Community mailing list archives
Re: Odoo Security Advisory - 2015-password-cryptby André P. <email@example.com> - 24/06/2015 04:52:18
3 - apply the a specific commit from the Odoo branches into yours: "git cherry-pick <commit-hash>"
2 - update the Odoo branches (without changing yours): "git fetch origin"
1 - create a new branch and switch to it: "git checkout -b mybranch"
If you simply did a "git clone https://github.com/odoo/odoo.git", you just need to do the following:
Either a diverged fork, or just an old version that you might not want to upgrade.By the way, instead of manually applying patches, I recommend people use "git cherry-pick" to apply them. That way, they get into the branch with the message, date, etc.
Em qua, 24 de jun de 2015 às 09:45, Ondrej Kuznik <firstname.lastname@example.org> escreveu:
On 24/06/15 08:17, Gunnar Wagner wrote: > On 6/24/2015 12:50 AM, Olivier Dony wrote: > >> ... change into the main directory of your Odoo installation (the one >> containing "openerp" and "addons" directories), then execute the patch >> command, typically: >> patch -p0 -f > > for dummies. > > 1. Doing this once (after having pulled the latest Commit) clothes > these 3 leaks at once, right? Hi Gunnar, pulling the latest revision of the branch of your choice (6.0, 7.0 or 8.0 from github.com/odoo/odoo) will contain all the fixes mentioned in these advisories if they affected your OpenERP/Odoo version, so you do not have to patch. If you want to patch separately, each advisory links to a commit that patches that vulnerability only. So you only want to use the patches if for some reason you maintain a fork that has since diverged from the official Odoo repository and you do not usually merge from it. > 2. pulling OCA latest commit will also bring these patches, right? As far as v8 is concerned there should be an automatic process merging the 8.0 branch to OCB so they are usually patched on the day the commit is pushed. Not sure about older versions. Regards, Ondrej -- Consultant credativ Ltd Suite 5, Bloxam Court Corporation Street UK office: +44 1788 298150 Rugby Email: email@example.comCV21 2DU Web: http://www.credativ.co.uk -- credativ Ltd is registered in England & Wales, company no. 5261743 Certified by CompTIA / AccredIT UK with the ICT Supply standard of quality for Software Product Design and Development