fix: Don't decrease member add/remove timestamps if they aren't far away in the future

We shouldn't decrease `add_timestamp` and `remove_timestamp` in the `chats_contacts` table normally,
even if remote changes arrive reordered. This particularly makes sense for ad-hoc groups (see
`chat::update_chat_contacts_table()` in `apply_group_changes()`) and in case if we join an encrypted
group which we were a member of before (see `chat::add_to_chat_contacts_table()` call).

Still, limit already stored timestamps in case local clock was in the future and is set back
now. But our clock may be slow, so limit stored timestamps with a remote timestamp if it's
bigger.

NB: `receive_imf::update_chats_contacts_timestamps()` already only increases timestamps, but it's
used only for handling of the "Chat-Group-Member-Timestamps" header, i.e. for encrypted groups.

.github/workflows/ci.yml

@@ -62,7 +62,7 @@ jobs:
         with:
           show-progress: false
           persist-credentials: false
-      - uses: EmbarkStudios/cargo-deny-action@6c8f9facfa5047ec02d8485b6bf52b587b7777d1
+      - uses: EmbarkStudios/cargo-deny-action@a531616d8ce3b9177443e48a1159bc945a099823
         with:
           arguments: --workspace --all-features --locked
           command: check
@@ -146,7 +146,7 @@ jobs:
           cache-bin: false
 
       - name: Install nextest
-        uses: taiki-e/install-action@213ccc1a076163c093f914550b94feb90fab916d
+        uses: taiki-e/install-action@60ae4ce63c7aeb6e96d7f572c1ec7fafbb17ca80
         with:
           tool: nextest
 

.github/workflows/nix.yml

@@ -63,7 +63,6 @@ jobs:
           - deltachat-rpc-server-armv7l-linux-wheel
           - deltachat-rpc-server-i686-linux
           - deltachat-rpc-server-i686-linux-wheel
-          - deltachat-rpc-server-source
           - deltachat-rpc-server-win32
           - deltachat-rpc-server-win32-wheel
           - deltachat-rpc-server-win64

Cargo.lock

@@ -391,6 +391,28 @@ version = "1.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26"
 
+[[package]]
+name = "aws-lc-rs"
+version = "1.17.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5ec2f1fc3ec205783a5da9a7e6c1509cc69dedf09a1949e412c1e18469326d00"
+dependencies = [
+ "aws-lc-sys",
+ "zeroize",
+]
+
+[[package]]
+name = "aws-lc-sys"
+version = "0.41.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1a2f9779ce85b93ab6170dd940ad0169b5766ff848247aff13bb788b832fe3f4"
+dependencies = [
+ "cc",
+ "cmake",
+ "dunce",
+ "fs_extra",
+]
+
 [[package]]
 name = "backon"
 version = "1.5.0"
@@ -763,10 +785,13 @@ dependencies = [
 
 [[package]]
 name = "cc"
-version = "1.2.14"
+version = "1.2.63"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0c3d1b2e905a3a7b00a6141adb0e4c0bb941d11caf55349d863942a1cc44e3c9"
+checksum = "556e016178bb5662a08681bbe0f00f8e17631781a4dfc8c45e466e4b185ec27f"
 dependencies = [
+ "find-msvc-tools",
+ "jobserver",
+ "libc",
  "shlex",
 ]
 
@@ -920,6 +945,15 @@ dependencies = [
  "digest",
 ]
 
+[[package]]
+name = "cmake"
+version = "0.1.58"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c0f78a02292a74a88ac736019ab962ece0bc380e3f977bf72e376c5d78ff0678"
+dependencies = [
+ "cc",
+]
+
 [[package]]
 name = "cobs"
 version = "0.2.3"
@@ -1316,7 +1350,7 @@ dependencies = [
 
 [[package]]
 name = "deltachat"
-version = "2.51.0"
+version = "2.51.0-dev"
 dependencies = [
  "anyhow",
  "astral-tokio-tar",
@@ -1425,7 +1459,7 @@ dependencies = [
 
 [[package]]
 name = "deltachat-jsonrpc"
-version = "2.51.0"
+version = "2.51.0-dev"
 dependencies = [
  "anyhow",
  "async-channel 2.5.0",
@@ -1446,7 +1480,7 @@ dependencies = [
 
 [[package]]
 name = "deltachat-repl"
-version = "2.51.0"
+version = "2.51.0-dev"
 dependencies = [
  "anyhow",
  "deltachat",
@@ -1462,7 +1496,7 @@ dependencies = [
 
 [[package]]
 name = "deltachat-rpc-server"
-version = "2.51.0"
+version = "2.51.0-dev"
 dependencies = [
  "anyhow",
  "deltachat",
@@ -1491,7 +1525,7 @@ dependencies = [
 
 [[package]]
 name = "deltachat_ffi"
-version = "2.51.0"
+version = "2.51.0-dev"
 dependencies = [
  "anyhow",
  "deltachat",
@@ -1676,7 +1710,7 @@ dependencies = [
  "libc",
  "option-ext",
  "redox_users",
- "windows-sys 0.61.1",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -1726,6 +1760,12 @@ dependencies = [
  "zeroize",
 ]
 
+[[package]]
+name = "dunce"
+version = "1.0.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813"
+
 [[package]]
 name = "dyn-clone"
 version = "1.0.18"
@@ -2051,6 +2091,12 @@ dependencies = [
  "windows-sys 0.59.0",
 ]
 
+[[package]]
+name = "find-msvc-tools"
+version = "0.1.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5baebc0774151f905a1a2cc41989300b1e6fbb29aff0ceffa1064fdd3088d582"
+
 [[package]]
 name = "fixedbitset"
 version = "0.5.7"
@@ -2108,6 +2154,12 @@ dependencies = [
 name = "format-flowed"
 version = "1.0.0"
 
+[[package]]
+name = "fs_extra"
+version = "1.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c"
+
 [[package]]
 name = "funty"
 version = "2.0.0"
@@ -2681,7 +2733,7 @@ dependencies = [
  "hyper",
  "libc",
  "pin-project-lite",
- "socket2 0.6.3",
+ "socket2 0.5.9",
  "tokio",
  "tower-service",
  "tracing",
@@ -3234,6 +3286,16 @@ version = "1.0.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b1a46d1a171d865aa5f83f92695765caa047a9b4cbae2cbf37dbd613a793fd4c"
 
+[[package]]
+name = "jobserver"
+version = "0.1.34"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9afb3de4395d6b3e67a780b6de64b51c978ecf11cb9a462c66be7d4ca9039d33"
+dependencies = [
+ "getrandom 0.3.3",
+ "libc",
+]
+
 [[package]]
 name = "js-sys"
 version = "0.3.77"
@@ -3374,9 +3436,9 @@ dependencies = [
 
 [[package]]
 name = "log"
-version = "0.4.29"
+version = "0.4.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897"
+checksum = "113b30b4cd05f7c06868fdb2854f66a7b9fece9a48425351cd532e810d74024f"
 
 [[package]]
 name = "loom"
@@ -3818,7 +3880,7 @@ version = "0.50.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7957b9740744892f114936ab4a57b3f487491bbeafaf8083688b16841a4240e5"
 dependencies = [
- "windows-sys 0.61.1",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -4303,18 +4365,18 @@ dependencies = [
 
 [[package]]
 name = "pin-project"
-version = "1.1.11"
+version = "1.1.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f1749c7ed4bcaf4c3d0a3efc28538844fb29bcdd7d2b67b2be7e20ba861ff517"
+checksum = "2466b2336ed02bcdca6b294417127b90ec92038d1d5c4fbeac971a922e0e0924"
 dependencies = [
  "pin-project-internal",
 ]
 
 [[package]]
 name = "pin-project-internal"
-version = "1.1.11"
+version = "1.1.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d9b20ed30f105399776b9c883e68e536ef602a16ae6f596d2c473591d6ad64c6"
+checksum = "c96395f0a926bc13b1c17622aaddda1ecb55d49c8f1bf9777e4d877800a43f8b"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -5219,7 +5281,7 @@ dependencies = [
  "errno",
  "libc",
  "linux-raw-sys 0.12.1",
- "windows-sys 0.61.1",
+ "windows-sys 0.52.0",
 ]
 
 [[package]]
@@ -5228,6 +5290,7 @@ version = "0.23.37"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "758025cb5fccfd3bc2fd74708fd4682be41d99e5dff73c377c0646c6012c73a4"
 dependencies = [
+ "aws-lc-rs",
  "log",
  "once_cell",
  "ring",
@@ -5273,6 +5336,7 @@ version = "0.103.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "61c429a8649f110dddef65e2a5ad240f747e85f7758a6bccc7e5777bd33f756e"
 dependencies = [
+ "aws-lc-rs",
  "ring",
  "rustls-pki-types",
  "untrusted",
@@ -5517,9 +5581,9 @@ dependencies = [
 
 [[package]]
 name = "serde_json"
-version = "1.0.149"
+version = "1.0.150"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "83fc039473c5595ace860d8c4fafa220ff474b3fc6bfdb4293327f1a37e94d86"
+checksum = "e8014e44b4736ed0538adeecded0fce2a272f22dc9578a7eb6b2d9993c74cfb9"
 dependencies = [
  "itoa",
  "memchr",
@@ -5695,9 +5759,9 @@ dependencies = [
 
 [[package]]
 name = "shlex"
-version = "1.3.0"
+version = "2.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
+checksum = "f8fadd59c855ef2080decdef8ff161eb6661b86933c9d82e5ba29dc602a55aba"
 
 [[package]]
 name = "signal-hook-registry"
@@ -6083,7 +6147,7 @@ dependencies = [
  "getrandom 0.3.3",
  "once_cell",
  "rustix 1.1.4",
- "windows-sys 0.61.1",
+ "windows-sys 0.52.0",
 ]
 
 [[package]]
@@ -6231,9 +6295,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
 
 [[package]]
 name = "tokio"
-version = "1.52.1"
+version = "1.52.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b67dee974fe86fd92cc45b7a95fdd2f99a36a6d7b0d431a231178d3d670bbcc6"
+checksum = "8fc7f01b389ac15039e4dc9531aa973a135d7a4135281b12d7c1bc79fd57fffe"
 dependencies = [
  "bytes",
  "libc",

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "deltachat"
-version = "2.51.0"
+version = "2.51.0-dev"
 edition = "2024"
 license = "MPL-2.0"
 rust-version = "1.89"
@@ -101,7 +101,7 @@ tagger = "4.3.4"
 textwrap = "0.16.2"
 thiserror = { workspace = true }
 tokio-io-timeout = "1.2.1"
-tokio-rustls = { version = "0.26.2", default-features = false }
+tokio-rustls = { version = "0.26.2", default-features = false, features = ["aws-lc-rs", "tls12"] }
 tokio-stream = { version = "0.1.17", features = ["fs"] }
 astral-tokio-tar = { version = "0.6.2", default-features = false }
 tokio-util = { workspace = true }

deltachat-ffi/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "deltachat_ffi"
-version = "2.51.0"
+version = "2.51.0-dev"
 description = "Deltachat FFI"
 edition = "2018"
 readme = "README.md"

deltachat-jsonrpc/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-jsonrpc"
-version = "2.51.0"
+version = "2.51.0-dev"
 description = "DeltaChat JSON-RPC API"
 edition = "2021"
 license = "MPL-2.0"

deltachat-jsonrpc/src/api.rs

@@ -1106,9 +1106,6 @@ impl CommandApi {
     /// because the word "channel" already appears a lot in the code,
     /// which would make it hard to grep for it.
     ///
-    /// After creation, the chat contains no recipients and is in _unpromoted_ state;
-    /// see [`CommandApi::create_group_chat`] for more information on the unpromoted state.
-    ///
     /// Returns the created chat's id.
     async fn create_broadcast(&self, account_id: u32, chat_name: String) -> Result<u32> {
         let ctx = self.get_context(account_id).await?;

deltachat-jsonrpc/typescript/package.json

@@ -54,5 +54,5 @@
   },
   "type": "module",
   "types": "dist/deltachat.d.ts",
-  "version": "2.51.0"
+  "version": "2.51.0-dev"
 }

deltachat-repl/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-repl"
-version = "2.51.0"
+version = "2.51.0-dev"
 license = "MPL-2.0"
 edition = "2021"
 repository = "https://github.com/chatmail/core"

deltachat-rpc-client/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "deltachat-rpc-client"
-version = "2.51.0"
+version = "2.51.0-dev"
 license = "MPL-2.0"
 description = "Python client for Delta Chat core JSON-RPC interface"
 classifiers = [

deltachat-rpc-client/src/deltachat_rpc_client/account.py

@@ -340,9 +340,6 @@ class Account:
         because the word "channel" already appears a lot in the code,
         which would make it hard to grep for it.
 
-        After creation, the chat contains no recipients and is in _unpromoted_ state;
-        see `create_group()` for more information on the unpromoted state.
-
         Returns the created chat.
         """
         return Chat(self, self._rpc.create_broadcast(self.id, name))

deltachat-rpc-server/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-rpc-server"
-version = "2.51.0"
+version = "2.51.0-dev"
 description = "DeltaChat JSON-RPC server"
 edition = "2021"
 readme = "README.md"

deltachat-rpc-server/npm-package/package.json

@@ -15,5 +15,5 @@
   },
   "type": "module",
   "types": "index.d.ts",
-  "version": "2.51.0"
+  "version": "2.51.0-dev"
 }

flake.nix

@@ -518,22 +518,6 @@
                 '';
               };
 
-            # Source package for deltachat-rpc-server.
-            # Fake package that downloads Linux version,
-            # needed to install deltachat-rpc-server on Android with `pip`.
-            deltachat-rpc-server-source =
-              pkgs.stdenv.mkDerivation {
-                pname = "deltachat-rpc-server-source";
-                version = manifest.version;
-                src = pkgs.lib.cleanSource ./.;
-                nativeBuildInputs = [
-                  pkgs.python3
-                  pkgs.python3Packages.wheel
-                ];
-                buildPhase = ''python3 scripts/wheel-rpc-server.py source deltachat_rpc_server-${manifest.version}.tar.gz'';
-                installPhase = ''mkdir -p $out; cp -av deltachat_rpc_server-${manifest.version}.tar.gz $out'';
-              };
-
             deltachat-rpc-client =
               pkgs.python3Packages.buildPythonPackage {
                 pname = "deltachat-rpc-client";

python/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "deltachat"
-version = "2.51.0"
+version = "2.51.0-dev"
 license = "MPL-2.0"
 description = "Python bindings for the Delta Chat Core library using CFFI against the Rust-implemented libdeltachat"
 readme = "README.rst"

scripts/wheel-rpc-server.py

@@ -20,86 +20,6 @@ Description-Content-Type: text/markdown
 """
 
 
-def build_source_package(version, filename):
-    with tarfile.open(filename, "w:gz") as pkg:
-
-        def pack(name, contents):
-            contents = contents.encode()
-            tar_info = tarfile.TarInfo(f"deltachat_rpc_server-{version}/{name}")
-            tar_info.mode = 0o644
-            tar_info.size = len(contents)
-            pkg.addfile(tar_info, BytesIO(contents))
-
-        pack("PKG-INFO", metadata_contents(version))
-        pack(
-            "pyproject.toml",
-            f"""[build-system]
-requires = ["setuptools==68.2.2", "pip"]
-build-backend = "setuptools.build_meta"
-
-[project]
-name = "deltachat-rpc-server"
-version = "{version}"
-
-[project.scripts]
-deltachat-rpc-server = "deltachat_rpc_server:main"
-""",
-        )
-        pack(
-            "setup.py",
-            f"""
-import sys
-from setuptools import setup, find_packages
-from distutils.cmd import Command
-from setuptools.command.install import install
-from setuptools.command.build import build
-import subprocess
-import platform
-import tempfile
-from zipfile import ZipFile
-from pathlib import Path
-import shutil
-
-
-class BuildCommand(build):
-    def run(self):
-        tmpdir = tempfile.mkdtemp()
-        subprocess.run(
-            [
-                sys.executable,
-                "-m",
-                "pip",
-                "download",
-                "--no-input",
-                "--timeout",
-                "1000",
-                "--platform",
-                "musllinux_1_1_" + platform.machine(),
-                "--only-binary=:all:",
-                "deltachat-rpc-server=={version}",
-            ],
-            cwd=tmpdir,
-        )
-
-        wheel_path = next(Path(tmpdir).glob("*.whl"))
-        with ZipFile(wheel_path, "r") as wheel:
-            exe_path = wheel.extract("deltachat_rpc_server/deltachat-rpc-server", "src")
-            Path(exe_path).chmod(0o700)
-            wheel.extract("deltachat_rpc_server/__init__.py", "src")
-
-        shutil.rmtree(tmpdir)
-        return super().run()
-
-
-setup(
-    cmdclass={{"build": BuildCommand}},
-    package_data={{"deltachat_rpc_server": ["deltachat-rpc-server"]}},
-)
-""",
-        )
-        pack("src/deltachat_rpc_server/__init__.py", "")
-
-
 def build_wheel(version, binary, tag, windows=False):
     filename = f"deltachat_rpc_server-{version}-{tag}.whl"
 
