[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.2.5-1-1-g0ecfd13
Mike Hommey
mh at glandium.org
Tue Oct 19 17:03:55 UTC 2010
On Tue, Oct 19, 2010 at 11:47:32AM -0400, Michael Gilbert wrote:
> On Tue, 19 Oct 2010 17:32:37 +0200, Mike Hommey wrote:
> > On Tue, Oct 19, 2010 at 11:12:29AM -0400, Michael Gilbert wrote:
> > > On Tue, 19 Oct 2010 17:01:41 +0200, Mike Hommey wrote:
> > > > On Tue, Oct 19, 2010 at 10:49:37AM -0400, Michael Gilbert wrote:
> > > > > On Tue, 19 Oct 2010 08:32:38 +0200, Mike Hommey wrote:
> > > > > > On Tue, Oct 19, 2010 at 02:01:51AM +0000, Michael Gilbert wrote:
> > > > > > > diff --git a/debian/changelog b/debian/changelog
> > > > > > > index df3a807..abe6a53 100644
> > > > > > > --- a/debian/changelog
> > > > > > > +++ b/debian/changelog
> > > > > > > @@ -1,3 +1,11 @@
> > > > > > > +webkit (1.2.5-2) UNRELEASED; urgency=high
> > > > > > > +
> > > > > > > + * Unapply 02-pool-fixup-and-sparc-support.patch and
> > > > > > > + 04-spoof-user-agent-to-google.patch in git. This prevents the
> > > > > > > + creation of an unwanted debian-changes patch.
> > > > > >
> > > > > > This doesn't sound right. 3.0 (quilt) doesn't create debian-changes for
> > > > > > applied patches, except if your tree contains an outdated .pc directory,
> > > > > > or the series file is incomplete.
> > > > >
> > > > > The 1.2.5-1 upload has an automatically generated debian-changes file
> > > > > that reverts all of the cve-* patches. I grabbed that version, and
> > > > > built it myself and got the same automatically generated file. This
> > > > > change seems to fix that.
> > > >
> > > > If the new version includes the cve patches, and the patches weren't
> > > > removed from debian/patches, then it's not unexpected.
> > > > That's why keeping 3.0 (quilt) packages in git requires an adjusted
> > > > workflow...
> > > >
> > > > IMHO, unapplying all patches is the wrong option. But then, I'm not
> > > > really active anymore on webkit.
> > >
> > > I think keeping patches unapplied in git makes better sense as a
> > > workflow. It's a bit messy to add the patch file and the diff in each
> > > git commit.
> >
> > But then it's a PITA to handle the patches, because you don't benefit
> > from git at all. Keeping track of the patches with something like topgit
> > would be better.
> >
> > > This way, just the patch file is added in git. Anyway,
> > > this fix seems to work.
> >
> > But the fix is wrong.
> >
> > $ git diff remotes/origin/webkit-1.2 debian/1.2.5-1 | filterdiff -x b/debian/* | lsdiff
> > a/JavaScriptCore/wtf/ListHashSet.h
> > a/WebCore/platform/text/AtomicString.cpp
> > a/WebCore/platform/text/StringHash.h
> > a/WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp
> > a/WebKit/gtk/webkit/webkitprivate.h
> > a/WebKit/gtk/webkit/webkitwebsettings.cpp
> >
> > $ lsdiff $(cat series)
> > 02-pool-fixup-and-sparc-support.patch:webkit-1.2.1/JavaScriptCore/wtf/ListHashSet.h
> > 02-pool-fixup-and-sparc-support.patch:webkit-1.2.1/WebCore/platform/text/AtomicString.cpp
> > 02-pool-fixup-and-sparc-support.patch:webkit-1.2.1/WebCore/platform/text/StringHash.h
> > 04-spoof-user-agent-to-google.patch:a/WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp
> > 04-spoof-user-agent-to-google.patch:a/WebKit/gtk/webkit/webkitprivate.h
> > 04-spoof-user-agent-to-google.patch:a/WebKit/gtk/webkit/webkitwebsettings.cpp
> > cve-2010-2646.patch:webkit-1.2.4/WebCore/storage/StorageEventDispatcher.cpp
> > cve-2010-2646.patch:webkit-1.2.4/WebCore/page/DOMWindow.h
> > cve-2010-2646.patch:webkit-1.2.4/WebCore/page/DOMWindow.cpp
> > cve-2010-2646.patch:webkit-1.2.4/WebCore/page/SecurityOrigin.h
> > cve-2010-2646.patch:webkit-1.2.4/WebCore/page/DOMWindow.idl
> > cve-2010-2651.patch:webkit-1.2.4/WebCore/rendering/RenderBlock.cpp
> > cve-2010-2900.patch:webkit-1.2.4/WebCore/html/HTMLCanvasElement.cpp
> > cve-2010-2901.patch:webkit-1.2.4/WebCore/rendering/RenderObject.cpp
> > cve-2010-2901.patch:webkit-1.2.4/WebCore/rendering/RenderObject.h
> > cve-2010-2901.patch:webkit-1.2.4/WebCore/rendering/InlineFlowBox.cpp
> > cve-2010-2901.patch:webkit-1.2.4/WebCore/rendering/RenderBlock.cpp
> > cve-2010-3120.patch:webkit-1.2.4/WebCore/page/Geolocation.cpp
> >
> > Which means the cve* patches should go away.
>
> Why? If they go away, then the issues are no longer fixed.
>
> The cve* patches were already unapplied. The change makes the state
> consistent for all patches (all unapplied). quilt applies them at
> build time.
And debian-changes-1.2.5-1 undoes them, so the package currently in the
archive doesn't have the patches applied.
So now that I take a look at the log, it happens that the problem is
that these patches were added to debian/patches and not applied to the
source tree, which is the original reason why debian-changes-1.2.5-1 was
created.
Mike
More information about the Pkg-webkit-maintainers
mailing list