Package: tryton-server | Debian Sources

Package: tryton-server / 5.0.33-2+deb11u2

Metadata

Package	Version	Patches format
tryton-server	5.0.33-2+deb11u2	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
01_migrate_obsolete_modules.patch \| (download)	trytond/modules/__init__.py \| 10 10 + 0 - 0 ! 1 file changed, 10 insertions(+)	migration for obsolete modules The server fails to start with a missing module, so we remove them from the modules table. Server module workflow was removed in version 2.4. tryton-modules-ldap-connection was merged into tryton-modules-ldap-authentication in version 3.4.
02_avoid_call_to_pypi.patch \| (download)	setup.py \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	avoid the call for python-magic to pypi. The Build-Dependency relatorio >=0.7 contains a code copy of python-magic[pypi]. . This patch is subject to be removed, once python-magic from pypi (or an equivalent alternative) is available. Relevant discussions: https://lists.debian.org/debian-python/2017/09/msg00008.html https://lists.debian.org/debian-python/2017/09/msg00015.html https://lists.debian.org/debian-python/2017/10/msg00021.html
03_werkzeug10_compatibility.patch \| (download)	setup.py \| 2 1 + 1 - 0 ! trytond/wsgi.py \| 18 15 + 3 - 0 ! 2 files changed, 16 insertions(+), 4 deletions(-)	provide compatibility with werkzeug 1.0 werkzeug 1.0 residing at the time of writing in experimental will probably propagate any time soon to sid. In werkzeug 1.0 some deprecation warnings were removed and in fact deprecated. This patch provides compatibility between former versions and version 1.0.
04_CVE 2022 26661_CVE 2022 26662.patch \| (download)	setup.py \| 1 1 + 0 - 0 ! trytond/__init__.py \| 6 6 + 0 - 0 ! trytond/ir/translation.py \| 4 2 + 2 - 0 ! trytond/model/modelview.py \| 5 3 + 2 - 0 ! trytond/protocols/xmlrpc.py \| 3 3 + 0 - 0 ! 5 files changed, 15 insertions(+), 4 deletions(-)	protect against xml vulnerabilities This patch contains fixes for XML parsing vulnerabilities: https://discuss.tryton.org/t/security-release-for-issue11219-and-issue11244/5059 https://bugs.tryton.org/issue11219 (CVE-2022-26661) https://bugs.tryton.org/issue11244 (CVE-2022-26662)
05_enforce_record_rules.patch \| (download)	trytond/model/modelsql.py \| 2 1 + 1 - 0 ! trytond/tests/test_rule.py \| 27 27 + 0 - 0 ! 2 files changed, 28 insertions(+), 1 deletion(-)	enforce record rules when only reading fields without an sql type. This patch fixes the information disclosure leak when reading from function fields with record rules https://discuss.tryton.org/t/security-release-for-issue-12428/6397

1