@@ -168,23 +88,19 @@ def main():
     with Path("Cargo.toml").open("rb") as fp:
         cargo_manifest = tomllib.load(fp)
     version = cargo_manifest["package"]["version"]
-    if sys.argv[1] == "source":
-        filename = f"deltachat_rpc_server-{version}.tar.gz"
-        build_source_package(version, filename)
-    else:
-        arch = sys.argv[1]
-        executable = sys.argv[2]
-        tags = arch2tags[arch]
+    arch = sys.argv[1]
+    executable = sys.argv[2]
+    tags = arch2tags[arch]
 
-        if arch in ["win32", "win64"]:
-            build_wheel(
-                version,
-                executable,
-                f"py3-none-{tags}",
-                windows=True,
-            )
-        else:
-            build_wheel(version, executable, f"py3-none-{tags}")
+    if arch in ["win32", "win64"]:
+        build_wheel(
+            version,
+            executable,
+            f"py3-none-{tags}",
+            windows=True,
+        )
+    else:
+        build_wheel(version, executable, f"py3-none-{tags}")
 
 
 main()

src/chat.rs

@@ -32,6 +32,7 @@ use crate::debug_logging::maybe_set_logging_xdc;
 use crate::download::{
     DownloadState, PRE_MSG_ATTACHMENT_SIZE_THRESHOLD, PRE_MSG_SIZE_WARNING_THRESHOLD,
 };
+use crate::ensure_and_debug_assert_eq;
 use crate::ephemeral::{Timer as EphemeralTimer, start_chat_ephemeral_timers};
 use crate::events::EventType;
 use crate::key::{Fingerprint, self_fingerprint};
@@ -1782,9 +1783,8 @@ impl Chat {
                 );
                 bail!("Cannot set message, contact for {} not found.", self.id);
             }
-        } else if matches!(self.typ, Chattype::Group | Chattype::OutBroadcast)
-            && self.param.get_int(Param::Unpromoted).unwrap_or_default() == 1
-        {
+        } else if self.param.get_int(Param::Unpromoted).unwrap_or_default() == 1 {
+            ensure_and_debug_assert_eq!(self.typ, Chattype::Group,);
             msg.param.set_int(Param::AttachChatAvatarAndDescription, 1);
             self.param
                 .remove(Param::Unpromoted)
@@ -3626,9 +3626,6 @@ pub(crate) async fn create_group_ex(
 /// because the word "channel" already appears a lot in the code,
 /// which would make it hard to grep for it.
 ///
-/// After creation, the chat contains no recipients and is in _unpromoted_ state;
-/// see [`create_group`] for more information on the unpromoted state.
-///
 /// Returns the created chat's id.
 pub async fn create_broadcast(context: &Context, chat_name: String) -> Result<ChatId> {
     let grpid = create_id();
@@ -3660,17 +3657,20 @@ pub(crate) async fn create_out_broadcast_ex(
             |row| row.get(0),
         )?;
         ensure!(cnt == 0, "{cnt} chats exist with grpid {grpid}");
+        let mut params: Params = Params::new();
+        params.update_timestamp(Param::GroupNameTimestamp, time())?;
 
         t.execute(
             "INSERT INTO chats
-            (type, name, name_normalized, grpid, created_timestamp)
-            VALUES(?, ?, ?, ?, ?)",
+            (type, name, name_normalized, grpid, created_timestamp, param)
+            VALUES(?, ?, ?, ?, ?, ?)",
             (
                 Chattype::OutBroadcast,
                 &chat_name,
                 normalize_text(&chat_name),
                 &grpid,
                 timestamp,
+                params.to_string(),
             ),
         )?;
         let chat_id = ChatId::new(t.last_insert_rowid().try_into()?);
@@ -3738,17 +3738,19 @@ pub(crate) async fn update_chat_contacts_table(
     id: ChatId,
     contacts: &BTreeSet<ContactId>,
 ) -> Result<()> {
+    // See add_to_chat_contacts_table() for reasoning.
+    let limit = cmp::max(time().saturating_add(TIMESTAMP_SENT_TOLERANCE), timestamp);
     context
         .sql
         .transaction(move |transaction| {
-            // Bump `remove_timestamp` to at least `now`
-            // even for members from `contacts`.
+            // Bump `remove_timestamp` even for members from `contacts`.
             // We add members from `contacts` back below.
             transaction.execute(
-                "UPDATE chats_contacts
-                 SET remove_timestamp=MAX(add_timestamp+1, ?)
+                "UPDATE chats_contacts SET
+                     add_timestamp=MIN(add_timestamp, ?1),
+                     remove_timestamp=MAX(MIN(remove_timestamp,?1), MIN(add_timestamp,?1)+1, ?)
                  WHERE chat_id=?",
-                (timestamp, id),
+                (limit, timestamp, id),
             )?;
 
             if !contacts.is_empty() {
@@ -3760,9 +3762,8 @@ pub(crate) async fn update_chat_contacts_table(
                 )?;
 
                 for contact_id in contacts {
-                    // We bumped `add_timestamp` for existing rows above,
-                    // so on conflict it is enough to set `add_timestamp = remove_timestamp`
-                    // and this guarantees that `add_timestamp` is no less than `timestamp`.
+                    // We bumped `remove_timestamp` for existing rows above,
+                    // so on conflict it is enough to set `add_timestamp = remove_timestamp`.
                     statement.execute((id, contact_id, timestamp))?;
                 }
             }
@@ -3779,17 +3780,24 @@ pub(crate) async fn add_to_chat_contacts_table(
     chat_id: ChatId,
     contact_ids: &[ContactId],
 ) -> Result<()> {
+    // Our clock may be slow, so limit stored timestamps with `timestamp` if it's bigger. This way
+    // we only cap remote timestamps if, in addition, remote changes arrive reordered or we do local
+    // changes. Also allow some tolerance, moreover, previous removals might lend time from the
+    // future.
+    let limit = cmp::max(time().saturating_add(TIMESTAMP_SENT_TOLERANCE), timestamp);
     context
         .sql
         .transaction(move |transaction| {
             let mut add_statement = transaction.prepare(
                 "INSERT INTO chats_contacts (chat_id, contact_id, add_timestamp) VALUES(?1, ?2, ?3)
                  ON CONFLICT (chat_id, contact_id)
-                 DO UPDATE SET add_timestamp=MAX(remove_timestamp, ?3)",
+                 DO UPDATE SET
+                     remove_timestamp=MIN(remove_timestamp, ?4),
+                     add_timestamp=MIN(MAX(add_timestamp,remove_timestamp,?3), ?4)",
             )?;
 
             for contact_id in contact_ids {
-                add_statement.execute((chat_id, contact_id, timestamp))?;
+                add_statement.execute((chat_id, contact_id, timestamp, limit))?;
             }
             Ok(())
         })
@@ -3800,26 +3808,34 @@ pub(crate) async fn add_to_chat_contacts_table(
 
