Bug#987877: marked as done (unblock: hyperkitty/1.3.4-3)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Sat, 1 May 2021 19:25:38 +0200
with message-id <YI2PEpXlpQxRviEZ@ramacher.at>
and subject line Re: Bug#987877: unblock: hyperkitty/1.3.4-3
has caused the Debian Bug report #987877,
regarding unblock: hyperkitty/1.3.4-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
987877: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987877
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: hyperkitty/1.3.4-3
• From: Jonas Meurer <jonas@freesources.org>
• Date: Sat, 01 May 2021 11:09:53 +0200
• Message-id: <[🔎] E1lcldM-00028h-4w@mx3.freesources.org>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package hyperkitty

Hyperkitty 1.3.4-3 fixes RC bug #987654 (the web application loads remote
Google fonts, causing privacy breach). The patch is cherry-picked from upstream,
simple and straight-forward and has been tested.

Here's the changelog and full debdiff is attached:

> hyperkitty (1.3.4-3) unstable; urgency=high
> 
>   * d/p/0004_remove_link_to_google_fonts.patch: Don't load remote Google
>     fonts. Thanks to Kunal Mehta for bugreport and testing. (Closes: #987654)
> 
>  -- Jonas Meurer <jonas@freesources.org>  Thu, 29 Apr 2021 11:55:45 +0200

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock hyperkitty/1.3.4-3

Thanks for your work as Release Team <3

Cheers
 jonas

diff -Nru hyperkitty-1.3.4/debian/changelog hyperkitty-1.3.4/debian/changelog
--- hyperkitty-1.3.4/debian/changelog	2021-03-03 16:25:55.000000000 +0100
+++ hyperkitty-1.3.4/debian/changelog	2021-04-29 11:55:45.000000000 +0200
@@ -1,3 +1,10 @@
+hyperkitty (1.3.4-3) unstable; urgency=high
+
+  * d/p/0004_remove_link_to_google_fonts.patch: Don't load remote Google
+    fonts. Thanks to Kunal Mehta for bugreport and testing. (Closes: #987654)
+
+ -- Jonas Meurer <jonas@freesources.org>  Thu, 29 Apr 2021 11:55:45 +0200
+
 hyperkitty (1.3.4-2) unstable; urgency=medium
 
   * Replace bootstrap3 usage with bootstrap4.
diff -Nru hyperkitty-1.3.4/debian/patches/0004_remove_link_to_google_fonts.patch hyperkitty-1.3.4/debian/patches/0004_remove_link_to_google_fonts.patch
--- hyperkitty-1.3.4/debian/patches/0004_remove_link_to_google_fonts.patch	1970-01-01 01:00:00.000000000 +0100
+++ hyperkitty-1.3.4/debian/patches/0004_remove_link_to_google_fonts.patch	2021-04-29 11:55:45.000000000 +0200
@@ -0,0 +1,33 @@
+From: Jonas Meurer <jonas@freesources.org>
+Date: Thu, 29 Apr 2021 11:43:23 +0200
+Subject: Remove link to google fonts
+
+Author: nd notandy <git@notandy.de>
+Applied-Upstream: https://gitlab.com/mailman/hyperkitty/-/commit/b35d20f45aafbd152e059abe3d4052485ffae305
+Last-Update: 2021-04-29
+---
+ hyperkitty/static/hyperkitty/libs/fonts/droid/droid.css | 8 ++------
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+
+diff --git a/hyperkitty/static/hyperkitty/libs/fonts/droid/droid.css b/hyperkitty/static/hyperkitty/libs/fonts/droid/droid.css
+index 0d90e79..dc93f12 100644
+--- a/hyperkitty/static/hyperkitty/libs/fonts/droid/droid.css
++++ b/hyperkitty/static/hyperkitty/libs/fonts/droid/droid.css
+@@ -2,15 +2,11 @@
+   font-family: 'Droid Sans';
+   font-style: normal;
+   font-weight: 400;
+-  src: local('Droid Sans'), local('DroidSans'),
+-       url(https://fonts.gstatic.com/s/droidsans/v6/s-BiyweUPV0v-yRb-cjciC3USBnSvpkopQaUR-2r7iU.ttf) format('truetype'),
+-       url(DroidSans.ttf) format('truetype');
++  src: local('Droid Sans'), local('DroidSans'), url(DroidSans.ttf) format('truetype');
+ }
+ @font-face {
+   font-family: 'Droid Sans Mono';
+   font-style: normal;
+   font-weight: 400;
+-  src: local('Droid Sans Mono'), local('DroidSansMono'),
+-       url(https://fonts.gstatic.com/s/droidsansmono/v7/ns-m2xQYezAtqh7ai59hJYW_AySPyikQrZReizgrnuw.ttf) format('truetype'),
+-       url(DroidSansMono.ttf) format('truetype');
++  src: local('Droid Sans Mono'), local('DroidSansMono'), url(DroidSansMono.ttf) format('truetype');
+ }
diff -Nru hyperkitty-1.3.4/debian/patches/series hyperkitty-1.3.4/debian/patches/series
--- hyperkitty-1.3.4/debian/patches/series	2021-03-03 16:25:55.000000000 +0100
+++ hyperkitty-1.3.4/debian/patches/series	2021-04-29 11:55:45.000000000 +0200
@@ -1,3 +1,4 @@
 0001_README_remove_embedded_images.patch
 0002_Use_python3_by_default.patch
 0003-run-sassc-at-build-time.patch
+0004_remove_link_to_google_fonts.patch

