mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-05-03 06:47:04 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
pipewire/src/modules
History
Wim Taymans 80ec1f1d10 security: fix JSON injection in PulseAudio stream-restore 
The device_name from a client message was interpolated directly into
a JSON string without escaping. A malicious client could inject
arbitrary JSON keys by including quote characters in the device name.
Use spa_json_encode_string to properly escape the value.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-29 16:16:44 +02:00
..
module-adapter *: unify config.h handling 2025-05-30 10:24:13 +00:00
module-avb milan-avb: mvu certification number Disclamer to avoid any confusion 2026-04-27 10:56:44 +00:00
module-client-device core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-client-node core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-jack-tunnel dlopen: support search path ending in / 2026-04-13 10:26:33 +02:00
module-metadata metadata: Added context monitor for removed globals 2024-02-12 08:40:49 +00:00
module-netjack2 security: add iteration limit to netjack2 sync wait loops 2026-04-29 14:18:41 +02:00
module-profiler
module-protocol-native security: reduce MAX_PERMISSIONS to limit alloca stack usage 2026-04-29 13:58:04 +02:00
module-protocol-pulse security: fix JSON injection in PulseAudio stream-restore 2026-04-29 16:16:44 +02:00
module-raop raop: handle strdup allocation error 2026-04-29 15:52:46 +02:00
module-roc pipewire: module-roc-{sink,source}: fix log format string issues 2026-02-19 19:37:15 +00:00
module-rt
module-rtp security: fix unchecked write_event return value in RTP MIDI 2026-04-29 13:57:45 +02:00
module-sendspin security: replace unsafe atoi() with validated parsing in websocket 2026-04-28 12:14:36 +02:00
module-session-manager core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-vban security: validate VBAN MIDI variable-length integers to prevent overflow 2026-04-27 11:22:50 +02:00
spa doc: move modules around to add to docs 2025-01-28 12:33:47 +01:00
zeroconf-utils zeroconf: sanitize the properties 2026-02-27 17:31:42 +01:00
flatpak-utils.h modules: get also instance id for flatpak apps 2025-05-12 09:40:32 +00:00
meson.build milan-avb: aecp-vendor-unique-milan-v12: dispatch via per-cmd table per Milan v1.2 Section 5.4.4 2026-04-27 10:56:44 +00:00
module-access.c *: unify config.h handling 2025-05-30 10:24:13 +00:00
module-adapter.c core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-avb.c *: unify config.h handling 2025-05-30 10:24:13 +00:00
module-client-device.c core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-client-node.c modules: remove v0 protocol support 2025-07-10 16:26:01 +02:00
module-combine-stream.c combine-stream: add combine.mode = monitor 2026-04-27 13:36:35 +02:00
module-echo-cancel.c spa: add and use spa_overflow macros 2026-04-24 15:55:35 +02:00
module-example-filter.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-example-sink.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-example-source.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-fallback-sink.c *: unify config.h handling 2025-05-30 10:24:13 +00:00
module-ffado-driver.c midi: don't convert Midi in nodes 2026-03-25 11:59:43 +01:00
module-filter-chain.c filter-chain: improve docs about LADSPA 2026-04-28 11:32:53 +02:00
module-jack-tunnel.c docs: remove support for absolute paths from docs 2026-04-06 14:47:21 +02:00
module-jackdbus-detect.c *: unify config.h handling 2025-05-30 10:24:13 +00:00
module-link-factory.c core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-loopback.c overflow: fix some more potential overflows 2026-04-27 12:29:31 +02:00
module-metadata.c core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-netjack2-driver.c security: check netjack2_init return value in driver 2026-04-29 14:08:06 +02:00
module-netjack2-manager.c security: fix error path resource leaks in netjack2 manager 2026-04-29 13:21:21 +02:00
module-parametric-equalizer.c module-eq: Unload filter-chain on destruction 2025-12-26 18:53:48 +00:00
module-pipe-tunnel.c security: fix TOCTOU and symlink vulnerabilities in pipe-tunnel FIFO 2026-04-24 15:55:35 +02:00
module-portal.c *: unify config.h handling 2025-05-30 10:24:13 +00:00
module-profiler.c core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-protocol-native.c security: add O_NOFOLLOW to native protocol lock file creation 2026-04-24 15:55:35 +02:00
module-protocol-pulse.c pulse-server: increase min quantum values 2025-11-06 12:52:48 +01:00
module-protocol-simple.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-pulse-tunnel.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-raop-discover.c security: fix missing NULL check after strdup in module-raop-discover 2026-04-27 16:12:47 +02:00
module-raop-sink.c security: replace atoi() with validated parsing in RAOP module 2026-04-28 12:16:06 +02:00
module-roc-sink.c pipewire: module-roc-{sink,source}: remove logging related unused code 2026-02-19 19:37:15 +00:00
module-roc-source.c roc-source: handle some errors better 2026-04-27 18:44:04 +02:00
module-rt.c module-rt: warn if setting niceness fails with rtlimit 2025-12-11 16:38:00 -08:00
module-rtp-sap.c security: replace atoi() with spa_atou32() for RTP session parameters 2026-04-28 12:14:46 +02:00
module-rtp-session.c security: validate Apple MIDI packet length and name termination in RTP session 2026-04-27 12:35:06 +02:00
module-rtp-sink.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-rtp-source.c module-rtp-source: Only enable IGMP recovery when using multicast 2026-03-30 23:45:34 +02:00
module-scheduler-v1.c scheduler: make nodes move to IDLE when inactive 2026-04-14 14:28:29 +02:00
module-sendspin-recv.c security: add missing NULL check after calloc in sendspin-recv 2026-04-28 13:03:21 +02:00
module-sendspin-send.c spa: add spa_alloca that does overflow and limit checks 2026-04-27 10:53:44 +02:00
module-session-manager.c Fix typos 2024-05-22 09:19:34 +02:00
module-snapcast-discover.c fix some uninitialized variables warnings 2026-04-08 11:29:36 +02:00
module-spa-device-factory.c core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-spa-device.c doc: move modules around to add to docs 2025-01-28 12:33:47 +01:00
module-spa-node-factory.c core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-spa-node.c doc: move modules around to add to docs 2025-01-28 12:33:47 +01:00
module-vban-recv.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-vban-send.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-x11-bell.c *: unify config.h handling 2025-05-30 10:24:13 +00:00
module-zeroconf-discover.c zeroconf: sanitize the properties 2026-02-27 17:31:42 +01:00
network-utils.h network-utils: pw_net_are_addresses_equal() function 2026-03-30 23:45:33 +02:00