Debian Patches

Status for tryton-server/7.0.30-1+deb13u1

Patch Description Author Forwarded Bugs Origin Last update
01_avoid_call_to_pypi.patch Avoid the call for python-magic to PyPi. The Build-Dependency relatorio >=0.7 contains a code copy of
python-magic[pypi].
.
This patch is subject to be removed, once python-magic from pypi (or an
equivalent alternative) is available.
Relevant discussions:
https://lists.debian.org/debian-python/2017/09/msg00008.html
https://lists.debian.org/debian-python/2017/09/msg00015.html
https://lists.debian.org/debian-python/2017/10/msg00021.html		 Mathias Behrle <mathiasb@m9s.biz> not-needed debian 2017-11-06
02_canonical_timezone.patch Use a canonical timezone in tests. The timezone 'Canada/Eastern' used in tests has moved to
package tzdata-legacy only available since trixie.
For the sake of backports we use the according canonical
timezone replacement.		 Mathias Behrle <mathiasb@m9s.biz> yes debian 2024-11-06
03_traceback_in_RPC.patch Include the traceback only in RPC responses in development mode. Supplying unexpected keys in a JSON-RPC create request (e.g., _debug)
causes a KeyError in the server, and the full Python traceback is
returned in the JSON-RPC error response. This leaks internal implementation
details (file paths, function names, library layout,)
which can assist an attacker in further exploitation/reconnaissance.		 Cédric Krier <cedric.krier@b2ck.com> no debian 2025-11-25
04_enforce_access_check_html_editor.patch Enforce access check in HTML editor route Use .read and .write instead of .browse and .save when editing field via the
HTML editor.		 Cédric Krier <cedric.krier@b2ck.com> no debian 2025-11-25
05_enforce_access_check_export_data.patch Enforce access check in export_data As the method is using instances to construct the exported data, the access
must be checked explicitly.		 Cédric Krier <cedric.krier@b2ck.com> no debian 2025-11-25

All known versions for source package 'tryton-server'

Links