 /// Removes a contact from the chat
 /// by updating the `remove_timestamp`.
+/// Returns whether the contact has been a chat member recently. If so, a removal message should be
+/// sent.
 pub(crate) async fn remove_from_chat_contacts_table(
     context: &Context,
     chat_id: ChatId,
     contact_id: ContactId,
-) -> Result<()> {
+) -> Result<bool> {
     let now = time();
-    context
+    // See add_to_chat_contacts_table() for reasoning.
+    let limit = now.saturating_add(TIMESTAMP_SENT_TOLERANCE);
+    let is_past_member = context
         .sql
         .execute(
-            "UPDATE chats_contacts
-             SET remove_timestamp=MAX(add_timestamp+1, ?)
+            "UPDATE chats_contacts SET
+                 add_timestamp=MIN(add_timestamp, ?1),
+                 remove_timestamp=MAX(MIN(remove_timestamp,?1), MIN(add_timestamp,?1)+1, ?)
              WHERE chat_id=? AND contact_id=?",
-            (now, chat_id, contact_id),
+            (limit, now, chat_id, contact_id),
         )
-        .await?;
-    Ok(())
+        .await?
+        > 0;
+    Ok(is_past_member)
 }
 
 /// Removes a contact from the chat
-/// without leaving a trace.
+/// without leaving a trace in the db.
+/// Returns whether the contact was removed, even if it was a past contact. If so, a removal message
+/// should be sent if the removal is issued by this device.
 ///
 /// Note that if we call this function,
 /// and then receive a message from another device
@@ -3829,17 +3845,17 @@ pub(crate) async fn remove_from_chat_contacts_table_without_trace(
     context: &Context,
     chat_id: ChatId,
     contact_id: ContactId,
-) -> Result<()> {
-    context
+) -> Result<bool> {
+    let removed = context
         .sql
         .execute(
             "DELETE FROM chats_contacts
             WHERE chat_id=? AND contact_id=?",
             (chat_id, contact_id),
         )
-        .await?;
-
-    Ok(())
+        .await?
+        > 0;
+    Ok(removed)
 }
 
 /// Adds a contact to the chat.
@@ -4159,10 +4175,13 @@ pub async fn remove_contact_from_chat(
 
     let mut sync = Nosync;
 
-    if chat.is_promoted() && chat.typ != Chattype::OutBroadcast {
-        remove_from_chat_contacts_table(context, chat_id, contact_id).await?;
+    let removed = if chat.is_promoted() && chat.typ != Chattype::OutBroadcast {
+        remove_from_chat_contacts_table(context, chat_id, contact_id).await?
     } else {
-        remove_from_chat_contacts_table_without_trace(context, chat_id, contact_id).await?;
+        remove_from_chat_contacts_table_without_trace(context, chat_id, contact_id).await?
+    };
+    if !removed {
+        return Ok(());
     }
 
     // We do not return an error if the contact does not exist in the database.

src/chat/chat_tests.rs

@@ -9,6 +9,7 @@ use crate::headerdef::HeaderDef;
 use crate::imex::{ImexMode, has_backup, imex};
 use crate::message::{Message, MessengerMessage, delete_msgs};
 use crate::mimeparser::{self, MimeMessage};
+use crate::qr::{Qr, check_qr};
 use crate::receive_imf::receive_imf;
 use crate::securejoin::{get_securejoin_qr, join_securejoin};
 use crate::test_utils;
@@ -2799,6 +2800,30 @@ async fn test_can_send_group() -> Result<()> {
     Ok(())
 }
 
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_cant_remove_nonmember() -> Result<()> {
+    let mut tcm = TestContextManager::new();
+    let alice = &tcm.alice().await;
+    let bob = &tcm.bob().await;
+    let charlie = &tcm.charlie().await;
+
+    let alice_broadcast_id = create_broadcast(alice, "Channel".to_string()).await?;
+    let qr = get_securejoin_qr(alice, Some(alice_broadcast_id))
+        .await
+        .unwrap();
+    tcm.exec_securejoin_qr(bob, alice, &qr).await;
+
+    let alice_charlie_id = alice.add_or_lookup_contact_id(charlie).await;
+    remove_contact_from_chat(alice, alice_broadcast_id, alice_charlie_id).await?;
+    assert!(alice.pop_sent_msg_opt(Duration::ZERO).await.is_none());
+    assert!(!remove_from_chat_contacts_table(alice, alice_broadcast_id, alice_charlie_id).await?);
+    assert!(
+        !remove_from_chat_contacts_table_without_trace(alice, alice_broadcast_id, alice_charlie_id)
+            .await?
+    );
+    Ok(())
+}
+
 /// Tests that in a broadcast channel,
 /// the recipients can't see the identity of their fellow recipients.
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
@@ -2922,10 +2947,24 @@ async fn test_broadcast_change_name() -> Result<()> {
     let fiona = &tcm.fiona().await;
 
     let broadcast_id = create_broadcast(alice, "Channel".to_string()).await?;
-    let qr = get_securejoin_qr(alice, Some(broadcast_id)).await.unwrap();
+    let mut qr = get_securejoin_qr(alice, Some(broadcast_id)).await.unwrap();
+    // Something goes wrong with the title, e.g. maybe it gets ellipsized
+    // Note that the title always comes at the end for human readability
+    qr += "+modified+title";
+
+    {
+        tcm.section("Alice invites Bob to her channel");
+        let Qr::AskJoinBroadcast { name, .. } = check_qr(bob, &qr).await? else {
+            panic!();
+        };
+        assert_eq!(name, "Channel modified title");
+
+        // The channel's name gets fixed after actually joining the channel:
+        let bob_chat_id = tcm.exec_securejoin_qr(bob, alice, &qr).await;
+        let bob_chat = Chat::load_from_db(bob, bob_chat_id).await?;
+        assert_eq!(bob_chat.name, "Channel");
+    }
 
