-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Martin Schulze wrote: > Moin, > > it seems that less than two months after the release of sarge it is > not possible to support Mozilla, Thunderbird, Firefox (and probably > Galeon) packages anymore. (in terms of fixing security related > problems) > > Unfortunately the Mozilla Foundation does not provide dedicated and > clean patches for security updates but only releases new versions that > fix tons of security related problems and other stuff that is or may > be irrelevant for security updates. As a result, it is extremely > difficult to get security patches extracted and backported. This is > an utter disaster for security teams and distributions that try to > support their releases. [...] > For these packages, help and/or advice is appreciated.
So i don't know if the package maintainers already know this tool (especially in regard to http://kitenet.net/~joey/blog/entry/bug_hiding_systems-2005-07-30-06-25.html) called Bonsai, it can be very useful to extract single patches more or less easily ;) (even before the the new version has been released). Bonsai keeps a database with all checkins to the CVS repository of cvs.mozilla.org. As a example lets take the the Bug # from that blog post, Bug 294795. Now lets construct a query and see what we can get. First open http://bonsai.mozilla.org/cvsqueryform.cgi, now in the Branch field you have to enter AVIARY_1_0_1_20050124_BRANCH (that's the Firefox/Thunderbird 1.0.x Branch) and on the bottom of the page you have to enter "[X] Between 2005-05-11 00:00 and 2005-07-19 23:00". Those two are the rough dates when FF 1.0.4 and FF 1.0.6 were released. So run the query and you'll get a list of checkins on that branch between the two releases, now you search on this page for the Bug # (i would say the bug # is always noted in the checkin comment except when someone forgets it, but that happens almost never), so 294795. This will point you at the checkin with the comment "Fixing bug 294795. Don't leave references from cloned member functions to the scope where xpconnect creates the functions (safe context). r=bzbarsky[at]mit.edu, sr=brendan[at]mozilla.org, a=dveditz[at]cruzio.com". Now you could either manually merge this checkin by clicking on the version in the 4th column which will display you the diff or check out the new version from the CVS mirror (cvs-mirror.mozilla.org) for example by doing "cvs -j1.11 - -j1.11.44 -r AVIARY_1_0_1_20050124_BRANCH mozilla/js/src/xpconnect/src/XPCDispObject.cpp". You can get the version numbers needed by clicking on the version in the 4th column, you'll see the versions then noted at the top. HTH Frank -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFC7e5raT2V74kAr9URAiJLAKCJJZ7VBFq4BpkS+SZQnleA9g31lwCdF7lM jec0GUzBiikcv2UaScDK4us= =e/MW -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]