Community mailing list archives

Re: Odoo Security Advisory - 2015-password-crypt

by André P. <> - 24/06/2015 04:52:18
Either a diverged fork, or just an old version that you might not want to upgrade.

By the way, instead of manually applying patches, I recommend people use "git cherry-pick" to apply them. That way, they get into the branch with the message, date, etc.

If you simply did a "git clone", you just need to do the following:
1 - create a new branch and switch to it: "git checkout -b mybranch"
2 - update the Odoo branches (without changing yours): "git fetch origin"
3 - apply the a specific commit from the Odoo branches into yours: "git cherry-pick <commit-hash>"

Em qua, 24 de jun de 2015 às 09:45, Ondrej Kuznik <> escreveu:
On 24/06/15 08:17, Gunnar Wagner wrote:
> On 6/24/2015 12:50 AM, Olivier Dony wrote:
>> ... change into the main directory of your Odoo installation (the one
>> containing "openerp" and "addons" directories), then execute the patch
>> command, typically:
>>   patch -p0 -f
> for dummies.
>  1. Doing this once (after having pulled the latest Commit) clothes
>     these 3 leaks at once, right?

Hi Gunnar,
pulling the latest revision of the branch of your choice (6.0, 7.0 or
8.0 from will contain all the fixes mentioned in
these advisories if they affected your OpenERP/Odoo version, so you do
not have to patch.

If you want to patch separately, each advisory links to a commit that
patches that vulnerability only. So you only want to use the patches if
for some reason you maintain a fork that has since diverged from the
official Odoo repository and you do not usually merge from it.

>  2. pulling OCA latest commit will also bring these patches, right?

As far as v8 is concerned there should be an automatic process merging
the 8.0 branch to OCB so they are usually patched on the day the commit
is pushed. Not sure about older versions.


credativ Ltd
Suite 5, Bloxam Court
Corporation Street           UK office:  +44 1788 298150
Rugby                        Email:
CV21 2DU                     Web:
credativ Ltd is registered in England & Wales, company no. 5261743
Certified by CompTIA / AccredIT UK with the ICT Supply standard of
quality for Software Product Design and Development

Post to: