mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-04-29 06:46:38 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
15105 commits 6 branches 159 tags 58 MiB
Commit graph

15105 commits

This branch
This branch
All branches
Author SHA1 Message Date
Wim Taymans
15c32c66f0 security: fix command injection via system() in pw-container 
Input Validation: High

system() passes its argument to /bin/sh -c, which interprets shell
metacharacters (;, |, &&, $(), etc.). If pw-container is invoked by
another program with untrusted input, this allows arbitrary command
execution. Replace with fork()+execvp() which executes the command
directly without shell interpretation, and passes all remaining
arguments to the child process.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-27 16:12:26 +02:00
Wim Taymans
edb3c27aa4 channelmix: add SEE 7p1 to stereo downmix 2026-04-27 15:59:38 +02:00
Wim Taymans
67f1e3a889 combine-stream: add combine.mode = monitor 
Add a monitor mode that creates an Audio/Source combining audio from the
monitor ports of all Audio/Sink nodes. This allows capturing everything
that is being played back across all sinks into a single source.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-27 13:36:35 +02:00
Wim Taymans
87ee525b01 security: limit RTSP content-length and check allocation in RAOP client 
Input Validation / Memory Safety: Medium

The RTSP client used for RAOP/AirPlay communication accepted arbitrarily
large Content-Length values from the remote server without any upper
bound. A malicious or compromised AirPlay server could specify a very
large Content-Length, causing the client to allocate unbounded memory
and potentially exhaust system resources (denial of service).

Additionally, the return value of pw_array_add() was not checked. If
the allocation failed, the subsequent memcpy would dereference a NULL
pointer, causing a crash.

