openSUSE Security Update: Security update for nextcloud-desktop ______________________________________________________________________________ Announcement ID: openSUSE-SU-2023:0090-1 Rating: important References: #1201070 #1205798 #1205799 #1205800 #1205801 #1207976 Cross-References: CVE-2022-39331 CVE-2022-39332 CVE-2022-39333 CVE-2022-39334 CVE-2023-23942 CVSS scores: CVE-2022-39331 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2022-39332 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2022-39333 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-39334 (NVD) : 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N CVE-2023-23942 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for nextcloud-desktop fixes the following issues: nextcloud-desktop was updated to 3.8.0: - Resize WebView widget once the loginpage rendered - Feature/secure file drop - Check German translation for wrong wording - L10n: Correct word - Fix displaying of file details button for local syncfileitem activities - Improve config upgrade warning dialog - Only accept folder setup page if overrideLocalDir is set - Update CHANGELOG. - Prevent ShareModel crash from accessing bad pointers - Bugfix/init value for pointers - Log to stdout when built in Debug config - Clean up account creation and deletion code - L10n: Added dot to end of sentence - L10n: Fixed grammar - Fix "Create new folder" menu entries in settings not working correctly on macOS - Ci/clang tidy checks init variables - Fix share dialog infinite loading - Fix edit locally job not finding the user account: wrong user id - Skip e2e encrypted files with empty filename in metadata - Use new connect syntax - Fix avatars not showing up in settings dialog account actions until clicked on - Always discover blacklisted folders to avoid data loss when modifying selectivesync list. - Fix infinite loading in the share dialog when public link shares are disabled on the server - With cfapi when dehydrating files add missing flag - Fix text labels in Sync Status component - Display 'Search globally' as the last sharees list element - Fix display of 2FA notification. - Bugfix/do not restore virtual files - Show server name in tray main window - Add Ubuntu Lunar - Debian build classification 'beta' cannot override 'release'. - Update changelog - Follow shouldNotify flag to hide notifications when needed - Bugfix/stop after creating config file - E2EE cut extra zeroes from derypted byte array. - When local sync folder is overriden, respect this choice - Feature/e2ee fixes - This also fix security issues: - (boo#1205798, CVE-2022-39331) - Arbitrary HyperText Markup Language injection in notifications - (boo#1205799, CVE-2022-39332) - Arbitrary HyperText Markup Language injection in user status and information - (boo#1205800, CVE-2022-39333) - Arbitrary HyperText Markup Language injection in desktop client application - (boo#1205801, CVE-2022-39334) - Client incorrectly trusts invalid TLS certificates - (boo#1207976, CVE-2023-23942) - missing sanitisation on qml labels leading to javascript injection - Update to 3.7.4 - check German translation for wrong wording - Fix "Create new folder" menu entries in settings not working correctly on macOS - Clean up account creation and deletion code - Fix share dialog infinite loading - fix edit locally job not finding the user account: wrong user id - skip e2e encrypted files with empty filename in metadata - Always discover blacklisted folders to avoid data loss when modifying selectivesync list. - use new connect syntax - with cfapi when dehydrating files add missing flag - Fix avatars not showing up in settings dialog account actions until clicked on - Fix text labels in Sync Status component - Fix infinite loading in the share dialog when public link shares are disabled on the server - Ci/clang tidy checks init variables - Display 'Search globally' as the last sharees list element - Resize WebView widget once the loginpage rendered - Bugfix/do not restore virtual files - Fix display of 2FA notification. - Update to 3.7.3 - Revert "Fix(l10n): capital_abcd Update translations from Transifex" - Revert "Fix(l10n): capital_abcd Update translations from Transifex" - Revert "Fix(l10n): capital_abcd Update translations from Transifex" - Update to 3.7.2 - No regular changelog from upstream. See instead: https://github.com/nextcloud/desktop/compare/v3.7.1...v3.7.2 - Update to 3.7.1 - Backport/5393/stable 3.7 by @mgallien in #5403 - Fix wrong estimated time when doing sync. in #4902 - Bugfix/selective sync abort error in #4903 - Set UnifiedSearchResultNothingFound visibility less messily in #4751 - Clean up QML type and singleton registration in #4817 - Simplify activity list delegates by making them ItemDelegates, clean up in #4786 - Improve activity list highlighting/keyboard item selection in #4781 - Replace private API QZipWriter with KArchive in #4768 - makes Qt WebEngine optional only on macOS in #4875 - Bugfix/conflict resolution when selecting folder in #4914 - Fix fileactivitylistmodel QML registration in #4920 - Updated link to documentation in #4792 - Fix menu bar height calculation on macOS in #4917 - Fix ActivityItem activityHover error in #4921 - Fix add account window text clipping, enlarge text in #4910 - Accept valid lsColJob reply XML content types in #4919 - Fix low-resolution file changed overlay icons in activities in #4930 - Refactor ActivityListModel population mechanisms in #4736 - Make account setup wizard's adjustWizardSize resize to current page size instead of largest wizard page in #4911 - Deallocate call notification dialog objects when closed by @claucambra in #4939 - Ensure that the file being processed has had its etag properly sanitised, log etag more in #4940 - Feature/syncjournaldb handle errors in #4819 - Do not format text in QML components as HTML in #4944 - Fix two factor auth notification: activity item was disabled. in #4961 - Add a placeholder item for empty activity list in #4959 - Ensure strings in main window QML are presented as plain text and not HTML by @claucambra in #4972 - Improve handling of file name clashes by @claucambra in #4970 - Add a QSortFilterProxyModel-based SortedActivityListModel by @claucambra in #4933 - Bring back .lnk files on Windows and always treat them as non-virtual files. by @allexzander in #4968 - Fix two factor authentication notification by @camilasan in #4967 - Ensure placeholder message in emoji picker wraps correctly in #4960 - Make activity action button an actual button, clean up contents in #4784 - Improve the error box QML component in #4976 - Fix 'Reply' primary property. in #4985 - Fix sync progress bar colours in dark mode in #4986 - Fix predefined status text formatting in #4987 - Don't set up tray context menu on macOS, even if not building app bundle in #4988 - Ci/check clang tidy in ci in #4995 - check our code with clang-tidy in #4999 - alway use constexpr for all text constants in #4996 - avoid possibly crashing static_cast in #4994 - switch AppImage CI to latest tag: client-appimage-6 in #5003 - configure a list of checks for clang-tidy in #5004 - Fix link shares default expire date being enforced as maximum expire date even when maximum date enforcement is disabled on the server in #4982 - apply modernize-use-using via clang-tidy in #4993 - Ci/use no discard in #4992 - Fix files not unlocking after lock time expired in #4962 - Update client image in #5002 - let's check the format via some github action in #4991 - Feature/vfs windows sharing and lock state in #4942 - Update after tx migrate in #5019 - Improve 'Handle local file editing' feature. Add loading popup. Add force sync before opening a file. in #4990 - Command-line client. Do not trust SSL certificates by default, unless '--trust' option is set. in #5022 - Bugfix/files lock fail metadata in #5024 - do not ignore return value in #4998 - improve logs when adding sync errors in activity list of main dialog in #5032 - Fix invisible user status selector button not being checked when user is in Offline mode in #5012 - use correct version copmparison on NSIS updater: fix update from rc in #4979 - Bugfix/check token for edit locally requests in #5039 - Fix the dismiss button: display it whenever possible. in #4989 - Fix account not found when doing local file editing. in #5040 - Improve "pretty user name"-related strings, display in webflow credentials in #5013 - Update CHANGELOG with 3.6.1 changes. in #5066 - Fix call notification dialog buttons in #5074 - validate certificate for E2EE against private key in #4949 - emit missing signal to update folder sync status icon in #5087 - Update CMake usage in README build instructions in #5086 - Clean up methods in sync engine in #5071 - Make Systray's void methods slots in #5042 - Remove unneeded parameter from CleanupPollsJob constructor