Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package hyperkitty Hyperkitty 1.3.4-3 fixes RC bug #987654 (the web application loads remote Google fonts, causing privacy breach). The patch is cherry-picked from upstream, simple and straight-forward and has been tested. Here's the changelog and full debdiff is attached: > hyperkitty (1.3.4-3) unstable; urgency=high > > * d/p/0004_remove_link_to_google_fonts.patch: Don't load remote Google > fonts. Thanks to Kunal Mehta for bugreport and testing. (Closes: #987654) > > -- Jonas Meurer <jo...@freesources.org> Thu, 29 Apr 2021 11:55:45 +0200 [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock hyperkitty/1.3.4-3 Thanks for your work as Release Team <3 Cheers jonas
diff -Nru hyperkitty-1.3.4/debian/changelog hyperkitty-1.3.4/debian/changelog --- hyperkitty-1.3.4/debian/changelog 2021-03-03 16:25:55.000000000 +0100 +++ hyperkitty-1.3.4/debian/changelog 2021-04-29 11:55:45.000000000 +0200 @@ -1,3 +1,10 @@ +hyperkitty (1.3.4-3) unstable; urgency=high + + * d/p/0004_remove_link_to_google_fonts.patch: Don't load remote Google + fonts. Thanks to Kunal Mehta for bugreport and testing. (Closes: #987654) + + -- Jonas Meurer <jo...@freesources.org> Thu, 29 Apr 2021 11:55:45 +0200 + hyperkitty (1.3.4-2) unstable; urgency=medium * Replace bootstrap3 usage with bootstrap4. diff -Nru hyperkitty-1.3.4/debian/patches/0004_remove_link_to_google_fonts.patch hyperkitty-1.3.4/debian/patches/0004_remove_link_to_google_fonts.patch --- hyperkitty-1.3.4/debian/patches/0004_remove_link_to_google_fonts.patch 1970-01-01 01:00:00.000000000 +0100 +++ hyperkitty-1.3.4/debian/patches/0004_remove_link_to_google_fonts.patch 2021-04-29 11:55:45.000000000 +0200 @@ -0,0 +1,33 @@ +From: Jonas Meurer <jo...@freesources.org> +Date: Thu, 29 Apr 2021 11:43:23 +0200 +Subject: Remove link to google fonts + +Author: nd notandy <g...@notandy.de> +Applied-Upstream: https://gitlab.com/mailman/hyperkitty/-/commit/b35d20f45aafbd152e059abe3d4052485ffae305 +Last-Update: 2021-04-29 +--- + hyperkitty/static/hyperkitty/libs/fonts/droid/droid.css | 8 ++------ + 1 file changed, 2 insertions(+), 6 deletions(-) + +diff --git a/hyperkitty/static/hyperkitty/libs/fonts/droid/droid.css b/hyperkitty/static/hyperkitty/libs/fonts/droid/droid.css +index 0d90e79..dc93f12 100644 +--- a/hyperkitty/static/hyperkitty/libs/fonts/droid/droid.css ++++ b/hyperkitty/static/hyperkitty/libs/fonts/droid/droid.css +@@ -2,15 +2,11 @@ + font-family: 'Droid Sans'; + font-style: normal; + font-weight: 400; +- src: local('Droid Sans'), local('DroidSans'), +- url(https://fonts.gstatic.com/s/droidsans/v6/s-BiyweUPV0v-yRb-cjciC3USBnSvpkopQaUR-2r7iU.ttf) format('truetype'), +- url(DroidSans.ttf) format('truetype'); ++ src: local('Droid Sans'), local('DroidSans'), url(DroidSans.ttf) format('truetype'); + } + @font-face { + font-family: 'Droid Sans Mono'; + font-style: normal; + font-weight: 400; +- src: local('Droid Sans Mono'), local('DroidSansMono'), +- url(https://fonts.gstatic.com/s/droidsansmono/v7/ns-m2xQYezAtqh7ai59hJYW_AySPyikQrZReizgrnuw.ttf) format('truetype'), +- url(DroidSansMono.ttf) format('truetype'); ++ src: local('Droid Sans Mono'), local('DroidSansMono'), url(DroidSansMono.ttf) format('truetype'); + } diff -Nru hyperkitty-1.3.4/debian/patches/series hyperkitty-1.3.4/debian/patches/series --- hyperkitty-1.3.4/debian/patches/series 2021-03-03 16:25:55.000000000 +0100 +++ hyperkitty-1.3.4/debian/patches/series 2021-04-29 11:55:45.000000000 +0200 @@ -1,3 +1,4 @@ 0001_README_remove_embedded_images.patch 0002_Use_python3_by_default.patch 0003-run-sassc-at-build-time.patch +0004_remove_link_to_google_fonts.patch
