Dear release team,

I like to get clearance for uploading dino-im 0.4.2 to unstable, to get
it into bookworm.

Upstream release text:

Maintenance release with fix for CVE-2023-28686 and bug fixes.

There are eight commits, from which five should definitively go into
bookworm (1, 2, 6, 7, 8). Two commits are not related to a bug report,
but solve relevant problems (3, 4). Only one is not relevant at all, but
it does not touch file we care about anyway (5).

There are no new features nor unnecessary changes, so I would very much
prefer to get the new version in instead of adding five to seven
patches.

Here is a description of the commits between 0.4.1 (now in testing) and
0.4.2 (to be uploaded):

1. acf9c694 * Fix C binding for gst_video_frame_get_data
Fix for: GTK4 - crash when answering video call #1267

Fix C binding for gst_video_frame_get_data

https://github.com/dino/dino/issues/1267

2. 89b9110f * Improve history sync
Fix for: MUC MAM (0313) doesn't work #1386

- Ensure we fully fetch desired history if possible (previously, duplicates
from offline message queue could hinder MAM sync)
- Early drop illegal MAM messages so they don't pile up in the pending queue
waiting for their query to end (which it never will if they were not
requested in first place).

https://github.com/dino/dino/issues/1386

3. 481a68fd * Improve database performance while reconnecting and syncing

Improve database performance while reconnecting and syncing
Also move some tasks to low priority idle queue so they won't block UI updates

No bug report, but solves startup time issues some users reported.

4. 1738bf8d * data: Set StartupNotify to true in .desktop file

data: Set StartupNotify to true in .desktop file
GTK handles startup notifications, so advertise it in desktop
file. This allows splash screens and other startup indications
in DEs to work.

No bug report, but sounds like an issue worth solving.

5. b6f9b54d * Remove gspell
(not relevant to Debian: unused cmake/FindGspell.cmake removed, change
in github ci file)

6. 00482404 * Fix a crash if a message subnode is not found in a carbon
Fix for: A carbon crashes Dino #1392

Fix a crash if a message subnode is not found in a carbon

https://github.com/dino/dino/issues/1392

7. 179c766d * Bind soup session lifetime to File provider/sender lifetime
Fix for: Dino crashes when sending or receiving files #1395

Bind soup session lifetime to File provider/sender lifetime
Required since libsoup 3.4. Fixes #1395

https://github.com/dino/dino/issues/1395

8. baf96d9d * @ v0.4.2 origin/v0.4 Check sender of bookmark:1 updates
Fix for: dino-im: Insufficient message sender validation in Dino CVE-2023-28686

Check sender of bookmark:1 updates

https://bugs.debian.org/1033370

Thanks in advance for your comments and decision!

Cheers

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi Martin

On 2023-03-23 23:19:46 +0000, Martin wrote:

Dear release team,

I like to get clearance for uploading dino-im 0.4.2 to unstable, to get
it into bookworm.

Please file a pre-approval unblock bug report against release.debian.org with a proposed debdiff.

Cheers

Upstream release text:

Maintenance release with fix for CVE-2023-28686 and bug fixes.

There are eight commits, from which five should definitively go into
bookworm (1, 2, 6, 7, 8). Two commits are not related to a bug report,
but solve relevant problems (3, 4). Only one is not relevant at all, but
it does not touch file we care about anyway (5).

There are no new features nor unnecessary changes, so I would very much prefer to get the new version in instead of adding five to seven
patches.

Here is a description of the commits between 0.4.1 (now in testing) and
0.4.2 (to be uploaded):

1. acf9c694 * Fix C binding for gst_video_frame_get_data
Fix for: GTK4 - crash when answering video call #1267

Fix C binding for gst_video_frame_get_data

https://github.com/dino/dino/issues/1267

2. 89b9110f * Improve history sync
Fix for: MUC MAM (0313) doesn't work #1386

- Ensure we fully fetch desired history if possible (previously, duplicates
from offline message queue could hinder MAM sync)
- Early drop illegal MAM messages so they don't pile up in the pending queue
waiting for their query to end (which it never will if they were not
requested in first place).

https://github.com/dino/dino/issues/1386

3. 481a68fd * Improve database performance while reconnecting and syncing

Improve database performance while reconnecting and syncing
Also move some tasks to low priority idle queue so they won't block UI updates

No bug report, but solves startup time issues some users reported.

4. 1738bf8d * data: Set StartupNotify to true in .desktop file

data: Set StartupNotify to true in .desktop file
GTK handles startup notifications, so advertise it in desktop
file. This allows splash screens and other startup indications
in DEs to work.

No bug report, but sounds like an issue worth solving.

5. b6f9b54d * Remove gspell
(not relevant to Debian: unused cmake/FindGspell.cmake removed, change
in github ci file)

6. 00482404 * Fix a crash if a message subnode is not found in a carbon
Fix for: A carbon crashes Dino #1392

Fix a crash if a message subnode is not found in a carbon

https://github.com/dino/dino/issues/1392

7. 179c766d * Bind soup session lifetime to File provider/sender lifetime
Fix for: Dino crashes when sending or receiving files #1395

Bind soup session lifetime to File provider/sender lifetime
Required since libsoup 3.4. Fixes #1395

https://github.com/dino/dino/issues/1395

8. baf96d9d * @ v0.4.2 origin/v0.4 Check sender of bookmark:1 updates
Fix for: dino-im: Insufficient message sender validation in Dino CVE-2023-28686

Check sender of bookmark:1 updates

https://bugs.debian.org/1033370

Thanks in advance for your comments and decision!

Cheers

--
Sebastian Ramacher

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-03-24 10:18, Sebastian Ramacher wrote:

Please file a pre-approval unblock bug report against release.debian.org with a
proposed debdiff.

Thanks! #1033401

Cheers

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)