in #5070 - Add a 'Sync now' button to the sync status header in the tray window in #5018 - Modernise and improve code in AccountManager in #5026 - Fix macOS autoupdater settings in #5102 - Validate and sanitise edit locally token and relpath before sending to server in #5093 - Refactor FolderMan's "Edit Locally" capabilities as separate class in #5107 - Modernise and improve code in AccountSettings in #5027 - Fix compatibility with newer python3-nautilus in #5105 - Only show Sync Now button if account is connected in #5097 - use new public API to open an edit locally URL in #5116 - Add a new file details window, unify file activity and sharing in #4929 - E2EE. Do not generate keypair without user request. in #5067 - Fix incorrect current user index when adding or removing a user account. Also fix incorrect user avatar lookup by id. in #5092 - Remove unused internal link widget from old share dialog in #5123 - Use separate variable for cfg file name in CMAKE. in #5136 - Bugfix/delete folders during propagation even when propagation has errors in #5104 - Remove unused app pointer in CocoaInitializer in #5127 - Ensure 'Sync now' button doesn't have its text elided in #5129 - Fix share delegate button icon colors in dark mode in #5132 - Do not use copy-assignment of QDialog. in #5148 - Remove unused remotePath in User::processCompletedSyncItem in #5118 - Make user status selector modal, show user header in #5145 - properly escape a path when creating a test file during tests in #5151 - Add support cmake unity build in #5109 - Fix typo of connector in #5157 - fully qualify types in signals and slots in #5088 - Remove reference to inexistent property in NCCustomButton in #5173 - Fix ActivityList delegate warnings in #5172 - Ensure forcing a folder to be synced unpauses syncing on said folder in #5152 - switch back to upstream craft in #5178 - fix renaming of folders with a deep hierarchy inside them in #5182 - fix instances of: c++11 range-loop might detach Qt container warnings in #5089 - Implement context menu entry "Leave this share" in #5081 - check that we update local file mtime on changes from server in #5188 - Add end-to-end tests to our CI in #5124 - Modernize the Dolphin action plugin in #5192 - Ci/do not modify configuration file duringtests in #5200 - cmake: Use FindPkgConfig's pkg_get_variable instead of custom macro in #5199 - Fix tray window margins, stop cutting into window border in #5202 - fix regressions on pinState management when doing renames in #520 - Fix bad custom button alignments, sizings, etc. in #5189 - Ci/do not override configuration file in #5206 - Clearly tell user that E2EE has been enabled for an account in #5164 - Fix CfApiShellExtensionsIPCTest in #5209 - l10n: Fixed grammar in #5220 - Prevent bad encrypting of folder if E2EE has not been correctly set up in #5223 - Remove close/dismiss button from encryption message in #5163 - Update macOS shell integration deployment targets in #5227 - Bugfix/case cash conflicts should not terminate sync in #5224 - Differentiate between E2EE not being enabled at all vs. E2EE being enabled already through another device in account settings message in #5179 - Ensure more QML text components are rendering things as plain text in #5231 - l10n: Correct spelling in #5221 - Make use of plain text-enforcing qml labels in #5233 - Feature/edit file locally restart sync in #5175 - Fix CI errors for Edit Locally. in #5241 - Lock file when editing locally in #5226 - Format some QLabels as plain text in #5247 - do not create GUI from a random thread and show error on real error in #5253 - Fix BasicComboBox internal layout in #5216 - Explicitly size and align user status selector text input to avoid bugs with alternate QtQuick styles in #5214 - do not use bulk upload for e2ee files in #5256 - Only show mnemonic request dialog when user explicitly wants to enable E2EE in #5181 - Replace share settings popup with a page on a StackView in #5194 - Add interactive NC Talk notifications on macOS in #5143 - Show file details within the tray dialog, rather than in a separate dialog in #5139 - Silence sync termination errors when running EditLocallyJob. in #5261 - Fix typo in #5257 - Add an "Encrypt" menu entry in file browser context menu for folders in #5263 - Add a nix flake for easy building and dev environments in #5007 - Add an internal link share to the share dialog in #5131 - Avoid the Get-Task-Allow