Dear release team, I like to get clearance for uploading dino-im 0.4.2 to unstable, to get it into bookworm.
Upstream release text: > Maintenance release with fix for CVE-2023-28686 and bug fixes. There are eight commits, from which five should definitively go into bookworm (1, 2, 6, 7, 8). Two commits are not related to a bug report, but solve relevant problems (3, 4). Only one is not relevant at all, but it does not touch file we care about anyway (5). There are no new features nor unnecessary changes, so I would very much prefer to get the new version in instead of adding five to seven patches. Here is a description of the commits between 0.4.1 (now in testing) and 0.4.2 (to be uploaded): 1. acf9c694 * Fix C binding for gst_video_frame_get_data Fix for: GTK4 - crash when answering video call #1267 > Fix C binding for gst_video_frame_get_data https://github.com/dino/dino/issues/1267 2. 89b9110f * Improve history sync Fix for: MUC MAM (0313) doesn't work #1386 > - Ensure we fully fetch desired history if possible (previously, duplicates > from offline message queue could hinder MAM sync) > - Early drop illegal MAM messages so they don't pile up in the pending queue > waiting for their query to end (which it never will if they were not > requested in first place). https://github.com/dino/dino/issues/1386 3. 481a68fd * Improve database performance while reconnecting and syncing > Improve database performance while reconnecting and syncing > Also move some tasks to low priority idle queue so they won't block UI updates No bug report, but solves startup time issues some users reported. 4. 1738bf8d * data: Set StartupNotify to true in .desktop file > data: Set StartupNotify to true in .desktop file > GTK handles startup notifications, so advertise it in desktop > file. This allows splash screens and other startup indications > in DEs to work. No bug report, but sounds like an issue worth solving. 5. b6f9b54d * Remove gspell (not relevant to Debian: unused cmake/FindGspell.cmake removed, change in github ci file) 6. 00482404 * Fix a crash if a message subnode is not found in a carbon Fix for: A carbon crashes Dino #1392 > Fix a crash if a message subnode is not found in a carbon https://github.com/dino/dino/issues/1392 7. 179c766d * Bind soup session lifetime to File provider/sender lifetime Fix for: Dino crashes when sending or receiving files #1395 > Bind soup session lifetime to File provider/sender lifetime > Required since libsoup 3.4. Fixes #1395 https://github.com/dino/dino/issues/1395 8. baf96d9d * @ v0.4.2 origin/v0.4 Check sender of bookmark:1 updates Fix for: dino-im: Insufficient message sender validation in Dino CVE-2023-28686 > Check sender of bookmark:1 updates https://bugs.debian.org/1033370 Thanks in advance for your comments and decision! Cheers
