diff options
| author | emilylange <git@emilylange.de> | 2025-10-14 23:50:15 +0200 |
|---|---|---|
| committer | emilylange <git@emilylange.de> | 2025-10-14 23:50:15 +0200 |
| commit | 3367797b6df8287321587f45ba908753397f1482 (patch) | |
| tree | dd17b98e619302f2c07761c9ad5bb1b55dce7289 /pkgs/development/python-modules/termplotlib/gnuplot-subprocess.patch | |
| parent | 275b511f6348498434739cb0b2cb65cb232a34c2 (diff) | |
music-assistant: fix running the built-in snapcast server
This patch fixes two issues that would otherwise prevent the built-in
snapserver to run. Running music-assistant with an external snapserver
is not affected by those.
1. snapserver prior to v0.30.0 allowed arbitrary code execution in the
AddStream (and RemoveStream) JSON RPC API method that music-assistant
uses to load a custom control script (plugin). To fix this rather
severe vulnerability, snapserver v0.30.0 removed those affected methods
altogether, only for them to return with new security measures in
v0.31.0. Most relevant for us and this patch, the control script must
be located in the [stream].plugin_dir now, which is unset by default.
So to be able to load the control script music-assistant uses for the
built-in snapserver, we simply pass --stream.plugin_dir with the correct
directory as parameter when starting snapserver
2. snapserver exits with an error message on start up when it
cannot read the configuration file since v0.32.0. To fix this, we
tell snapserver to read /dev/null as config instead of the default
(non-existent) /etc/snapserver.conf
Diffstat (limited to 'pkgs/development/python-modules/termplotlib/gnuplot-subprocess.patch')
0 files changed, 0 insertions, 0 deletions