Entitlement (macOS Notarization) in #5274 - sets a fixed version for pixman when buildign desktop client via Craft in #5269 - Fix SyncEngineTest failure when localstate is destroyed. in #5273 - Feature/remove obsolete names in #5271 - Remove unused HeaderBanner component in #5245 - Feature/do not sync enc folders if e2ee is not setup in #5258 - fix migration from old settings configuration files in #5141 - Use QFileInfo::exists where we are only creating a QFileInfo to check if file exists in #5291 - Make correct use of Qt signal 'emit' keyword in #5287 - Remove unused variables in #5290 - Declare all QRegularExpressions statically in #5289 - l10n: Remove space in #5297 - Feature/move shellextensions to root installdir in #5295 - Improve backup dark mode palette for Windows in #5298 - Allow setting up an account with apppasword and folder via command-line arguments. For deployment. in #5296 - Update file's metadata in the local database when the etag changes while file remains unchanged. Fix subsequent conflict when locking and unlocking. in #5293 - Fix warnings on QPROPERTY-s in #5286 - Replace now deprecated FSEventStreamScheduleWithRunLoop with FSEventStreamSetDispatchQueue in #5272 - Fix macOS shell integration class inits in #5299 - Drop dependency on Qt Quick Controls 1 in #5309 - Fix full-text search results not being opened in browser in #5279 - Feature/allow forceoverrideurl via command line in #5329 - Bugfix/e2ee vulnerability empty metadatakeys in #5323 - Always generate random initialization vector when uploading encrypted file in #5324 - Fix bad string for translation. in #5358 - Update legal notice to 2023 in #5361 - Fix migration from legacy client when override server url is set in #5322 - Don't try to lock folders when editing locally in #5317 - Fix fetch more unified search result item not being clickable in #5266 - Add ability to disable E2EE in #5167 - Remove unused monochrome icons setting in #5366 - Feature/sync with case clash names in #5232 - Edit locally. Do not lock if locking is disabled on the server. in #5371 - Revert "Merge pull request #5366 from nextcloud/bugfix/remove-mono-icons-setting" in #5372 - Open calendar notifications in the browser. in #4684 - Migrate old configs in #5362 - Always unlock E2EE folders, even when network failure or crash. in #5370 - Fix displaying of file details button for local syncfileitem activities in #5380 - Improve config upgrade warning dialog in #5386 - Backport/5385/stable 3.7 in #5388 - Update to 3.6.6 - Revert "Fix(l10n): capital_abcd Update translations from Transifex" 33f3975 - Update to 3.6.5 - do not assert when sharing to a circle in #5310 - Fix macOS shell integration class inits in #5311 - Drop dependency on Qt Quick Controls 1 in #5312 - Feature/allow forceoverrideurl via command line in #5332 - Fix typo in #5270 - check that we update local file mtime on changes from server in #5321 - fix regressions on pinState management when doing renames in #5333 - Always generate random initialization vector when uploading encrypted file in #5334 - Fix SyncEngineTest failure when localstate is destroyed. in #5336 - Bugfix/e2ee vulnerability empty metadatakeys in #5335 - Update to 3.6.4 - do not create GUI from a random thread and show error on real error - Update to 3.6.3 - Fix typo of connector - fix renaming of folders with a deep hierarchy inside them - Make user status selector modal, show user header - Prevent bad encrypting of folder if E2EE has not been correctly set up - Feature/edit file locally restart sync - Add forcefoldersync method to folder manager - Make use of plain text-enforcing qml labels - Lock file when editing locally - Format some QLabels as plain text - Update to 3.6.2 - Fix call notification dialog buttons by @backportbot-nextcloud in #5075 - emit missing signal to update folder sync status icon by @backportbot-nextcloud in #5090 - Fix macOS autoupdater settings by @backportbot-nextcloud in #5103 - Validate and sanitise edit locally token and relpath before sending to server by @backportbot-nextcloud in #5106 - Fix compatibility with newer python3-nautilus by @backportbot-nextcloud in #5112 - Refactor FolderMan's "Edit Locally" capabilities as separate class by @backportbot-nextcloud in #5111 - use new public API to open an edit locally URL by @backportbot-nextcloud in #5117 - Use separate variable for cfg file name in CMAKE. by @backportbot-nextcloud