--- End Message ---

--- Begin Message ---

• To: Jonas Meurer <jonas@freesources.org>, 987877-done@bugs.debian.org
• Subject: Re: Bug#987877: unblock: hyperkitty/1.3.4-3
• From: Sebastian Ramacher <sramacher@debian.org>
• Date: Sat, 1 May 2021 19:25:38 +0200
• Message-id: <YI2PEpXlpQxRviEZ@ramacher.at>
• In-reply-to: <[🔎] E1lcldM-00028h-4w@mx3.freesources.org>
• References: <[🔎] E1lcldM-00028h-4w@mx3.freesources.org>

On 2021-05-01 11:09:53 +0200, Jonas Meurer wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package hyperkitty
> 
> Hyperkitty 1.3.4-3 fixes RC bug #987654 (the web application loads remote
> Google fonts, causing privacy breach). The patch is cherry-picked from upstream,
> simple and straight-forward and has been tested.
> 
> Here's the changelog and full debdiff is attached:
> 
> > hyperkitty (1.3.4-3) unstable; urgency=high
> > 
> >   * d/p/0004_remove_link_to_google_fonts.patch: Don't load remote Google
> >     fonts. Thanks to Kunal Mehta for bugreport and testing. (Closes: #987654)
> > 
> >  -- Jonas Meurer <jonas@freesources.org>  Thu, 29 Apr 2021 11:55:45 +0200
> 
> [ Checklist ]
>   [x] all changes are documented in the d/changelog
>   [x] I reviewed all changes and I approve them
>   [x] attach debdiff against the package in testing
> 
> unblock hyperkitty/1.3.4-3

The package has autopkgtests and is not a key package. It will migrate
on its own without an action from our side.

