5bda2396d1
Build hardening: - Add -fstack-protector-strong, -D_FORTIFY_SOURCE=2, PIE, full RELRO - Enable overflow-checks in Rust release profile Rust backend: - Return null (not panic) if Tokio runtime or QobuzClient init fails - Strip null bytes in FFI JSON callback to prevent CString panics - Document MD5 and password-in-query as Qobuz API constraints C++ frontend: - Validate JSON document before accessing fields in onEvent() - Handle null backend pointer from failed init - Set biography label to PlainText and decode HTML entities to prevent rendering injected content from API responses - Clamp slider position and guard negative durations - Use qint64 for duration formatting to avoid int truncation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
35 lines
732 B
TOML
35 lines
732 B
TOML
[package]
|
||
name = "qobuz-backend"
|
||
version = "0.1.0"
|
||
edition = "2021"
|
||
|
||
[lib]
|
||
name = "qobuz_backend"
|
||
crate-type = ["staticlib"]
|
||
|
||
[dependencies]
|
||
# HTTP client – blocking feature is needed by the audio decoder
|
||
reqwest = { version = "0.12", features = ["json", "rustls-tls", "stream", "blocking"], default-features = false }
|
||
tokio = { version = "1", features = ["full"] }
|
||
|
||
# Serialization
|
||
serde = { version = "1", features = ["derive"] }
|
||
serde_json = "1"
|
||
|
||
# Audio decoding + output
|
||
symphonia = { version = "0.5", features = ["all"] }
|
||
cpal = { version = "0.15", features = ["jack"] }
|
||
rb = "0.3"
|
||
|
||
# Misc
|
||
anyhow = "1"
|
||
thiserror = "2"
|
||
md5 = "0.7"
|
||
dirs = "5"
|
||
toml = "0.8"
|
||
|
||
[profile.release]
|
||
lto = "thin"
|
||
opt-level = 3
|
||
overflow-checks = true
|