[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.2.5-1-1-g0ecfd13

Tue Oct 19 17:10:51 UTC 2010

On Tue, 19 Oct 2010 19:03:55 +0200, Mike Hommey wrote:
> On Tue, Oct 19, 2010 at 11:47:32AM -0400, Michael Gilbert wrote:
> > On Tue, 19 Oct 2010 17:32:37 +0200, Mike Hommey wrote:
> > > On Tue, Oct 19, 2010 at 11:12:29AM -0400, Michael Gilbert wrote:
> > > > On Tue, 19 Oct 2010 17:01:41 +0200, Mike Hommey wrote:
> > > > > On Tue, Oct 19, 2010 at 10:49:37AM -0400, Michael Gilbert wrote:
> > > > > > On Tue, 19 Oct 2010 08:32:38 +0200, Mike Hommey wrote:
> > > > > > > On Tue, Oct 19, 2010 at 02:01:51AM +0000, Michael Gilbert wrote:
> > > > > > > > diff --git a/debian/changelog b/debian/changelog
> > > > > > > > index df3a807..abe6a53 100644
> > > > > > > > --- a/debian/changelog
> > > > > > > > +++ b/debian/changelog
> > > > > > > > @@ -1,3 +1,11 @@
> > > > > > > > +webkit (1.2.5-2) UNRELEASED; urgency=high
> > > > > > > > +
> > > > > > > > +  * Unapply 02-pool-fixup-and-sparc-support.patch and
> > > > > > > > +    04-spoof-user-agent-to-google.patch in git.  This prevents the
> > > > > > > > +    creation of an unwanted debian-changes patch.
> > > > > > > 
> > > > > > > This doesn't sound right. 3.0 (quilt) doesn't create debian-changes for
> > > > > > > applied patches, except if your tree contains an outdated .pc directory,
> > > > > > > or the series file is incomplete.
> > > > > > 
> > > > > > The 1.2.5-1 upload has an automatically generated debian-changes file
> > > > > > that reverts all of the cve-* patches. I grabbed that version, and
> > > > > > built it myself and got the same automatically generated file. This
> > > > > > change seems to fix that.
> > > > > 
> > > > > If the new version includes the cve patches, and the patches weren't
> > > > > removed from debian/patches, then it's not unexpected.
> > > > > That's why keeping 3.0 (quilt) packages in git requires an adjusted
> > > > > workflow...
> > > > > 
> > > > > IMHO, unapplying all patches is the wrong option. But then, I'm not
> > > > > really active anymore on webkit.
> > > > 
> > > > I think keeping patches unapplied in git makes better sense as a
> > > > workflow.  It's a bit messy to add the patch file and the diff in each
> > > > git commit.
> > > 
> > > But then it's a PITA to handle the patches, because you don't benefit
> > > from git at all. Keeping track of the patches with something like topgit
> > > would be better.
> > > 
> > > > This way, just the patch file is added in git.  Anyway,
> > > > this fix seems to work.
> > > 
> > > But the fix is wrong.
> > > 
> > > $ git diff remotes/origin/webkit-1.2 debian/1.2.5-1 | filterdiff -x b/debian/* | lsdiff
> > > a/JavaScriptCore/wtf/ListHashSet.h
> > > a/WebCore/platform/text/AtomicString.cpp
> > > a/WebCore/platform/text/StringHash.h
> > > a/WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp
> > > a/WebKit/gtk/webkit/webkitprivate.h
> > > a/WebKit/gtk/webkit/webkitwebsettings.cpp
> > > 
> > > $ lsdiff $(cat series)
> > > 02-pool-fixup-and-sparc-support.patch:webkit-1.2.1/JavaScriptCore/wtf/ListHashSet.h
> > > 02-pool-fixup-and-sparc-support.patch:webkit-1.2.1/WebCore/platform/text/AtomicString.cpp
> > > 02-pool-fixup-and-sparc-support.patch:webkit-1.2.1/WebCore/platform/text/StringHash.h
> > > 04-spoof-user-agent-to-google.patch:a/WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp
> > > 04-spoof-user-agent-to-google.patch:a/WebKit/gtk/webkit/webkitprivate.h
> > > 04-spoof-user-agent-to-google.patch:a/WebKit/gtk/webkit/webkitwebsettings.cpp
> > > cve-2010-2646.patch:webkit-1.2.4/WebCore/storage/StorageEventDispatcher.cpp
> > > cve-2010-2646.patch:webkit-1.2.4/WebCore/page/DOMWindow.h
> > > cve-2010-2646.patch:webkit-1.2.4/WebCore/page/DOMWindow.cpp
> > > cve-2010-2646.patch:webkit-1.2.4/WebCore/page/SecurityOrigin.h
> > > cve-2010-2646.patch:webkit-1.2.4/WebCore/page/DOMWindow.idl
> > > cve-2010-2651.patch:webkit-1.2.4/WebCore/rendering/RenderBlock.cpp
> > > cve-2010-2900.patch:webkit-1.2.4/WebCore/html/HTMLCanvasElement.cpp
> > > cve-2010-2901.patch:webkit-1.2.4/WebCore/rendering/RenderObject.cpp
> > > cve-2010-2901.patch:webkit-1.2.4/WebCore/rendering/RenderObject.h
> > > cve-2010-2901.patch:webkit-1.2.4/WebCore/rendering/InlineFlowBox.cpp
> > > cve-2010-2901.patch:webkit-1.2.4/WebCore/rendering/RenderBlock.cpp
> > > cve-2010-3120.patch:webkit-1.2.4/WebCore/page/Geolocation.cpp
> > > 
> > > Which means the cve* patches should go away.
> > 
> > Why?  If they go away, then the issues are no longer fixed.
> > 
> > The cve* patches were already unapplied. The change makes the state
> > consistent for all patches (all unapplied).  quilt applies them at
> > build time.
> 
> And debian-changes-1.2.5-1 undoes them, so the package currently in the
> archive doesn't have the patches applied.
> 
> So now that I take a look at the log, it happens that the problem is
> that these patches were added to debian/patches and not applied to the
> source tree, which is the original reason why debian-changes-1.2.5-1 was
> created.

Right.  I changed the workflow with those patches (keeping them
unapplied in git), and forgot to unapply the existing patches, which has
led to this issue.  If everything is either applied or unapplied, the
issue should be fixed. Personally I prefer unapplied since it seems
cleaner.

Mike