by rule, client: 35.242.203.37, server: test.seyfarth.de, request: "GET /.git/HEAD HTTP/1.1", host: "test.seyfarth.de" 2020/08/10 16:46:48 [warn] 716#716: *434880 an upstream response is buffered to a temporary file /var/lib/nginx/fastcgi/5/12/0000001125 while reading upstream, client: 192.168.1.2, server: test.seyfarth.de, request: "GET /settings/apps/list HTTP/2.0", upstream: "fastcgi://unix:/run/php-fpm/php-fpm.sock:", host: "test.seyfarth.de" 2020/08/11 02:59:40 [error] 716#716: *480259 access forbidden by rule, client: 150.129.8.19, server: test.seyfarth.de, request: "GET /.git/config HTTP/1.1", host: "test.seyfarth.de", referrer: "http://test.seyfarth.de/.git/config" 2020/08/12 10:37:09 [warn] 712#712: *61054 an upstream response is buffered to a temporary file /var/lib/nginx/fastcgi/5/03/0000000035 while reading upstream, client: 192.168.1.2, server: test.seyfarth.de, request: "GET /settings/apps/list HTTP/2.0", upstream: "fastcgi://unix:/run/php-fpm/php-fpm.sock:", host: "test.seyfarth.de" 2020/08/12 18:21:51 [warn] 712#712: *113911 an upstream response is buffered to a temporary file /var/lib/nginx/fastcgi/6/05/0000000056 while reading upstream, client: 192.168.1.2, server: test.seyfarth.de, request: "GET /settings/apps/list HTTP/2.0", upstream: "fastcgi://unix:/run/php-fpm/php-fpm.sock:", host: "test.seyfarth.de" 2020/08/16 06:41:42 [error] 702#702: *73380 access forbidden by rule, client: 3.12.165.60, server: test.seyfarth.de, request: "GET /.git/HEAD HTTP/1.1", host: "test.seyfarth.de" 2020/08/21 23:32:59 [warn] 704#704: *3357 an upstream response is buffered to a temporary file /var/lib/nginx/fastcgi/8/02/0000000028 while reading upstream, client: 192.168.1.2, server: test.seyfarth.de, request: "GET /settings/apps/list HTTP/2.0", upstream: "fastcgi://unix:/run/php-fpm/php-fpm.sock:", host: "test.seyfarth.de" ```

Nextcloud log (data/nextcloud.log)

Was too big, therefor available on-cloud: https://test.seyfarth.de/s/a4CJGSRapbk4HP5

Browser log

Sorry, not available any more.

nursoda commented 4 years ago

Seems to be fixed in/by NC 20.0.0 Beta 2 – no integrity warning after the upgrade to that latest beta any more.