chore: update changelog to 6.1.90

[mhduiy]

更新说明

自动更新 changelog 到版本 6.1.90

变更内容

• 更新 debian/changelog

版本信息

• 新版本: 6.1.90
• 目标分支: master

Summary by Sourcery

Documentation:

• Refresh Debian changelog entries to document the 6.1.90 release.

[github-actions]

TAG Bot

TAG: 6.1.90
EXISTED: no
DISTRIBUTION: unstable

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

This PR bumps the Debian package changelog to version 6.1.90, updating the metadata for the new release.

File-Level Changes

Change	Details	Files
Update Debian changelog metadata for release 6.1.90.	Add a new changelog entry for version 6.1.90, following existing formatting conventions Ensure the target distribution/branch metadata reflects master for this release Update associated version/date/maintainer fields as required by Debian changelog standards	debian/changelog

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[deepin-ci-robot]

deepin pr auto review

你好！我是智能编程助手 CodeGeeX。我已经仔细审查了你提供的 Git Diff 输入。

本次修改主要涉及 debian/changelog 文件的更新，记录了 dde-daemon 版本 6.1.90 的变更日志，包含新功能添加、多个 Bug 修复以及安全漏洞修复。

由于本次 Diff 仅涉及 Debian 打包的变更日志文件（非可执行代码），我将从规范合规性、文本逻辑、安全关联和发布管理的角度为你提供审查意见和改进建议：

1. 语法与规范

• 日期格式规范：
  • 当前代码：Wed, 20 May 2026 15:16:51 +0800
  • 审查意见：日期格式符合 Debian Changelog 的标准规范（即 day-of-week, day month year time timezone），格式本身没有语法错误。
  • 逻辑问题：年份写成了 2026年，这极有可能是笔误。除非你们的项目时间线确实在将来，否则建议修改为当前真实的年份（如 2024 或 2025）。
• 中英文混排与格式：
  • 当前代码：* fix: expand event log to all non-community editions / 修复事件日志启用条件为非社区版
  • 审查意见：在 Debian 官方规范中，changelog 通常建议使用纯英文。如果团队规范允许中英双语以便于国内开发者阅读，当前写法是可以接受的。但建议在斜杠 / 前后增加空格，以提升可读性：... non-community editions / 修复...。
• 条目格式一致性：
  • 当前代码：部分条目使用了括号指定模块，如 * fix(eventlog): 和 * fix(audio):，但 * fix: stop brightness... 和 * fix(touchpad): 没有统一。
  • 审查意见：从代码质量（一致性）角度看，建议统一格式。如果某些 fix 没有明确的模块归属，可以统一不加括号；如果有，则都加上。例如 * fix(display): stop brightness transition on disable。

2. 代码安全

• 安全修复声明追踪：
  • 当前代码：* fix(eventlog): avoid shell injection via .desktop filename in dpkg - S lookup
  • 审查意见：这是一个非常关键的安全修复。在 Changelog 中声明了修复 Shell 注入漏洞，但 Changelog 本身不提供代码层面的安全保障。建议：确保对应的代码 Commit 中已经严格过滤或转义了来自 .desktop 文件的文件名参数，避免在调用 dpkg -S 时发生操作系统命令注入（OS Command Injection）。建议使用安全的执行方式（如 Go 的 exec.Command 不经过 shell 解析，或对输入进行严格的正则白名单校验）。

3. 代码性能

• Changelog 文件本身不影响运行时性能。但注意到 * fix(audio): retry full port auto-switch on source events，在对应的代码实现中，如果频繁触发 source events，需要注意重试机制的防抖和节流，避免在音频设备频繁插拔或状态抖动时导致 CPU 占用过高或逻辑死循环。

4. 代码质量与发布管理

• 版本号递增逻辑：
  • 从 6.1.89 升级到 6.1.90，符合递增规范。
• Urgency 级别：
  • 当前代码：urgency=medium
  • 审查意见：由于本次更新包含安全漏洞修复，按照 Debian 惯例，包含安全修复的版本通常建议将 urgency 提升至 high，以确保其在打包镜像和仓库更新时获得更高的优先级。

---

改进建议总结

1. 修正年份：确认 2026 是否为笔误，若是请修正为正确年份。
2. 格式微调：中英文双语间的斜杠前后增加空格，提升可读性。
3. 统一前缀：建议统一 fix 条目的模块前缀格式（如 fix(module):）。
4. 评估 Urgency：鉴于包含 Shell 注入修复，考虑将 urgency=medium 改为 urgency=high。

修改后的参考示例：

-dde-daemon (6.1.90) unstable; urgency=medium
+dde-daemon (6.1.90) unstable; urgency=high
 
-  * feat: add screen magnifier toggle
-  * fix: expand event log to all non-community editions /
-    修复事件日志启用条件为非社区版
-  * fix: stop brightness transition on disable
-  * fix(eventlog): avoid shell injection via .desktop filename in dpkg -
-    S lookup
-  * fix(audio): retry full port auto-switch on source events
-  * fix(touchpad): correct DConfig key name for gesture enabled
+  * feat(accessibility): add screen magnifier toggle
+  * fix(eventlog): expand event log to all non-community editions / 修复事件日志启用条件为非社区版
+  * fix(display): stop brightness transition on disable
+  * fix(eventlog): avoid shell injection via .desktop filename in dpkg - S lookup
+  * fix(audio): retry full port auto-switch on source events
+  * fix(touchpad): correct DConfig key name for gesture enabled
 
- -- zhangkun <zhangkun2@uniontech.com>  Wed, 20 May 2026 15:16:51 +0800
+ -- zhangkun <zhangkun2@uniontech.com>  Wed, 20 May 2024 15:16:51 +0800
 
 dde-daemon (6.1.89) unstable; urgency=medium

如果你能提供对应代码逻辑（如 Shell 注入修复的具体代码、Audio 重试逻辑的代码）的 Diff，我可以为你进行更深入的代码级审查！

[sourcery-ai]

Hey - I've reviewed your changes and they look great!

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[deepin-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: mhduiy, xionglinlin

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• debian/deepin/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[deepin-bot]

TAG Bot

✅ Tag created successfully

📋 Tag Details

• Tag Name: 6.1.90
• Tag SHA: c421cfc8b7c982c0ee7c9936b0deccb0ab97d51f
• Commit SHA: 1b63ee30f1f9226e50ebfab5bb2317c4dfbda2c1
• Tag Message:

  Release dde-daemon 6.1.90
  
  

• Tagger:
  • Name: mhduiy
• Distribution: unstable