Control: tags -1 + patch On 11-Jul-2017, Johannes Schauer wrote: > - pelican/themes/notmyidea/static/css/main.css imports > https://fonts.googleapis.com/css?family=Yanone+Kaffeesatz&subset=latin > - pelican/themes/notmyidea/templates/base.html includes the script > https://html5shiv.googlecode.com/svn/trunk/html5.js
I have prepared a patch series that removes those references. Attached are the patch files for Debian. -- \ “You are welcome to visit the cemetery where famous Russian and | `\ Soviet composers, artists, and writers are buried daily except | _o__) Thursday.” —Russian orthodox monastery, Moscow | Ben Finney <bign...@debian.org>
From bb0152ff01a5ef3498ea62d7ed7a9a4e0ff3c7c1 Mon Sep 17 00:00:00 2001 From: Ben Finney <b...@benfinney.id.au> Date: Tue, 8 Aug 2017 00:17:16 +1000 Subject: [PATCH 1/2] =?UTF-8?q?Patch=20theme=20=E2=80=9Cnotmyidea=E2=80=9D?= =?UTF-8?q?=20to=20remove=20user-tracking=20resource=20loads.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- debian/changelog | 6 ++++ debian/patches/remove-html5shiv-reference.patch | 35 ++++++++++++++++++++++ .../patches/remove-yanonekaffesatz-reference.patch | 29 ++++++++++++++++++ debian/patches/series | 2 ++ 4 files changed, 72 insertions(+) create mode 100644 debian/patches/remove-html5shiv-reference.patch create mode 100644 debian/patches/remove-yanonekaffesatz-reference.patch create mode 100644 debian/patches/series diff --git a/debian/changelog b/debian/changelog index 5413c04a..013c4d97 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +pelican (3.7.1-2) UNRELEASED; urgency=medium + + * Patch theme “notmyidea” to remove user-tracking resource loads. + + -- + pelican (3.7.1-1) unstable; urgency=medium * New upstream release. diff --git a/debian/patches/remove-html5shiv-reference.patch b/debian/patches/remove-html5shiv-reference.patch new file mode 100644 index 00000000..1f89d996 --- /dev/null +++ b/debian/patches/remove-html5shiv-reference.patch @@ -0,0 +1,35 @@ +Description: Remove an obsolete tracking script reference. + The reference is intended to load a remote resource, which is a + privacy violation for the user. + . + The reference is to a resource which no longer exists, so this HREF + would not work anyway. +Bug-Debian: http://bugs.debian.org/868049 +Author: Ben Finney <bign...@debian.org> +Last-Update: 2017-08-08 + +diff -u old/pelican/themes/notmyidea/templates/base.html new/pelican/themes/notmyidea/templates/base.html +--- old/pelican/themes/notmyidea/templates/base.html ++++ new/pelican/themes/notmyidea/templates/base.html +@@ -10,10 +10,6 @@ + {% if FEED_ALL_RSS %} + <link href="{{ FEED_DOMAIN }}/{{ FEED_ALL_RSS }}" type="application/rss+xml" rel="alternate" title="{{ SITENAME }} RSS Feed" /> + {% endif %} +- +- <!--[if IE]> +- <script src="https://html5shiv.googlecode.com/svn/trunk/html5.js";></script> +- <![endif]--> + </head> + + <body id="index" class="home"> + + +Local variables: +coding: utf-8 +mode: diff +time-stamp-format: "%:y-%02m-%02d" +time-stamp-start: "^Last-Update:[ ]+" +time-stamp-end: "$" +time-stamp-line-limit: 20 +End: +vim: fileencoding=utf-8 filetype=diff : diff --git a/debian/patches/remove-yanonekaffesatz-reference.patch b/debian/patches/remove-yanonekaffesatz-reference.patch new file mode 100644 index 00000000..a0fe2a48 --- /dev/null +++ b/debian/patches/remove-yanonekaffesatz-reference.patch @@ -0,0 +1,29 @@ +Description: Remove a font reference to a user tracking site. + The reference is intended to load a remote resource, which is a + privacy violation for the user. +Bug-Debian: http://bugs.debian.org/868049 +Author: Ben Finney <bign...@debian.org> +Last-Update: 2017-08-08 + +diff -u old/pelican/themes/notmyidea/static/css/main.css new/pelican/themes/notmyidea/static/css/main.css +--- old/pelican/themes/notmyidea/static/css/main.css ++++ new/pelican/themes/notmyidea/static/css/main.css +@@ -12,7 +12,6 @@ + @import url("reset.css"); + @import url("pygment.css"); + @import url("typogrify.css"); +-@import url(https://fonts.googleapis.com/css?family=Yanone+Kaffeesatz&subset=latin); + + /***** Global *****/ + /* Body */ + + +Local variables: +coding: utf-8 +mode: diff +time-stamp-format: "%:y-%02m-%02d" +time-stamp-start: "^Last-Update:[ ]+" +time-stamp-end: "$" +time-stamp-line-limit: 20 +End: +vim: fileencoding=utf-8 filetype=diff : diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 00000000..441d3422 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,2 @@ +remove-html5shiv-reference.patch +remove-yanonekaffesatz-reference.patch -- 2.13.2
From 960338e67bd154795924730a394e1b47467169d9 Mon Sep 17 00:00:00 2001 From: Ben Finney <b...@benfinney.id.au> Date: Tue, 8 Aug 2017 00:17:49 +1000 Subject: [PATCH 2/2] Document that this release closes a serious severity bug. --- debian/changelog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 013c4d97..e4d836bd 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,7 @@ -pelican (3.7.1-2) UNRELEASED; urgency=medium +pelican (3.7.1-2) UNRELEASED; urgency=high * Patch theme “notmyidea” to remove user-tracking resource loads. + Closes: bug#868049. This bug is Severity: serious. -- -- 2.13.2
signature.asc
Description: PGP signature
