[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.2.5-1-1-g0ecfd13

Tue Oct 19 15:47:32 UTC 2010

On Tue, 19 Oct 2010 17:32:37 +0200, Mike Hommey wrote:
> On Tue, Oct 19, 2010 at 11:12:29AM -0400, Michael Gilbert wrote:
> > On Tue, 19 Oct 2010 17:01:41 +0200, Mike Hommey wrote:
> > > On Tue, Oct 19, 2010 at 10:49:37AM -0400, Michael Gilbert wrote:
> > > > On Tue, 19 Oct 2010 08:32:38 +0200, Mike Hommey wrote:
> > > > > On Tue, Oct 19, 2010 at 02:01:51AM +0000, Michael Gilbert wrote:
> > > > > > diff --git a/debian/changelog b/debian/changelog
> > > > > > index df3a807..abe6a53 100644
> > > > > > --- a/debian/changelog
> > > > > > +++ b/debian/changelog
> > > > > > @@ -1,3 +1,11 @@
> > > > > > +webkit (1.2.5-2) UNRELEASED; urgency=high
> > > > > > +
> > > > > > +  * Unapply 02-pool-fixup-and-sparc-support.patch and
> > > > > > +    04-spoof-user-agent-to-google.patch in git.  This prevents the
> > > > > > +    creation of an unwanted debian-changes patch.
> > > > > 
> > > > > This doesn't sound right. 3.0 (quilt) doesn't create debian-changes for
> > > > > applied patches, except if your tree contains an outdated .pc directory,
> > > > > or the series file is incomplete.
> > > > 
> > > > The 1.2.5-1 upload has an automatically generated debian-changes file
> > > > that reverts all of the cve-* patches. I grabbed that version, and
> > > > built it myself and got the same automatically generated file. This
> > > > change seems to fix that.
> > > 
> > > If the new version includes the cve patches, and the patches weren't
> > > removed from debian/patches, then it's not unexpected.
> > > That's why keeping 3.0 (quilt) packages in git requires an adjusted
> > > workflow...
> > > 
> > > IMHO, unapplying all patches is the wrong option. But then, I'm not
> > > really active anymore on webkit.
> > 
> > I think keeping patches unapplied in git makes better sense as a
> > workflow.  It's a bit messy to add the patch file and the diff in each
> > git commit.
> 
> But then it's a PITA to handle the patches, because you don't benefit
> from git at all. Keeping track of the patches with something like topgit
> would be better.
> 
> > This way, just the patch file is added in git.  Anyway,
> > this fix seems to work.
> 
> But the fix is wrong.
> 
> $ git diff remotes/origin/webkit-1.2 debian/1.2.5-1 | filterdiff -x b/debian/* | lsdiff
> a/JavaScriptCore/wtf/ListHashSet.h
> a/WebCore/platform/text/AtomicString.cpp
> a/WebCore/platform/text/StringHash.h
> a/WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp
> a/WebKit/gtk/webkit/webkitprivate.h
> a/WebKit/gtk/webkit/webkitwebsettings.cpp
> 
> $ lsdiff $(cat series)
> 02-pool-fixup-and-sparc-support.patch:webkit-1.2.1/JavaScriptCore/wtf/ListHashSet.h
> 02-pool-fixup-and-sparc-support.patch:webkit-1.2.1/WebCore/platform/text/AtomicString.cpp
> 02-pool-fixup-and-sparc-support.patch:webkit-1.2.1/WebCore/platform/text/StringHash.h
> 04-spoof-user-agent-to-google.patch:a/WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp
> 04-spoof-user-agent-to-google.patch:a/WebKit/gtk/webkit/webkitprivate.h
> 04-spoof-user-agent-to-google.patch:a/WebKit/gtk/webkit/webkitwebsettings.cpp
> cve-2010-2646.patch:webkit-1.2.4/WebCore/storage/StorageEventDispatcher.cpp
> cve-2010-2646.patch:webkit-1.2.4/WebCore/page/DOMWindow.h
> cve-2010-2646.patch:webkit-1.2.4/WebCore/page/DOMWindow.cpp
> cve-2010-2646.patch:webkit-1.2.4/WebCore/page/SecurityOrigin.h
> cve-2010-2646.patch:webkit-1.2.4/WebCore/page/DOMWindow.idl
> cve-2010-2651.patch:webkit-1.2.4/WebCore/rendering/RenderBlock.cpp
> cve-2010-2900.patch:webkit-1.2.4/WebCore/html/HTMLCanvasElement.cpp
> cve-2010-2901.patch:webkit-1.2.4/WebCore/rendering/RenderObject.cpp
> cve-2010-2901.patch:webkit-1.2.4/WebCore/rendering/RenderObject.h
> cve-2010-2901.patch:webkit-1.2.4/WebCore/rendering/InlineFlowBox.cpp
> cve-2010-2901.patch:webkit-1.2.4/WebCore/rendering/RenderBlock.cpp
> cve-2010-3120.patch:webkit-1.2.4/WebCore/page/Geolocation.cpp
> 
> Which means the cve* patches should go away.

Why?  If they go away, then the issues are no longer fixed.

The cve* patches were already unapplied. The change makes the state
consistent for all patches (all unapplied).  quilt applies them at
build time.

Mike