Cheers

> 
> Thanks for your work as Release Team <3
> 
> Cheers
>  jonas

> diff -Nru hyperkitty-1.3.4/debian/changelog hyperkitty-1.3.4/debian/changelog
> --- hyperkitty-1.3.4/debian/changelog	2021-03-03 16:25:55.000000000 +0100
> +++ hyperkitty-1.3.4/debian/changelog	2021-04-29 11:55:45.000000000 +0200
> @@ -1,3 +1,10 @@
> +hyperkitty (1.3.4-3) unstable; urgency=high
> +
> +  * d/p/0004_remove_link_to_google_fonts.patch: Don't load remote Google
> +    fonts. Thanks to Kunal Mehta for bugreport and testing. (Closes: #987654)
> +
> + -- Jonas Meurer <jonas@freesources.org>  Thu, 29 Apr 2021 11:55:45 +0200
> +
>  hyperkitty (1.3.4-2) unstable; urgency=medium
>  
>    * Replace bootstrap3 usage with bootstrap4.
> diff -Nru hyperkitty-1.3.4/debian/patches/0004_remove_link_to_google_fonts.patch hyperkitty-1.3.4/debian/patches/0004_remove_link_to_google_fonts.patch
> --- hyperkitty-1.3.4/debian/patches/0004_remove_link_to_google_fonts.patch	1970-01-01 01:00:00.000000000 +0100
> +++ hyperkitty-1.3.4/debian/patches/0004_remove_link_to_google_fonts.patch	2021-04-29 11:55:45.000000000 +0200
> @@ -0,0 +1,33 @@
> +From: Jonas Meurer <jonas@freesources.org>
> +Date: Thu, 29 Apr 2021 11:43:23 +0200
> +Subject: Remove link to google fonts
> +
> +Author: nd notandy <git@notandy.de>
> +Applied-Upstream: https://gitlab.com/mailman/hyperkitty/-/commit/b35d20f45aafbd152e059abe3d4052485ffae305
> +Last-Update: 2021-04-29
> +---
> + hyperkitty/static/hyperkitty/libs/fonts/droid/droid.css | 8 ++------
> + 1 file changed, 2 insertions(+), 6 deletions(-)
> +
> +diff --git a/hyperkitty/static/hyperkitty/libs/fonts/droid/droid.css b/hyperkitty/static/hyperkitty/libs/fonts/droid/droid.css
> +index 0d90e79..dc93f12 100644
> +--- a/hyperkitty/static/hyperkitty/libs/fonts/droid/droid.css
> ++++ b/hyperkitty/static/hyperkitty/libs/fonts/droid/droid.css
> +@@ -2,15 +2,11 @@
> +   font-family: 'Droid Sans';
> +   font-style: normal;
> +   font-weight: 400;
> +-  src: local('Droid Sans'), local('DroidSans'),
> +-       url(https://fonts.gstatic.com/s/droidsans/v6/s-BiyweUPV0v-yRb-cjciC3USBnSvpkopQaUR-2r7iU.ttf) format('truetype'),
> +-       url(DroidSans.ttf) format('truetype');
> ++  src: local('Droid Sans'), local('DroidSans'), url(DroidSans.ttf) format('truetype');
> + }
> + @font-face {
> +   font-family: 'Droid Sans Mono';
> +   font-style: normal;
> +   font-weight: 400;
> +-  src: local('Droid Sans Mono'), local('DroidSansMono'),
> +-       url(https://fonts.gstatic.com/s/droidsansmono/v7/ns-m2xQYezAtqh7ai59hJYW_AySPyikQrZReizgrnuw.ttf) format('truetype'),
> +-       url(DroidSansMono.ttf) format('truetype');
> ++  src: local('Droid Sans Mono'), local('DroidSansMono'), url(DroidSansMono.ttf) format('truetype');
> + }
> diff -Nru hyperkitty-1.3.4/debian/patches/series hyperkitty-1.3.4/debian/patches/series
> --- hyperkitty-1.3.4/debian/patches/series	2021-03-03 16:25:55.000000000 +0100
> +++ hyperkitty-1.3.4/debian/patches/series	2021-04-29 11:55:45.000000000 +0200
> @@ -1,3 +1,4 @@
>  0001_README_remove_embedded_images.patch
>  0002_Use_python3_by_default.patch
>  0003-run-sassc-at-build-time.patch
> +0004_remove_link_to_google_fonts.patch


-- 
Sebastian Ramacher

Attachment: signature.asc
Description: PGP signature

--- End Message ---