-    tcm.section("Alice invites Bob to her channel");
-    tcm.exec_securejoin_qr(bob, alice, &qr).await;
     tcm.section("Alice invites Fiona to her channel");
     tcm.exec_securejoin_qr(fiona, alice, &qr).await;
 

src/message.rs

@@ -2042,13 +2042,6 @@ pub(crate) async fn update_msg_state(
     Ok(())
 }
 
-// as we do not cut inside words, this results in about 32-42 characters.
-// Do not use too long subjects - we add a tag after the subject which gets truncated by the clients otherwise.
-// It should also be very clear, the subject is _not_ the whole message.
-// The value is also used for CC:-summaries
-
-// Context functions to work with messages
-
 pub(crate) async fn set_msg_failed(
     context: &Context,
     msg: &mut Message,

src/net/dns.rs

@@ -231,7 +231,10 @@ static DNS_PRELOAD: LazyLock<HashMap<&'static str, Vec<IpAddr>>> = LazyLock::new
     HashMap::from([
         (
             "imap.163.com",
-            vec![IpAddr::V4(Ipv4Addr::new(111, 124, 203, 45))],
+            vec![
+                IpAddr::V4(Ipv4Addr::new(111, 124, 203, 45)),
+                IpAddr::V4(Ipv4Addr::new(111, 124, 203, 50)),
+            ],
         ),
         (
             "smtp.163.com",
@@ -422,12 +425,12 @@ static DNS_PRELOAD: LazyLock<HashMap<&'static str, Vec<IpAddr>>> = LazyLock::new
             "nine.testrun.org",
             vec![
                 IpAddr::V4(Ipv4Addr::new(128, 140, 126, 197)),
-                IpAddr::V4(Ipv4Addr::new(116, 202, 233, 236)),
                 IpAddr::V4(Ipv4Addr::new(216, 144, 228, 100)),
-                IpAddr::V6(Ipv6Addr::new(0x2a01, 0x4f8, 0x241, 0x4ce8, 0, 0, 0, 2)),
+                IpAddr::V4(Ipv4Addr::new(77, 42, 49, 41)),
                 IpAddr::V6(Ipv6Addr::new(
                     0x2001, 0x41d0, 0x701, 0x1100, 0, 0, 0, 0x8ab1,
                 )),
+                IpAddr::V6(Ipv6Addr::new(0x2a01, 0x4f9, 0xfff1, 0x59, 0, 0, 0, 1)),
             ],
         ),
         (
@@ -697,6 +700,10 @@ static DNS_PRELOAD: LazyLock<HashMap<&'static str, Vec<IpAddr>>> = LazyLock::new
             "chatmail.hackea.org",
             vec![IpAddr::V4(Ipv4Addr::new(82, 165, 11, 85))],
         ),
+        (
+            "chat.adminforge.de",
+            vec![IpAddr::V4(Ipv4Addr::new(94, 130, 17, 142))],
+        ),
         (
             "chika.aangat.lahat.computer",
             vec![IpAddr::V4(Ipv4Addr::new(71, 19, 150, 113))],
@@ -738,6 +745,46 @@ static DNS_PRELOAD: LazyLock<HashMap<&'static str, Vec<IpAddr>>> = LazyLock::new
             "danneskjold.de",
             vec![IpAddr::V4(Ipv4Addr::new(46, 62, 216, 132))],
         ),
+        (
+            "chat.in-the.eu",
+            vec![IpAddr::V4(Ipv4Addr::new(78, 46, 190, 129))],
+        ),
+        (
+            "chat.nuvon.app",
+            vec![IpAddr::V4(Ipv4Addr::new(178, 238, 38, 165))],
+        ),
+        (
+            "nibblehole.com",
+            vec![IpAddr::V4(Ipv4Addr::new(94, 247, 42, 209))],
+        ),
+        (
+            "chat.zashm.org",
+            vec![IpAddr::V4(Ipv4Addr::new(91, 245, 76, 39))],
+        ),
+        (
+            "chat.sus.fr",
+            vec![IpAddr::V4(Ipv4Addr::new(152, 67, 76, 190))],
+        ),
+        (
+            "delta.thelab.uno",
+            vec![IpAddr::V4(Ipv4Addr::new(146, 59, 228, 39))],
+        ),
+        (
+            "chat.vim.wtf",
+            vec![IpAddr::V4(Ipv4Addr::new(116, 203, 206, 170))],
+        ),
+        (
+            "uninterest.ing",
+            vec![IpAddr::V4(Ipv4Addr::new(172, 245, 70, 237))],
+        ),
+        (
+            "sweetfern.net",
+            vec![IpAddr::V4(Ipv4Addr::new(178, 156, 228, 133))],
+        ),
+        (
+            "delta.disobey.net",
+            vec![IpAddr::V4(Ipv4Addr::new(37, 74, 102, 44))],
+        ),
         (
             "darkrun.dev",
             vec![IpAddr::V4(Ipv4Addr::new(72, 11, 149, 146))],

src/net/tls.rs

@@ -126,9 +126,12 @@ pub async fn wrap_rustls<'a>(
     let root_cert_store =
         rustls::RootCertStore::from_iter(webpki_roots::TLS_SERVER_ROOTS.iter().cloned());
 
