| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 01_migrate_obsolete_modules.patch | Migration for obsolete modules The server fails to start with a missing module, so we remove them from the modules table. Server module workflow was removed in version 2.4. tryton-modules-ldap-connection was merged into tryton-modules-ldap-authentication in version 3.4. |
Mathias Behrle <mathiasb@m9s.biz> | yes | upstream | ||
| 02_avoid_call_to_pypi.patch | Avoid the call for python-magic to PyPi. The Build-Dependency relatorio >=0.7 contains a code copy of python-magic[pypi]. . This patch is subject to be removed, once python-magic from pypi (or an equivalent alternative) is available. Relevant discussions: https://lists.debian.org/debian-python/2017/09/msg00008.html https://lists.debian.org/debian-python/2017/09/msg00015.html https://lists.debian.org/debian-python/2017/10/msg00021.html |
Mathias Behrle <mathiasb@m9s.biz> | no | debian | 2017-11-06 | |
| 03_werkzeug10_compatibility.patch | Provide compatibility with werkzeug 1.0 werkzeug 1.0 residing at the time of writing in experimental will probably propagate any time soon to sid. In werkzeug 1.0 some deprecation warnings were removed and in fact deprecated. This patch provides compatibility between former versions and version 1.0. |
Mathias Behrle <mathiasb@m9s.biz> | not-needed | upstream | vendor, https://hg.tryton.org/trytond/rev/691d0ad1b947/ | 2020-03-12 |
| 04_CVE-2022-26661_CVE-2022-26662.patch | Protect against XML vulnerabilities This patch contains fixes for XML parsing vulnerabilities: https://discuss.tryton.org/t/security-release-for-issue11219-and-issue11244/5059 https://bugs.tryton.org/issue11219 (CVE-2022-26661) https://bugs.tryton.org/issue11244 (CVE-2022-26662) |
Cédric Krier <ced@b2ck.com> | not-needed | upstream | vendor, https://hg.tryton.org/trytond/rev/d0744bba5682 | 2022-03-09 |
| 05_enforce_record_rules.patch | Enforce record rules when only reading fields without an SQL type. This patch fixes the information disclosure leak when reading from function fields with record rules https://discuss.tryton.org/t/security-release-for-issue-12428/6397 |
Cédric Krier <cedric.krier@b2ck.com> | yes | upstream | ||
| zipbomb-fix.patch | Do not accept compressed content from unauthenticated request It seems that the follow-up patches from <https://foss.heptapod.net/tryton/tryton/-/issues/13203> do not apply to version 5. |
Cedric Krier <ced@b2ck.com> | yes | upstream | https://foss.heptapod.net/tryton/tryton/-/commit/1923117e935de62276352585185ced6d854bcb3d | 2024-04-17 |