Proxmox/ProxmoxVE
1
0
Fork 1
mirror of https://github.com/community-scripts/ProxmoxVE.git synced 2026-06-09 09:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
7d62e8319eb21babe54f3d5e95024b8fe5ae3612
ProxmoxVE/ct/odoo.sh
T
Security Fix 7d62e8319e security: Fix HTTP to HTTPS for all package and repository downloads 
CRITICAL FIXES (CWE-494, CWE-300):
- tools/pve/microcode.sh:79 (Intel microcode)
- tools/pve/pbs-microcode.sh:93 (Intel microcode)

CONTAINER-LEVEL FIXES:
- install/deconz-install.sh: libssl1.1 .deb + setup_deb822_repo URLs
- install/odoo-install.sh: lxml-clean .deb
- ct/odoo.sh: lxml-clean .deb (update_script)

HOST-LEVEL REPOSITORY FIXES:
- tools/pve/post-pve-install.sh: Debian + Proxmox PVE repos
- tools/pve/post-pbs-install.sh: Debian + Proxmox PBS repos
- tools/pve/pve8-upgrade.sh: Debian + Proxmox PVE + Ceph repos
- tools/pve/pbs3-upgrade.sh: Debian + Proxmox PBS repos
- tools/pve/hw-acceleration.sh: Debian non-free repos (deb + deb-src)
- install/proxmox-backup-server-install.sh: Proxmox PBS repo
- install/medusa-install.sh: Debian non-free repo
- install/globaleaks-install.sh: GlobaLeaks repository

CHANGES:
 All http:// → https:// for package downloads
 All http:// → https:// for repository configurations
 Added --proto '=https' to curl commands for protocol enforcement
 Improved quoting for file variables

IMPACT:
- Prevents MITM attacks on package installations
- Prevents MITM attacks on repository configuration
- Enforces TLS transport security across all downloads
- Brings consistency with security best practices

CVSS: 6.5 (Medium) - CWE-494, CWE-300, CWE-829
2026-06-08 21:26:18 +02:00

76 lines
2.5 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
# Copyright (c) 2021-2026 community-scripts ORG
# Author: MickLesk (CanbiZ)
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://github.com/odoo/odoo
APP="Odoo"
var_tags="${var_tags:-erp}"
var_disk="${var_disk:-6}"
var_cpu="${var_cpu:-2}"
var_ram="${var_ram:-2048}"
var_os="${var_os:-debian}"
var_version="${var_version:-12}"
var_arm64="${var_arm64:-no}"
var_unprivileged="${var_unprivileged:-1}"
header_info "$APP"
variables
color
catch_errors
function update_script() {
header_info
check_container_storage
check_container_resources
if [[ ! -f /etc/odoo/odoo.conf ]]; then
msg_error "No ${APP} Installation Found!"
exit
fi
ensure_dependencies python3-lxml
if ! [[ $(dpkg -s python3-lxml-html-clean 2>/dev/null) ]]; then
curl -fsSL --proto '=https' "https://archive.ubuntu.com/ubuntu/pool/universe/l/lxml-html-clean/python3-lxml-html-clean_0.1.1-1_all.deb" -o /opt/python3-lxml-html-clean.deb
$STD dpkg -i /opt/python3-lxml-html-clean.deb
rm -f /opt/python3-lxml-html-clean.deb
fi
RELEASE=$(curl -fsSL https://nightly.odoo.com/ | grep -oE 'href="[0-9]+\.[0-9]+/nightly"' | head -n1 | cut -d'"' -f2 | cut -d/ -f1)
LATEST_VERSION=$(curl -fsSL "https://nightly.odoo.com/${RELEASE}/nightly/deb/" |
grep -oP "odoo_${RELEASE}\.\d+_all\.deb" |
sed -E "s/odoo_(${RELEASE}\.[0-9]+)_all\.deb/\1/" |
sort -V |
tail -n1)
if [[ "${LATEST_VERSION}" != "$(cat /opt/${APP}_version.txt)" ]] || [[ ! -f /opt/${APP}_version.txt ]]; then
msg_info "Stopping ${APP} service"
systemctl stop odoo
msg_ok "Stopped Service"
msg_info "Updating ${APP} to ${LATEST_VERSION}"
curl -fsSL https://nightly.odoo.com/${RELEASE}/nightly/deb/odoo_${RELEASE}.latest_all.deb -o /opt/odoo.deb
$STD apt install -y /opt/odoo.deb
rm -f /opt/odoo.deb
echo "$LATEST_VERSION" >/opt/${APP}_version.txt
msg_ok "Updated ${APP} to ${LATEST_VERSION}"
msg_info "Starting Service"
systemctl start odoo
msg_ok "Started Service"
msg_ok "Updated successfully!"
else
msg_ok "No update required. ${APP} is already at ${LATEST_VERSION}"
fi
exit
}
start
build_container
description
msg_ok "Completed successfully!\n"
echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
echo -e "${INFO}${YW}Access it using the following URL:${CL}"
echo -e "${GATEWAY}${BGN}http://${IP}:8069${CL}"
Reference in New Issue View Git Blame Copy Permalink