[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.2.5-1-1-g0ecfd13

Tue Oct 19 15:32:37 UTC 2010

On Tue, Oct 19, 2010 at 11:12:29AM -0400, Michael Gilbert wrote:
> On Tue, 19 Oct 2010 17:01:41 +0200, Mike Hommey wrote:
> > On Tue, Oct 19, 2010 at 10:49:37AM -0400, Michael Gilbert wrote:
> > > On Tue, 19 Oct 2010 08:32:38 +0200, Mike Hommey wrote:
> > > > On Tue, Oct 19, 2010 at 02:01:51AM +0000, Michael Gilbert wrote:
> > > > > diff --git a/debian/changelog b/debian/changelog
> > > > > index df3a807..abe6a53 100644
> > > > > --- a/debian/changelog
> > > > > +++ b/debian/changelog
> > > > > @@ -1,3 +1,11 @@
> > > > > +webkit (1.2.5-2) UNRELEASED; urgency=high
> > > > > +
> > > > > +  * Unapply 02-pool-fixup-and-sparc-support.patch and
> > > > > +    04-spoof-user-agent-to-google.patch in git.  This prevents the
> > > > > +    creation of an unwanted debian-changes patch.
> > > > 
> > > > This doesn't sound right. 3.0 (quilt) doesn't create debian-changes for
> > > > applied patches, except if your tree contains an outdated .pc directory,
> > > > or the series file is incomplete.
> > > 
> > > The 1.2.5-1 upload has an automatically generated debian-changes file
> > > that reverts all of the cve-* patches. I grabbed that version, and
> > > built it myself and got the same automatically generated file. This
> > > change seems to fix that.
> > 
> > If the new version includes the cve patches, and the patches weren't
> > removed from debian/patches, then it's not unexpected.
> > That's why keeping 3.0 (quilt) packages in git requires an adjusted
> > workflow...
> > 
> > IMHO, unapplying all patches is the wrong option. But then, I'm not
> > really active anymore on webkit.
> 
> I think keeping patches unapplied in git makes better sense as a
> workflow.  It's a bit messy to add the patch file and the diff in each
> git commit.

But then it's a PITA to handle the patches, because you don't benefit
from git at all. Keeping track of the patches with something like topgit
would be better.

> This way, just the patch file is added in git.  Anyway,
> this fix seems to work.

But the fix is wrong.

$ git diff remotes/origin/webkit-1.2 debian/1.2.5-1 | filterdiff -x b/debian/* | lsdiff
a/JavaScriptCore/wtf/ListHashSet.h
a/WebCore/platform/text/AtomicString.cpp
a/WebCore/platform/text/StringHash.h
a/WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp
a/WebKit/gtk/webkit/webkitprivate.h
a/WebKit/gtk/webkit/webkitwebsettings.cpp

$ lsdiff $(cat series)
02-pool-fixup-and-sparc-support.patch:webkit-1.2.1/JavaScriptCore/wtf/ListHashSet.h
02-pool-fixup-and-sparc-support.patch:webkit-1.2.1/WebCore/platform/text/AtomicString.cpp
02-pool-fixup-and-sparc-support.patch:webkit-1.2.1/WebCore/platform/text/StringHash.h
04-spoof-user-agent-to-google.patch:a/WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp
04-spoof-user-agent-to-google.patch:a/WebKit/gtk/webkit/webkitprivate.h
04-spoof-user-agent-to-google.patch:a/WebKit/gtk/webkit/webkitwebsettings.cpp
cve-2010-2646.patch:webkit-1.2.4/WebCore/storage/StorageEventDispatcher.cpp
cve-2010-2646.patch:webkit-1.2.4/WebCore/page/DOMWindow.h
cve-2010-2646.patch:webkit-1.2.4/WebCore/page/DOMWindow.cpp
cve-2010-2646.patch:webkit-1.2.4/WebCore/page/SecurityOrigin.h
cve-2010-2646.patch:webkit-1.2.4/WebCore/page/DOMWindow.idl
cve-2010-2651.patch:webkit-1.2.4/WebCore/rendering/RenderBlock.cpp
cve-2010-2900.patch:webkit-1.2.4/WebCore/html/HTMLCanvasElement.cpp
cve-2010-2901.patch:webkit-1.2.4/WebCore/rendering/RenderObject.cpp
cve-2010-2901.patch:webkit-1.2.4/WebCore/rendering/RenderObject.h
cve-2010-2901.patch:webkit-1.2.4/WebCore/rendering/InlineFlowBox.cpp
cve-2010-2901.patch:webkit-1.2.4/WebCore/rendering/RenderBlock.cpp
cve-2010-3120.patch:webkit-1.2.4/WebCore/page/Geolocation.cpp

Which means the cve* patches should go away.

Mike