Bug 28241 - nextcloud-client update to 3.1.3 (fixes CVE-2021-22879)
Summary: nextcloud-client update to 3.1.3 (fixes CVE-2021-22879)
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL: https://github.com/nextcloud/desktop/...
Whiteboard: MGA7TOO MGA8-64-OK MGA7-32-OK MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Reported: 2021-01-28 18:47 CET by Morgan Leijström
Modified: 2021-05-29 23:18 CEST (History)
7 users (show)

See Also:
Source RPM: nextcloud-client-3.1.1-1.mga7.src.rpm
Status comment:


Description Morgan Leijström 2021-01-28 18:47:26 CET
Second bugfix update of 3.1

Would be good to get this in mga8 release.

- And updated in mga7.

I will test on mga7-64 Plasma, with Dolphin extension.

We just released the previous version 3.1.1, ( Bug 28048 ) but there is no problem for users if they skip that version when upgrading.
Morgan Leijström 2021-01-28 18:48:05 CET

Whiteboard: (none) => MGA7TOO
Assignee: bugsquad => pkg-bugs

Comment 1 Morgan Leijström 2021-03-03 10:45:23 CET
Now also 3.1.3 is out, released two weeks ago.

mga7 & 8 are both at 3.1.1-1

Nothing crucial i know of, but it have shown in the past it is good to keep it updated, and that looks god to users.

I can test update from 3.1.1 on mga7-64, dual account (where 3.1.0 failed)

I think we can go directly to 3.1.3

CC last packagers

Summary: Nextcloud-client update to 3.1.2 => Nextcloud-client update to 3.1.3
CC: (none) => joequant, mageia, mageia
Version: Cauldron => 8

Comment 2 Morgan Leijström 2021-03-20 10:29:46 CET

3.2.0 is in RC now, but from earlier experiences with this software i would suggest skipping 3.2.0 (especially because of a listed "major engine update") and take 3.2.1 when it comes later.

Until then, having latest 3.1.x bugfix would look good.
Comment 3 Nicolas Lécureuil 2021-03-20 19:38:29 CET
available for mga 7/8  updates_testing:

    - nextcloud-client-3.1.3-1.mga7
    - nextcloud-client-3.1.3-1.mga8

Assignee: pkg-bugs => qa-bugs

Comment 4 Morgan Leijström 2021-03-21 00:01:59 CET

OK mga7-64 Plasma Dolphin

Had one account configured, with several syncs, to a server version 20 .0.7 on shared hosting.
Paused all synced folders, shut down client, updated:

- lib64nextcloudsync0-3.1.3-1.mga7.x86_64
- lib64ocsync0-3.1.3-1.mga7.x86_64
- nextcloud-client-3.1.3-1.mga7.x86_64
- nextcloud-client-dolphin-3.1.3-1.mga7.x86_64

Launched using
$  nextcloud --logwindow
And enabled synced folders.
Nothing suspicious in log window nor server log.

Added a sync account with another server: Full OK

Quick test of Dolphin integration: OK

System is visible in system tray, clicking on it works like before with same ugly GUI.  (it will be different in 3.2.x)
Comment 5 Brian Rockwell 2021-03-24 16:34:05 CET
MGA8  - 64 bit - GNOME

$ uname -a
Linux localhost 5.10.25-desktop-1.mga8 #1 SMP Sat Mar 20 16:45:02 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

The following 8 packages are going to be installed:

- lib64cloudproviders0-0.3.1-1.mga8.x86_64
- lib64gnome-keyring0-3.12.0-12.mga8.x86_64
- lib64nextcloudsync0-3.1.3-1.mga8.x86_64
- lib64ocsync0-3.1.3-1.mga8.x86_64
- lib64qt5keychain1-0.11.1-2.mga8.x86_64
- libgnome-keyring-i18n-3.12.0-12.mga8.noarch
- nextcloud-client-3.1.3-1.mga8.x86_64
- qtquickcontrols25-5.15.2-1.mga8.x86_64


Started Nextcloud Client configured it.

System is synching properly, including testing new files.

CC: (none) => brtians1
Whiteboard: MGA7TOO => MGA7TOO MGA8-64-OK

Comment 6 Brian Rockwell 2021-03-24 18:33:02 CET
MGA7 - 32bit - mate

$ uname -a
Linux localhost 5.10.25-desktop-1.mga7 #1 SMP Sat Mar 20 17:57:21 UTC 2021 i686 i686 i386 GNU/Linux

The following 23 packages are going to be installed:

- libcloudproviders0-0.3.0-2.mga7.i586
- libevent6-2.1.8-3.mga7.i586
- libminizip1-1.2.11-7.mga7.i586
- libnextcloudsync0-3.1.3-1.mga7.i586
- libocsync0-3.1.3-1.mga7.i586
- libqt5keychain1-0.9.1-2.mga7.i586
- libqt5positioning5-5.12.6-1.mga7.i586
- libqt5printsupport5-5.12.6-4.2.mga7.i586
- libqt5quickcontrols2_5-5.12.6-1.mga7.i586
- libqt5quicktemplates2_5-5.12.6-1.mga7.i586
- libqt5quickwidgets5-5.12.6-1.mga7.i586
- libqt5svg5-5.12.6-1.mga7.i586
- libqt5webchannel5-5.12.6-1.mga7.i586
- libqt5webengine5-5.12.6-1.mga7.i586
- libqt5webenginecore5-5.12.6-1.mga7.i586
- libqt5webenginewidgets5-5.12.6-1.mga7.i586
- libqt5websockets5-5.12.6-1.mga7.i586
- libre2_0-20190401-1.mga7.i586
- libsnappy1-1.1.7-2.mga7.i586
- nextcloud-client-3.1.3-1.mga7.i586
- qtquickcontrols25-5.12.6-1.mga7.i586
- qtsvg5-5.12.6-1.mga7.i586
- qtwebengine5-5.12.6-1.mga7.i586

162MB of additional disk space will be used.


System is synching properly

Whiteboard: MGA7TOO MGA8-64-OK => MGA7TOO MGA8-64-OK MGA7-32-OK

Comment 7 Thomas Andrews 2021-03-24 20:52:37 CET
Morgan's test looks good enough for a MGA7-64 OK, too.

Validating. Needs an advisory.

Keywords: (none) => validated_update
Whiteboard: MGA7TOO MGA8-64-OK MGA7-32-OK => MGA7TOO MGA8-64-OK MGA7-32-OK MGA7-64-OK
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 8 Aurelien Oudelet 2021-03-25 16:02:41 CET

Updated nextcloud-client packages to latest stable version

The nextcloud-client packages have been updated to latest stable version.
See upstream website for releases notes.

- https://bugs.mageia.org/show_bug.cgi?id=28241
- https://github.com/nextcloud/desktop/releases/
- https://github.com/nextcloud/desktop/releases/tag/v3.1.3

Updated packages in 7/core/updates_testing:

from SRPM:

Updated packages in 8/core/updates_testing:

from SRPM:

CC: (none) => ouaurelien
Keywords: (none) => advisory

Comment 9 Mageia Robot 2021-03-27 15:28:30 CET
An update for this issue has been pushed to the Mageia Updates repository.


Resolution: (none) => FIXED

Comment 10 David Walser 2021-05-29 23:18:28 CEST
This update fixed CVE-2021-22879:

Summary: Nextcloud-client update to 3.1.3 => nextcloud-client update to 3.1.3 (fixes CVE-2021-22879)

Note You need to log in before you can comment on or make changes to this bug.