in #5140 - Fix stable-3.6 compile on macOS by @claucambra in #5154 - Fix bad backport of CustomButton changes in Stable-3.6 by @claucambra in #5155 - Backport/5067/stable 3.6 by @allexzander in #5153 - Backport/5092/stable 3.6 by @allexzander in #5156 - properly escape a path when creating a test file during tests by @backportbot-nextcloud in #5158 - Split out the dbus service related files that provides libcloudproviders integration for nextcloud desktop client into a separate package; when this is installed, launching any app supporting libowncloudproviders (e.g. nautilus on GNOME) will automatically launch the desktop client -- which is rather annoying to happen by default, esp. in cases where a user does not even have a nextcloud account (gh#nextcloud/desktop#1982, gh#nextcloud/desktop#2622). - Make the extension working again on Nautilus 43. This patch also support previous Nautilus versions. - Update to 3.6.1 - Fix wrong estimated time when doing sync. - Bugfix/selective sync abort error - Bugfix/conflict resolution when selecting folder - Fix menu bar height calculation on macOS - Fix add account window text clipping, enlarge text - Accept valid lsColJob reply XML content types - Fix low-resolution file changed overlay icons in activities - Deallocate call notification dialog objects when closed - Ensure that the file being processed has had its etag properly sanitised, log etag more - Ensure strings in main window QML are presented as plain text and not HTML - Do not format text in QML components as HTML - Fix two factor authentication notification - Bring back .lnk files on Windows and always treat them as non-virtual files. - Fix 'Reply' primary property. - Update after tx migrate - Command-line client. Do not trust SSL certificates by default, unless '--trust' option is set. - Fix invisible user status selector button not being checked when user is in Offline mode - Fix link shares default expire date being enforced as maximum expire date even when maximum date enforcement is disabled on the server - Backport/4989/stable 3.6 - use correct version copmparison on NSIS updater: fix update from rc - Improve 'Handle local file editing' feature. Add loading popup. Add f��� - Backport/5039/bugfix/check token for edit locally requests - Fix account not found when doing local file editing. - Fix two factor auth notification: activity item was disabled. - Fix predefined status text formatting - Fix sync progress bar colours in dark mode - Improve handling of file name clashes - Ensure placeholder message in emoji picker wraps correctly - Update to 3.6.0 - Fix crash in cldapi.dll - Updating command-rebase.yml workflow from template - Reply button size should be same as the input field, smaller + text color - Fix crashing when selecting user status and predefined statuses not appearing - Make user status dialog look in line with the rest of the desktop client tray and Nextcloud - Add a placeholder message for the recents tab of the emoji picker - Add SVG icon styled for macOS Big Sur - Ensure the dispatch source only gets deallocated after the dispatch_source_cancel is done, avoiding crashing of the Finder Sync Extension on macOS - Properly adapt the UserStatusSelectorModel to QML, eliminate hacks, make code more declarative - Fix the system tray menu not being correctly replaced in setupContextMenu on GNOME - Make the share dialog resizeable - Make client language gender-neutral and more clear - Use an en-dash for the userstatus panel - Close call notifications when the call has been joined by the user, or the call has ended - Correct spelling - Print sync direction in SyncFileStatusTracker::slotAboutToPropagate - Windows CI. Use specific Craft revision. - Add 'db/local/remote' reference to log string. - Work around issues with window positioning on Linux DEs, hardcode tray window to screen center when new account added - Add a custom back button to the account wizard's advanced setup page - Clean up systray methods, make more QML-friendly - Refactor tray window opening code for clarity and efficiency - Increase the call state checking interval to not overload the server - Fix bad quote in CMakeLists PNG generation message - Only set _FORTIFY_SOURCE when a higher level of this flag has not been set - Switch to using the main client CI image based on ubuntu 22.04 - Limit concurrent notifications - Use macOS-specific application icon - QML-ify the