Re: Clearance for dino-im 0.4.2

To: Martin <debacle@debian.org>
Cc: debian-release@lists.debian.org
Subject: Re: Clearance for dino-im 0.4.2
From: Sebastian Ramacher <sramacher@debian.org>
Date: Fri, 24 Mar 2023 10:18:51 +0100
Message-id: <[🔎] ZB1q+70WrRnTsrGS@ramacher.at>
Mail-followup-to: Martin <debacle@debian.org>, debian-release@lists.debian.org
In-reply-to: <[🔎] 87jzz7c8zl.fsf@fama.lan>
References: <[🔎] 87jzz7c8zl.fsf@fama.lan>

Hi Martin

On 2023-03-23 23:19:46 +0000, Martin wrote:
> Dear release team,
> 
> I like to get clearance for uploading dino-im 0.4.2 to unstable, to get
> it into bookworm.

Please file a pre-approval unblock bug report against release.debian.org with a
proposed debdiff.

Cheers

> 
> Upstream release text:
> 
> > Maintenance release with fix for CVE-2023-28686 and bug fixes.
> 
> There are eight commits, from which five should definitively go into
> bookworm (1, 2, 6, 7, 8). Two commits are not related to a bug report,
> but solve relevant problems (3, 4). Only one is not relevant at all, but
> it does not touch file we care about anyway (5).
> 
> There are no new features nor unnecessary changes, so I would very much
> prefer to get the new version in instead of adding five to seven
> patches.
> 
> Here is a description of the commits between 0.4.1 (now in testing) and
> 0.4.2 (to be uploaded):
> 
> 1. acf9c694 * Fix C binding for gst_video_frame_get_data
> Fix for: GTK4 - crash when answering video call #1267
> > Fix C binding for gst_video_frame_get_data
> https://github.com/dino/dino/issues/1267
> 
> 2. 89b9110f * Improve history sync
> Fix for: MUC MAM (0313) doesn't work #1386
> > - Ensure we fully fetch desired history if possible (previously, duplicates
> >   from offline message queue could hinder MAM sync)
> > - Early drop illegal MAM messages so they don't pile up in the pending queue
> >   waiting for their query to end (which it never will if they were not
> >   requested in first place).
> https://github.com/dino/dino/issues/1386
> 
> 3. 481a68fd * Improve database performance while reconnecting and syncing
> > Improve database performance while reconnecting and syncing
> > Also move some tasks to low priority idle queue so they won't block UI updates
> No bug report, but solves startup time issues some users reported.
> 
> 4. 1738bf8d * data: Set StartupNotify to true in .desktop file
> > data: Set StartupNotify to true in .desktop file
> > GTK handles startup notifications, so advertise it in desktop
> > file. This allows splash screens and other startup indications
> > in DEs to work.
> No bug report, but sounds like an issue worth solving.
> 
> 5. b6f9b54d * Remove gspell
> (not relevant to Debian: unused cmake/FindGspell.cmake removed, change
> in github ci file)
> 
> 6. 00482404 * Fix a crash if a message subnode is not found in a carbon
> Fix for: A carbon crashes Dino #1392
> > Fix a crash if a message subnode is not found in a carbon
> https://github.com/dino/dino/issues/1392
> 
> 7. 179c766d * Bind soup session lifetime to File provider/sender lifetime
> Fix for: Dino crashes when sending or receiving files #1395 
> > Bind soup session lifetime to File provider/sender lifetime
> > Required since libsoup 3.4. Fixes #1395
> https://github.com/dino/dino/issues/1395
> 
> 8. baf96d9d * @ v0.4.2 origin/v0.4 Check sender of bookmark:1 updates
> Fix for: dino-im: Insufficient message sender validation in Dino CVE-2023-28686
> > Check sender of bookmark:1 updates
> https://bugs.debian.org/1033370
> 
> Thanks in advance for your comments and decision!
> 
> Cheers
> 

-- 
Sebastian Ramacher

Reply to:

Follow-Ups:
- Re: Clearance for dino-im 0.4.2
  - From: Martin <debacle@debian.org>

References:
- Clearance for dino-im 0.4.2
  - From: Martin <debacle@debian.org>

Prev by Date: Bug#1033364: marked as done (unblock: logback/1:1.2.11-2)
Next by Date: Resellers to cooperate
Previous by thread: Clearance for dino-im 0.4.2
Next by thread: Re: Clearance for dino-im 0.4.2
Index(es):
- Date
- Thread