[tryton-debian-vcs] tryton-server branch debian-wheezy updated. debian/2.2.4-1-4-g20bda54

Mathias Behrle tryton-debian-vcs at alioth.debian.org
Sun Oct 5 18:39:39 UTC 2014 

The following commit has been merged in the debian-wheezy branch:
https://alioth.debian.org/plugins/scmgit/cgi-bin/gitweb.cgi/?p=tryton/tryton-server.git;a=commitdiff;h=debian/2.2.4-1-4-g20bda54

commit 20bda54facf58dfa1baa0f026355006567d81922
Author: Mathias Behrle <mathiasb at m9s.biz>
Date:   Sun Oct 5 20:38:45 2014 +0200

    Releasing debian version 2.2.4-1+deb7u2.
    
    Signed-off-by: Mathias Behrle <mathiasb at m9s.biz>

diff --git a/debian/changelog b/debian/changelog
index a9341ee..6f8bfd2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+tryton-server (2.2.4-1+deb7u2) stable-security; urgency=high
+
+  * Adding patch 04-fix-strict-sequences.
+    Fixes a regression introduced by the patch for CVE-2014-6633.
+    S. https://bugs.tryton.org/issue4228
+    S. http://codereview.tryton.org/5681002
+
+ -- Mathias Behrle <mathiasb at m9s.biz>  Sat, 04 Oct 2014 01:49:12 +0200
+
 tryton-server (2.2.4-1+deb7u1) stable-security; urgency=high
 
   * Adding patch 03-fix-safe_eval for CVE-2014-6633.
commit 2573cda0a99518f51d8c53a6e3edc2bd5a7c9877
Author: Mathias Behrle <mathiasb at m9s.biz>
Date:   Fri Oct 3 16:30:08 2014 +0200

    Adding patch 04-fix-strict-sequences.
    Fixes a regression introduced by the patch for CVE-2014-6633.
     S. https://bugs.tryton.org/issue4228
     S. http://codereview.tryton.org/5681002

diff --git a/debian/patches/04-fix-strict-sequences b/debian/patches/04-fix-strict-sequences
new file mode 100644
index 0000000..3d53138
--- /dev/null
+++ b/debian/patches/04-fix-strict-sequences
@@ -0,0 +1,21 @@
+Author: Mathias Behrle <mathiasb at m9s.biz>
+Description: Fix for regression introduced by the patch for CVE-2014-6633.
+ Avoid double evaluation from inherit with different model.
+ 
+ This patch is a backport of the original patch from trunk.
+ S. https://bugs.tryton.org/issue4228
+ S. http://codereview.tryton.org/5681002
+
+--- tryton-server.orig/trytond/model/modelview.py	2014-10-03 16:22:29.000000000 +0200
++++ tryton-server/trytond/model/modelview.py	2014-10-03 16:22:29.000000000 +0200
+@@ -453,7 +453,9 @@
+         encoder = PYSONEncoder()
+         for attr in ('states', 'domain', 'context', 'digits', 'add_remove',
+                 'spell', 'colors'):
+-            if element.get(attr):
++            if (element.get(attr)
++                    # Avoid double evaluation from inherit with different model
++                    and '__' not in element.get(attr)):
+                 element.set(attr, encoder.encode(safe_eval(element.get(attr),
+                     CONTEXT)))
+ 
diff --git a/debian/patches/series b/debian/patches/series
index d291d55..0f0df0f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 01-debian-data-dir
 02-support-pywebdav-0.9.8
 03-fix-safe_eval
+04-fix-strict-sequences
-- 
tryton-server

More information about the tryton-debian-vcs mailing list