UserModel, use properties rather than setter methods - Take ints by value rather than reference in UserModel methods - Feature/vfs windows thumbnails - Respect skipAutoUpdateCheck in nextcloud.cfg with Sparkle on macOS - Restyle unified search skeleton items animation and simplify their code - Stop styling QML unified search items hierarchically, use global Style constants - Use preprocessor directive rather than normal 'if' for UNNotification types - Make apps menu scrollable when content taller than available vertical space, preventing borking of layout - Ensure that throttled notifications still appear in tray activity model - Stop clearing notifications when new notifications are received - Fix ActivityItemContent QML paintedWidth errors - Clicking on an activity list item for a file opens the local file if available - Replace unified search text field busy indicator with custom indicator - Update macOS Info.plist - Ensure debug archive contents are readable by any user - Remove Ubuntu Impish, add Kinetic - Make UserStatusSelector a dismissible page pushed onto the tray window - Feature/handle edit locally - Add Debian Bullseye build - Double-clicking tray icon opens currently-selected user's local folder (if available) - Clean up TalkReplyTextField, remove unnecessary parent Item - Refactor user line - Do not reboot PC when running an MSI via autoupdate. - Always run MSI with full UI. - Eliminate padding around the menu separator in the account menu - Feature/enable more warnings also for gcc - Move CFAPI shell extensions variables to root CMakeLists. - Move URI scheme variable from Nextcloud.cmake to root CMakeListsts. - Ensure SyncEngine use an initialized instance of SyncOptions - Fix QML warnings - I18n: Spelling unification - Fix crash: 'Failed to create OpenGL context'. - Fix bugs with setting 'Away' user status - Fix greek translation for application name in menu - Align, resize, and layout everything uniformly in the unified search view - Remove libglib-2.0.so.0 and libgobject-2.0.so.0 from Appimage. - Fix unified search item placeholder image source - Use same tooltip component everywhere, fix tooltip clipping bugs - Fix account switching and hover issues with UserLine component - Remove Ubuntu Focal - Add a ScrollView to the predefined statuses area of the UserStatusSelector - Prevent the 'Cancel' button of the user status selector getting squashed - Ensure that clear status message combo box is at least implicit width - Fix alignment of predefined status contents regardless of emoji fonts - Prevent crashing when trying to create error-ing QML component in systray.cpp, output error to log - Add CHANGELOG.md. - Ensure file activity dialog is centered on screen and appears at top of window stack - Build script for AppImage should not assume Nextcloud is the name - Fix File Activities dialog not showing up. - Reads and store fileId and remote permissions during bulk upload - Do not build qt keychain already included in the CI images - Bugfix/web engine on win11 - Update CHANGELOG for the 3.6.0 release. - Fix script that upload AppImage to go in correct path - Update to 3.5.4 - Add and use DO_NOT_REBOOT_IN_SILENT=1 parameter for MSI to not reboot during the auto-update. - Update to 3.5.3 - Fix the system tray menu not being correctly replaced in setupContextMenu on GNOME - Ensure call notification stays on top of other windows - Work around issues with window positioning on Linux DEs, hardcode tray window to screen center when new account added - Clean up systray methods, make more QML-friendly - Refactor tray window opening code for clarity and efficiency - Only set _FORTIFY_SOURCE when a higher level of this flag has not been set - Limit concurrent notifications - Take ints by value rather than reference in UserModel methods - Respect skipAutoUpdateCheck in nextcloud.cfg with Sparkle on macOS - Use preprocessor directive rather than normal 'if' for UNNotification types - QML-ify the UserModel, use properties rather than setter methods - Fix ActivityItemContent QML paintedWidth errors - Stop clearing notifications when new notifications are received - Ensure debug archive contents are readable by any user - Stop styling QML unified search items hierarchically, use global Style constants - Update macOS Info.plist - print sync direction in SyncFileStatusTracker::slotAboutToPropagate - Remove Ubuntu Impish, add Kinetic - Ensure that