Community mailing list archives

community@mail.odoo.com

Re: Odoo Security Advisory - 2015-password-crypt

by
Credativ, Ondrej Kuznik
- 06/24/2015 04:39:50
On 24/06/15 08:17, Gunnar Wagner wrote:
> On 6/24/2015 12:50 AM, Olivier Dony wrote:
> 
>> ... change into the main directory of your Odoo installation (the one
>> containing "openerp" and "addons" directories), then execute the patch
>> command, typically:
>>   patch -p0 -f
> 
> for dummies.
> 
>  1. Doing this once (after having pulled the latest Commit) clothes
>     these 3 leaks at once, right?

Hi Gunnar,
pulling the latest revision of the branch of your choice (6.0, 7.0 or
8.0 from github.com/odoo/odoo) will contain all the fixes mentioned in
these advisories if they affected your OpenERP/Odoo version, so you do
not have to patch.

If you want to patch separately, each advisory links to a commit that
patches that vulnerability only. So you only want to use the patches if
for some reason you maintain a fork that has since diverged from the
official Odoo repository and you do not usually merge from it.

>  2. pulling OCA latest commit will also bring these patches, right?

As far as v8 is concerned there should be an automatic process merging
the 8.0 branch to OCB so they are usually patched on the day the commit
is pushed. Not sure about older versions.

Regards,
Ondrej

-- 
Consultant
credativ Ltd
Suite 5, Bloxam Court
Corporation Street           UK office:  +44 1788 298150
Rugby                        Email:      ondrej.kuznik@credativ.co.uk
CV21 2DU                     Web:        http://www.credativ.co.uk
--
credativ Ltd is registered in England & Wales, company no. 5261743
Certified by CompTIA / AccredIT UK with the ICT Supply standard of
quality for Software Product Design and Development