-    let mut config = rustls::ClientConfig::builder()
-        .with_root_certificates(root_cert_store)
-        .with_no_client_auth();
+    let mut config = rustls::ClientConfig::builder_with_provider(Arc::new(
+        rustls::crypto::aws_lc_rs::default_provider(),
+    ))
+    .with_safe_default_protocol_versions()?
+    .with_root_certificates(root_cert_store)
+    .with_no_client_auth();
     config.alpn_protocols = if alpn.is_empty() {
         vec![]
     } else {

src/net/tls/danger.rs

@@ -51,7 +51,7 @@ impl rustls::client::danger::ServerCertVerifier for CustomCertificateVerifier {
 
         let spki = parsed_certificate.subject_public_key_info();
 
-        let provider = rustls::crypto::ring::default_provider();
+        let provider = rustls::crypto::aws_lc_rs::default_provider();
 
         if let ServerName::DnsName(dns_name) = server_name
             && dns_name.as_ref().starts_with("_")
@@ -97,7 +97,7 @@ impl rustls::client::danger::ServerCertVerifier for CustomCertificateVerifier {
         cert: &CertificateDer<'_>,
         dss: &rustls::DigitallySignedStruct,
     ) -> Result<rustls::client::danger::HandshakeSignatureValid, rustls::Error> {
-        let provider = rustls::crypto::ring::default_provider();
+        let provider = rustls::crypto::aws_lc_rs::default_provider();
         let supported_schemes = &provider.signature_verification_algorithms;
         rustls::crypto::verify_tls12_signature(message, cert, dss, supported_schemes)
     }
@@ -108,13 +108,13 @@ impl rustls::client::danger::ServerCertVerifier for CustomCertificateVerifier {
         cert: &CertificateDer<'_>,
         dss: &rustls::DigitallySignedStruct,
     ) -> Result<rustls::client::danger::HandshakeSignatureValid, rustls::Error> {
-        let provider = rustls::crypto::ring::default_provider();
+        let provider = rustls::crypto::aws_lc_rs::default_provider();
         let supported_schemes = &provider.signature_verification_algorithms;
         rustls::crypto::verify_tls13_signature(message, cert, dss, supported_schemes)
     }
 
     fn supported_verify_schemes(&self) -> Vec<rustls::SignatureScheme> {
-        let provider = rustls::crypto::ring::default_provider();
+        let provider = rustls::crypto::aws_lc_rs::default_provider();
         provider
             .signature_verification_algorithms
             .supported_schemes()

src/receive_imf.rs

@@ -3790,13 +3790,17 @@ async fn apply_out_broadcast_changes(
         } else if from_id == ContactId::SELF
             && let Some(removed_id) = removed_id
         {
-            chat::remove_from_chat_contacts_table_without_trace(context, chat.id, removed_id)
-                .await?;
-
-            better_msg.get_or_insert(
-                stock_str::msg_del_member_local(context, removed_id, ContactId::SELF).await,
-            );
-            added_removed_id = Some(removed_id);
+            if chat::remove_from_chat_contacts_table_without_trace(context, chat.id, removed_id)
+                .await?
+            {
+                better_msg.get_or_insert(
+                    stock_str::msg_del_member_local(context, removed_id, ContactId::SELF).await,
+                );
+                added_removed_id = Some(removed_id);
+            } else {
+                info!(context, "No-op broadcast member removal message (TRASH).");
+                better_msg = Some("".to_string());
+            }
         }
     }
 
@@ -3870,17 +3874,20 @@ async fn apply_in_broadcast_changes(
         }
         chat::delete_broadcast_secret(context, chat.id).await?;
 
-        if from_id == ContactId::SELF {
+        let removed =
+            chat::remove_from_chat_contacts_table_without_trace(context, chat.id, ContactId::SELF)
+                .await?;
+        if !removed {
+            info!(context, "No-op broadcast SELF-removal message (TRASH).");
+            better_msg = Some("".to_string());
+        } else if from_id == ContactId::SELF {
             better_msg.get_or_insert(stock_str::msg_you_left_broadcast(context));
         } else {
             better_msg.get_or_insert(
                 stock_str::msg_del_member_local(context, ContactId::SELF, from_id).await,
             );
         }
-
-        chat::remove_from_chat_contacts_table_without_trace(context, chat.id, ContactId::SELF)
-            .await?;
-        send_event_chat_modified = true;
+        send_event_chat_modified |= removed;
     } else if !chat.is_self_in_chat(context).await? {
         chat::add_to_chat_contacts_table(
             context,

src/stats.rs

@@ -18,7 +18,7 @@ use crate::config::Config;
 use crate::constants::{Chattype, DC_VERSION_STR};
 use crate::contact::{Contact, ContactId, Origin, import_vcard, mark_contact_id_as_verified};
 use crate::context::Context;
-use crate::key::load_self_public_keyring;
+use crate::key::{DcKey, load_self_public_key};
 use crate::log::LogExt;
 use crate::message::{Message, Viewtype};
 use crate::securejoin::QrInvite;
@@ -33,7 +33,14 @@ const MESSAGE_STATS_UPDATE_INTERVAL_SECONDS: i64 = 4 * 60; // 4 minutes (less th
 #[derive(Serialize)]
 struct Statistics {
     core_version: String,
+    number_of_transports: usize,
     key_create_timestamps: Vec<u32>,
+    number_of_keys: u32,
+    /// OpenPGP version of the key.
+    key_version: u8,
+    key_algorithm: String,
+    /// Size of the public key in bytes (encoded in binary, not base64).
+    pubkey_size: usize,
     stats_id: String,
     is_chatmail: bool,
     contact_stats: Vec<ContactStat>,
@@ -345,11 +352,15 @@ async fn get_stats(context: &Context) -> Result<String> {
         .get_config_u32(Config::StatsLastOldContactId)
         .await?;
 