throttled notifications still appear in tray activity model - Make apps menu scrollable when content taller than available vertical space, preventing borking of layout - Update to 3.5.2 - Explicitly ask user for notification authorisation on launch (macOS) - Fix crash caused by overflow in FinderSyncExtension - add new fixup workflow from nextcloud org - Display chat message inside the OS notification. - Fix 'TypeError: Cannot readproperty 'messageSent' of undefined'. - Add a transparent background to the send reply button. - Fix build on macOS versions pre-11 (down to 10.14) - Ignore Office temp folders on Mac ('.sb-' in folder name). - Remove assert, it is no longer useful. - Add contrast to the text/icon of buttons if the server defined color is light. - fix general section - Remove tooltip because it is only repeating the label of the link. - bugfix/share-dialog - Updating command-rebase.yml workflow from template - Reply button size should be same as the input field, smaller + text color - Close call notifications when the call has been joined by the user, or the call has ended - Increase the call state checking interval to not overload the server - Ensure the dispatch source only gets deallocated after the dispatch_source_cancel is done, avoiding crashing of the Finder Sync Extension on macOS * A more future-proof and distribution friendly fix for boo#1201070 - Fix Tumbleweed build and install error boo#1201070. Use own CFLAGS for Tumblweed with -D_FORTIFY_SOURCE=2 instead of -D_FORTIFY_SOURCE=3. - Update to 3.5.1 - Add new and correct sparkle update signature - l10n: Remove string from translation - l10n: Changed triple dot to ellipsis - Ensure cache is stored in default cache location - Updating command-rebase.yml workflow from template - Remove "���" from "Create Debug Archive" button - docs: Replace "preceded" with "followed" - only add OCS-APIREQUEST header for 1st request of webflow v1 - Make the make_universal.py script more verbose for easier debugging - Revamp notifications for macOS and add support for actionable update notifications - Use proper online status for user ('dnd', 'online', 'invisible', etc.) to enable or disable desktop notifications. - Bugfix. Take root folder's files size into account when displaying the total size in selective sync dialog. - Fix activity list item issues with colours/layout/etc. - Bugfix/allow manual rename files with spaces - Fixed share link expiration box being ineditable and always attempting to set invalid date - Fix crashing of finder sync extension caused by dispatch_source_cancel of nullptr - Simplify and remove the notification "cache" - Fix tray icon not displaying "Open main dialog" - if an exclude file is deleted, skip it and remove it from internal list - Bugfix/two factor notification - Fix visual borking in the share dialog - add explicit capture for lambda - Update to 3.5.0 - Require cmake 3.16 - Add testing for ActivityListModel - Check for dbus-1 when building with cloudproviders - Add ability to copy internal link from share dialog - Feature/improve activity buttons - Add thumbnails for files in the activity view - Use proper API to dehydrate a placeholder file - Feature/Talk Reply v1 - Ensure we emit a rename command for renamed files - Remove Hirsute, add Jammy - Allow account menu to scroll when content height is larger than menu height - Always build with updater. Use 'beta/stable' channel selector in 'General Settins' dialog with default 'stable'. - Cmake option to disable proxy - Add support for server color theming - No longer assume status bar height, calculate, fixing notch borking on new MacBook Pro - Add a dark mode - Generates pot files automatically. - Add headers in cmake files to get them properly detected - Ensure that bulk upload network job errors are handled - Do not remove a folder that has files that were not uploaded yet during propagation - L10n: Change to lowercase - Simplify currentScreen in systray.cpp - Fix warn colour in dark mode - Do not remove files from a Group folder and its nested folders when it is renamed or removed while not allowed. - Rollback local move on server move failure - Implement local socket to communicate with finder extension - Bugfix/prevent overflow with mtime - L10n: Changed spelling - Add 'Help' action back. - Ensure file activity dialog appears in centre of screen - Increase maximum text line count in tray activity items to two