Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • release/202005
  • release/202001
  • release/201912
  • release/201911
  • release/releaseWindowsTestOne
  • release/windowsReleaseTest
  • release/releaseTest
  • release/releaseWindowsTest
  • release/201910
  • release/qt/201910
  • release/windows-test/201910
  • release/201908
  • release/201906
  • release/201905
  • release/201904
  • release/201903
  • release/201902
  • release/201901
  • release/201812
  • 4.0.0
  • 2.2.0
  • 2.1.0
  • 2.0.1
  • 2.0.0
  • 1.4.1
  • 1.4.0
  • 1.3.0
  • 1.2.0
  • 1.1.0
30 results
Search by author
  • Any Author
  • Administrator Administrator root
  • Adrien Béraud Adrien Béraud aberaud
  • Alexander Lussier-Cullen Alexander Lussier-Cullen alussier-cullen
  • Alexandre Eberhardt Alexandre Eberhardt aeberhardt
  • Aline Gondim Santos Aline Gondim Santos agsantos
  • Alireza Toghiani Alireza Toghiani atoghiani
  • Amin Bandali Amin Bandali abandali
  • Amirhossein Naghshzan Amirhossein Naghshzan anaghshzan
  • Amna Snene Amna Snene asnene
  • Andreas Hatziiliou Andreas Hatziiliou ahatziiliou
  • Andreas Traczyk Andreas Traczyk atraczyk
  • Antoine Noreau Antoine Noreau anoreau
  • Binal Ahiya Binal Ahiya bahiya
  • Cabrel Tambue Cabrel Tambue CTambue
  • Charles-Francis Damedey Charles-Francis Damedey cfdamedey
  • Charlotte Hoffmann Charlotte Hoffmann choffmann
  • Cyrille Béraud Cyrille Béraud cyrille
  • Édouard Denommée Édouard Denommée edenommee
  • Ervin Anoh Ervin Anoh eanoh
  • Ezra Pierce Ezra Pierce epierce
20 authors
  1. Oct 13, 2020
    • Sébastien Le Stum's avatar
      src: hooks: remove urlhook feature · 569d44b5
      Sébastien Le Stum authored and Sébastien Blin's avatar Sébastien Blin committed 
      This feature is mostly a relicate from SFLPhone and introduced a remote
attack vector abusing the system() function weaknesses.

Provided that "sipEnabled" parameter is on in the remote target's
configuration, a malicious peer calling that remote target could
send SIP messages with a crafted "X-ring-url" string in order to
execute arbitrary shell commands on the target.

Header entry "X-ring-url" content is actually consumed by UrlHook
as arguments for the "x-www-browser" command executed using system().

By adding a shell escape sequence to circumvent existing arguments
sanitizing attempts, the malicious peer could execute any shell command
under remote peer user's identity and access sensitive information
available using its privileges.

Remove that feature altogether and enforce users that are relying on
that feature to migrate to Jami "plugins", which are more suitable
for introducing custom Jami behaviors.

Change-Id: I1d6d07771e2b5a7c7f2cb8fc838821106c0a6708
      569d44b5
  3. Sep 15, 2020
  5. Sep 01, 2020
  7. Aug 31, 2020
  9. Aug 14, 2020
  11. Aug 11, 2020
  13. Aug 02, 2020
  15. Jul 31, 2020
  17. Jul 16, 2020
  19. Jul 15, 2020
    • Sébastien Blin's avatar
      jamiaccount: improve vCard synchronization · 6541f8bb
      Sébastien Blin authored 
      Because of the ConnectionManager, the daemon is now able to send
direct messages such as typing indications and read status. This
can be also used to move current features and improve it.

This patch is a first step to improve vCard syncing. The idea is
to send the vCard directly when a peer is connected. To avoid to
send the vCard everytime, a state is written in the cache directory.

In the future, a method to update the vCard as soon as the client
updates its profile will be possible.

Change-Id: I3801cbe04b3441f67ea6685aa2047e5a545958e5
      Unverified
      6541f8bb
  21. Jul 14, 2020
    • Sébastien Blin's avatar
      video_mixer: support multiple video layouts in conference · 8d40c627
      Sébastien Blin authored 
      This patch aims to improve the conference management for the host.
Now, the host is able to switch between 3 conferences layout:
1. The grid view (actual one) where all participants are shown
at the same height/width
2. The One big/Other in small which show one participant bigger than
the others
3. One participant in big

The daemon's API got two new methods:
+ setConferenceLayout() to switch between these layouts
+ setActiveParticipant() used in the 2 last layouts.

Change-Id: I3c16569e24d1b63331ffe9d79e35790a6ac47a0c
      Unverified
      8d40c627
  23. Jul 09, 2020
  25. Jul 07, 2020
  27. Jun 25, 2020
  29. Jun 16, 2020
  31. Jun 05, 2020
  33. May 21, 2020
  35. May 06, 2020
  37. Apr 15, 2020
  39. Mar 12, 2020
  41. Mar 04, 2020
  43. Feb 28, 2020
  45. Feb 22, 2020
  47. Jan 28, 2020
  49. Jan 03, 2020
  51. Nov 13, 2019
  53. Nov 11, 2019
  55. Nov 07, 2019
  57. Nov 06, 2019
  59. Nov 01, 2019
    • Andreas Traczyk's avatar
      video device: use device id instead of friendly name · d6e2b8a3
      Andreas Traczyk authored 
      - Video settings, and APIs will now use a device id, which will be
  a path on platforms where everything is a file, and a DevicePath
  with a bonus ffmpeg-dshow compliant prefix on Windows.

- The device's friendly name is uniquified, and stored in the
  settings still, but only retrieved/translated for UI.

- MRLs are now constructed with the device id.

Change-Id: I092f08cc2cd31bd78aeec5c774c2cc33d75c1d4e
      d6e2b8a3
  61. Oct 04, 2019