-    let key_create_timestamps: Vec<u32> = load_self_public_keyring(context)
+    let self_public_key = load_self_public_key(context).await?;
+    // `key_create_timestamps` is a `Vec` for historical reasons,
+    // support for using multiple keys is being phased out.
+    let key_create_timestamps: Vec<u32> = vec![self_public_key.created_at().as_secs()];
+    let number_of_keys: u32 = context
+        .sql
+        .query_get_value("SELECT COUNT(*) FROM keypairs", ())
         .await?
-        .iter()
-        .map(|k| k.created_at().as_secs())
-        .collect();
+        .unwrap_or(0);
 
     let sending_enabled_timestamps =
         get_timestamps(context, "stats_sending_enabled_events").await?;
@@ -358,7 +369,12 @@ async fn get_stats(context: &Context) -> Result<String> {
 
     let stats = Statistics {
         core_version: DC_VERSION_STR.to_string(),
+        number_of_transports: context.count_transports().await?,
         key_create_timestamps,
+        number_of_keys,
+        key_version: self_public_key.primary_key.version().into(),
+        key_algorithm: format!("{:?}", self_public_key.algorithm()),
+        pubkey_size: DcKey::to_bytes(&self_public_key).len(),
         stats_id: stats_id(context).await?,
         is_chatmail: context.is_chatmail().await?,
         contact_stats: get_contact_stats(context, last_old_contact).await?,

src/stats/stats_tests.rs

@@ -595,3 +595,33 @@ async fn test_stats_enable_disable_timestamps() -> Result<()> {
 
     Ok(())
 }
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_cryptography_stats() -> Result<()> {
+    let alice = &TestContext::new_alice().await;
+    let stats = get_stats(alice).await.unwrap();
+    let stats: serde_json::Value = serde_json::from_str(&stats)?;
+
+    let number_of_transports: u64 = stats.get("number_of_transports").unwrap().as_u64().unwrap();
+    assert_eq!(number_of_transports, 1);
+
+    let key_version = stats.get("key_version").unwrap().as_u64().unwrap();
+    // Alice's key is v4
+    assert_eq!(key_version, 4);
+
+    let key_algorithm = stats.get("key_algorithm").unwrap().as_str().unwrap();
+    assert_eq!(key_algorithm, "EdDSALegacy");
+
+    let pubkey_size = stats.get("pubkey_size").unwrap().as_u64().unwrap();
+    assert_eq!(pubkey_size, 583);
+
+    crate::transport::add_pseudo_transport(alice, "alice@ten.testrun.org").await?;
+
+    let stats = get_stats(alice).await.unwrap();
+    let stats: serde_json::Value = serde_json::from_str(&stats)?;
+
+    let number_of_transports: u64 = stats.get("number_of_transports").unwrap().as_u64().unwrap();
+    assert_eq!(number_of_transports, 2);
+
+    Ok(())
+}

src/transport.rs

@@ -252,7 +252,11 @@ impl fmt::Display for ConfiguredLoginParam {
             write!(f, "{imap}")?;
             first = false;
         }
-        write!(f, "] smtp:[")?;
+        write!(f, "]")?;
+        if let Some(folder) = &self.imap_folder {
+            write!(f, " folder:{folder:?}")?;
+        }
+        write!(f, " smtp:[")?;
         let mut first = true;
         for smtp in &self.smtp {
             if !first {

src/transport/transport_tests.rs

@@ -34,7 +34,7 @@ async fn test_save_load_login_param() -> Result<()> {
             },
             user: "alice".to_string(),
         }],
-        imap_folder: None,
+        imap_folder: Some("Folder".to_string()),
         imap_user: "".to_string(),
         imap_password: "foo".to_string(),
         smtp: vec![ConfiguredServerLoginParam {
@@ -56,7 +56,7 @@ async fn test_save_load_login_param() -> Result<()> {
         .clone()
         .save_to_transports_table(&t, &EnteredLoginParam::default(), time())
         .await?;
-    let expected_param = r#"{"addr":"alice@example.org","imap":[{"connection":{"host":"imap.example.com","port":123,"security":"Starttls"},"user":"alice"}],"imap_user":"","imap_password":"foo","smtp":[{"connection":{"host":"smtp.example.com","port":456,"security":"Tls"},"user":"alice@example.org"}],"smtp_user":"","smtp_password":"bar","provider_id":null,"certificate_checks":"Strict","oauth2":false}"#;
+    let expected_param = r#"{"addr":"alice@example.org","imap":[{"connection":{"host":"imap.example.com","port":123,"security":"Starttls"},"user":"alice"}],"imap_folder":"Folder","imap_user":"","imap_password":"foo","smtp":[{"connection":{"host":"smtp.example.com","port":456,"security":"Tls"},"user":"alice@example.org"}],"smtp_user":"","smtp_password":"bar","provider_id":null,"certificate_checks":"Strict","oauth2":false}"#;
     assert_eq!(
         t.sql
             .query_get_value::<String>("SELECT configured_param FROM transports", ())
@@ -68,6 +68,14 @@ async fn test_save_load_login_param() -> Result<()> {
     let (_transport_id, loaded) = ConfiguredLoginParam::load(&t).await?.unwrap();
     assert_eq!(param, loaded);
 
+    let formatted = format!(" {loaded}");
+    assert!(formatted.contains(" ***@example.org"));
+    assert!(formatted.contains(" imap:[imap.example.com:123:starttls]"));
+    assert!(formatted.contains(" folder:\"Folder\""));
+    assert!(formatted.contains(" smtp:[smtp.example.com:456:tls]"));
+    assert!(formatted.contains(" provider:none"));
+    assert!(formatted.contains(" cert_strict"));
+
     // Legacy ConfiguredImapCertificateChecks config is ignored
     t.set_config(Config::ConfiguredImapCertificateChecks, Some("999"))
         .await?;