lines - Fix file activity dialog - Properly ask Qt to create qml opengl surface with proper options - Old submodule url does not work anylonger - Old submodule url does not work anylonger - Prepare for 3.5.0-rc1 - Fix icon color and highlight color issues - Fix for VFS crashes due to mimetype checking for thumbnails - Fix various dark mode bugs - Add a new yml github issue template for bug reports. - Ensure we only store update channel not localized in settings - Improve talk reply - Prepare for 3.5.0-rc2 - Bugfix/talk reply part 2 - Darkmode. Fix crash on exit. - Avoid deleting renamed file with spaces in name - More dark mode fixes - Ensure we do properly failed hydration jobs - Fix build of appimage for branded clients - Prepare for 3.5.0-rc3 - Feature/files lock - Add call notification dialog. - Fix thumbnails for new files made while client open - Increase time between connection tries - Improve contrast on server color themed elements - Fix positioning of activities in the activities list - Bugfix/activities fetch server overload - Realigned and resized thumbnails - Add user avatars in talk notifications in activity list - Fix sparkle implementation in the desktop client - Prepare 3.5.0-rc4 - Prepare final 3.5.0 release - Update to 3.4.4 - Do not remove files from a Group folder and its nested folders when it is renamed or removed while not allowed. - Bugfix/prevent overflow with mtime - Old submodule url does not work anylonger - Update to 3.4.3 - Remove Hirsute, add Jammy - Cmake option to disable proxy - ensure we emit a rename command for renamed files - Makes sure that sync engine terminates when an error happen - ensure that bulk upload network job errors are handled - Rollback local move on server move failure - Do not remove a folder that has files that were not uploaded yet during propagation - Update to 3.4.2 - Bugfix/force re-login on SSL Handshake error - Do not display 'Conflict when uploading some files to a folder - Windows. MSI. Unregister Nextcloud folders in SyncRootManager on uninstall. - Unbreak loading translations - Hide share button for deleted files and ignored files in tray activity - Display error message when creating a link share with compromised password. - Bugfix. Re-init sharing manager to enable link sharing UI when receivng sharing permissions. - Show only filenames in tray activity items, with full path in tooltip - use proper API to dehydrate a placeholder file - Add macOS *.textClipping files to ignore list - Updatete to 3.4.1 - fix random error when updating CfApi metadata - do not forget the path when renaming files with invalid names - Bugfix/assert invalid modtime - Feature/folder logo variations - Always prefill username from Windows login name based on server version - Bugfix/3.4.1 rc1 - Bugfix/sync stuck on error - Bugfix/force download local invalid files - Enforce VFS. Disable 'Make always available locally'. - Bugfix/avoid sync getting stuck - Fix CMake error in ECMAddAppIcon for mac - Do not crash on findAndCancelDeletedJob - ensure any errors after calling FileSystem::getModTime are handled - Skiped version 3.4.0 because of modtime bug: See: https://github.com/nextcloud/desktop/pull/4049 Please read the following wiki page How to fix files invalid modification date: https://github.com/nextcloud/desktop/wiki/Fix-bug-invalid-modification-date Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2023-90=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 x86_64): libnextcloudsync-devel-3.8.0-bp154.2.3.1 libnextcloudsync0-3.8.0-bp154.2.3.1 nextcloud-desktop-3.8.0-bp154.2.3.1 nextcloud-desktop-dolphin-3.8.0-bp154.2.3.1 - openSUSE Backports SLE-15-SP4 (noarch): caja-extension-nextcloud-3.8.0-bp154.2.3.1 cloudproviders-extension-nextcloud-3.8.0-bp154.2.3.1 nautilus-extension-nextcloud-3.8.0-bp154.2.3.1 nemo-extension-nextcloud-3.8.0-bp154.2.3.1 nextcloud-desktop-doc-3.8.0-bp154.2.3.1 nextcloud-desktop-lang-3.8.0-bp154.2.3.1 References: https://www.suse.com/security/cve/CVE-2022-39331.html https://www.suse.com/security/cve/CVE-2022-39332.html https://www.suse.com/security/cve/CVE-2022-39333.html https://www.suse.com/security/cve/CVE-2022-39334.html https://www.suse.com/security/cve/CVE-2023-23942.html https://bugzilla.suse.com/1201070 https://bugzilla.suse.com/1205798 https://bugzilla.suse.com/1205799 https://bugzilla.suse.com/1205800 https://bugzilla.suse.com/1205801 https://bugzilla.suse.com/1207976