Add a 64KB limit on Content-Length (more than sufficient for RTSP
control messages) and check the pw_array_add return value.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-27 13:30:36 +02:00
hackerman-kl
74b6f237d1 milan-avb: mvu certification number Disclamer to avoid any confusion 2026-04-27 10:56:44 +00:00
hackerman-kl
30711940c4 milan-avb: aecp: route VENDOR_UNIQUE_COMMAND through msg_info table 2026-04-27 10:56:44 +00:00
hackerman-kl
a16f3d704e milan-avb: aecp-vendor-unique-milan-v12: dispatch via per-cmd table per Milan v1.2 Section 5.4.4 2026-04-27 10:56:44 +00:00
hackerman-kl
deeea620f6 milan-avb: aecp-aem: GET_AS_PATH placeholder per IEEE 1722.1-2021 Section 7.4.41 2026-04-27 10:56:44 +00:00
hackerman-kl
df1605a333 milan-avb: entity-model: advertise VENDOR_UNIQUE_SUPPORTED in capabilities 2026-04-27 10:56:44 +00:00
hackerman-kl
d8b9a0f5ab milan-avb: aecp-aem: GET_STREAM_INFO CDL excludes 12-octet AVTPDU common 2026-04-27 10:56:44 +00:00
hackerman-kl
c967b39f18 milan-avb: avdecc: drop dead debug gate around avb_log_state 2026-04-27 10:56:44 +00:00
hackerman-kl
9c0007173b milan-avb: stream: wire Milan Section 5.4.5 stream counters, TX heartbeat, and MAX_TRANSIT_TIME plumbing 2026-04-27 10:56:44 +00:00
hackerman-kl
16d793db38 milan-avb: acmp: fixing the missing stream deactivate 2026-04-27 10:56:44 +00:00
hackerman-kl
de17f14da4 milan-avb: introducing GET_AS_PATH and GET/SET_MAX_TRANSIT 2026-04-27 10:56:44 +00:00
hackerman-kl
197bab7931 milan-avb: hook stream output to MSRP listener_observed + add max_transit_time_ns 2026-04-27 10:56:44 +00:00
hackerman-kl
a5fbeef6f8 milan-avb: add AVDECC stream_format decoder in aecp-aem.h 2026-04-27 10:56:44 +00:00
hackerman-kl
d9f8bacc76 milan-avb: AEM non-success replies preserve command payload size 2026-04-27 10:56:44 +00:00
hackerman-kl
25e3556050 milan-avb: ACMP status use the status of the FSM rather than the connection count to decide if bound or not 2026-04-27 10:56:44 +00:00
hackerman-kl
52c6c0a0cf milan-avb: GET_STREAM_INFO: fixing the bound state according tol the ACMP status 2026-04-27 10:56:44 +00:00
hackerman-kl
0bf4864d84 milan-avb: move teh descriptor FAM at the end of the structure to avoid overflow 2026-04-27 10:56:44 +00:00
hackerman-kl
4d33f57325 milan-avb: msrp: add debug msrp_talker back 2026-04-27 10:56:44 +00:00
hackerman-kl
ce42b7c1da milan-avb: msrp: mark listener stream-info dirty on TA/TF registrar change 2026-04-27 10:56:44 +00:00
hackerman-kl
995def4927 milan-avb: msrp: log notify_* at info level by default 2026-04-27 10:56:44 +00:00
hackerman-kl
76e7806251 milan-avb: cmd-get-set-stream-info: treat LV registrar as still registering 2026-04-27 10:56:44 +00:00
hackerman-kl
9f81c82100 milan-avb: avdecc: drive periodic timer at 100 ms 2026-04-27 10:56:44 +00:00
hackerman-kl
df62776308 milan-avb: mrp: set vector lva bit on outgoing LeaveAll frames 2026-04-27 10:56:44 +00:00
hackerman-kl
5c9a06c03d milan-avb: mrp: registrar treats RX_IN as a registration event 2026-04-27 10:56:44 +00:00
hackerman-kl
3b820add3b milan-avb: acmp-milan-v12: 'tmr_delay no saved packet' to debug, it may 
happen
 2026-04-27 10:56:44 +00:00
hackerman-kl
0572e41b65 milan-avb: acmp-milan-v12: 'no timer' not at warning, debug 2026-04-27 10:56:44 +00:00
hackerman-kl
0080739830 milan-avb: meson: register new module-avb sources 2026-04-27 10:56:44 +00:00
hackerman-kl
e46f2487fb milan-avb: aecp-vendor-unique-milan-v12: add Milan MVU handler 2026-04-27 10:56:44 +00:00
hackerman-kl
8bcdc2896c milan-avb: cmd-get-as-path: add command handler stub 2026-04-27 10:56:44 +00:00
hackerman-kl
2f4dbe3ca7 milan-avb: cmd-audio-mappings: add command handler stub 2026-04-27 10:56:44 +00:00
hackerman-kl
d9f224b122 milan-avb: cmd-start-stop-streaming: add command handler 2026-04-27 10:56:44 +00:00
hackerman-kl
6bf27b6c4e milan-avb: cmd-get-set-stream-info: add command handler 2026-04-27 10:56:44 +00:00
hackerman-kl
99c9248a17 milan-avb: cmd-get-counters: add header 2026-04-27 10:56:44 +00:00
hackerman-kl
6cc669e4e2 milan-avb: stream: Milan listener registrar and stream-output prep 2026-04-27 10:56:44 +00:00
hackerman-kl
d139b97a28 milan-avb: es-builder: allocate Milan wrapper for stream descriptors 2026-04-27 10:56:44 +00:00
hackerman-kl
e9e271ec30 milan-avb: aecp: dispatch Milan MVU vendor-unique commands 2026-04-27 10:56:44 +00:00
hackerman-kl
363418bee2 milan-avb: aecp-aem: stream-info dirty tracking and unsolicited counters 2026-04-27 10:56:44 +00:00
hackerman-kl
7f558a1a3b milan-avb: aecp-aem-state: add interface counters and descriptor storage 2026-04-27 10:56:44 +00:00
hackerman-kl
38f3cdf7cf milan-avb: aecp-aem: Milan flags_ex bitfield refactor 2026-04-27 10:56:44 +00:00
hackerman-kl
0a02161943 milan-avb: acmp: log state on incoming messages 2026-04-27 10:56:44 +00:00
hackerman-kl
b2a5f7f97e milan-avb: avdecc: add avb_log_state aggregator and detailed send error 2026-04-27 10:56:44 +00:00
hackerman-kl
18b61154cd milan-avb: acmp-milan-v12: log_state diagnostic and FSM refinements 2026-04-27 10:56:44 +00:00
hackerman-kl
b126943143 milan-avb: msrp: state logging, Milan listener_observed and log refinements 2026-04-27 10:56:44 +00:00
hackerman-kl
2cc60d6167 milan-avb: adp: add log_state diagnostic 2026-04-27 10:56:44 +00:00
hackerman-kl
e7f2fc9ab0 milan-avb: mrp: expose applicant/registrar state accessors 2026-04-27 10:56:44 +00:00
hackerman-kl
ca039e5e25 milan-avb: stream: track descriptor index in struct stream 2026-04-27 10:56:44 +00:00
hackerman-kl
e8e7f7a9fb milan-avb: mvrp: drop notify VID to debug log level 2026-04-27 10:56:44 +00:00