| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001_README_remove_embedded_images.patch | README.rst: remove embedded images The documentation files shipped with Debian packages should not embed remote images, especially not from sources that are known to track users (like shields.io). |
Jonas Meurer <jonas@freesources.org> | not-needed | 2019-02-22 | ||
| 0002_Use_python3_by_default.patch | Use python3 by default instead of /usr/bin/env python On systems running both python2 and python3 and where python2 is the default, running 'example_project/manage.py' fails, since this is a python3 package. |
=?utf-8?q?Louis-Philippe=5FV=C3=A9ronneau?= <pollo@debian.org> | not-needed | 2019-06-08 | ||
| 0003-run-sassc-at-build-time.patch | Run sassc at build-time In the Debian package, we compile the scss files at build-time with sassc to prevent the run-time dependency on sassc. This patch replaces the scss reference in the base.html template with the pre-built css file reference. |
Jonas Meurer <jonas@freesources.org> | not-needed | 2019-06-08 | ||
| 0004_remove_link_to_google_fonts.patch | Remove link to google fonts | nd notandy <git@notandy.de> | no | 2021-04-29 | ||
| 0005_ensure_private_archives_during_import.patch | Ensure private archives stay private during import (CVE-2021-33038) hyperkitty keeps state of whether a mailing list's archives should be public or private in the hyperkitty_mailinglist table. However during the import process, it would create a row using the default settings (archive_policy="public") instead of getting the correct values from Mailman. It would only sync with Mailman at the end of the import process. This patch explicitly creates the hyperkitty_mailinglist row/object at the beginning of the import process, so the visiblity will be correctly obtained from Mailman, before any messages can be accidentally leaked. |
Kunal Mehta <legoktm@debian.org> | yes | debian upstream | upstream, https://gitlab.com/mailman/hyperkitty/-/merge_requests/351 | 2021-05-06 |