1
0
mirror of https://github.com/yt-dlp/yt-dlp.git synced 2024-12-12 08:36:28 +01:00
Commit Graph

17 Commits

Author SHA1 Message Date
Simon Sawicki
ff07792676
[core] Prevent RCE when using --exec with %q (CVE-2024-22423)
The shell escape function now properly escapes `%`, `\\` and `\n`. `utils.Popen` as well as `%q` output template expansion have been patched accordingly.

Prior to this fix using `--exec` together with `%q` when on Windows could cause remote code to execute. See https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p for more details.

Authored by: Grub4K
2024-04-09 18:36:13 +02:00
Simon Sawicki
de015e9307
[core] Prevent RCE when using --exec with %q (CVE-2023-40581)
The shell escape function is now using `""` instead of `\"`. `utils.Popen` has been patched to properly quote commands.

Prior to this fix using `--exec` together with `%q` when on Windows could cause remote code to execute. See https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-42h4-v29r-42qg for reference.

Authored by: Grub4K
2023-09-24 02:29:01 +02:00
pukkandan
a250b24733
[compat] Ensure submodules are imported correctly
Closes #7663
2023-07-22 18:10:35 +05:30
coletdjnz
227bf1a33b
[networking] Rewrite architecture (#2861)
New networking interface consists of a `RequestDirector` that directs
each `Request` to appropriate `RequestHandler` and returns the
`Response` or raises `RequestError`. The handlers define adapters to
transform its internal Request/Response/Errors to our interfaces.

User-facing changes:
- Fix issues with per request proxies on redirects for urllib
- Support for `ALL_PROXY` environment variable for proxy setting
- Support for `socks5h` proxy
   - Closes https://github.com/yt-dlp/yt-dlp/issues/6325, https://github.com/ytdl-org/youtube-dl/issues/22618, https://github.com/ytdl-org/youtube-dl/pull/28093
- Raise error when using `https` proxy instead of silently converting it to `http`

Authored by: coletdjnz
2023-07-15 16:18:35 +05:30
pukkandan
acb1042a9f
[devscripts] Provide pyinstaller hooks
Closes #6185
2023-02-09 01:46:56 +05:30
pukkandan
754c84e2e4
Support module level __bool__ and property 2023-02-08 07:28:45 +05:30
Alex Karabanov
0d2a0ecac3
[extractor/listennotes] Add extractor (#5310)
Closes #5262
Authored by: lksj, pukkandan
2022-11-07 00:00:59 +05:30
pukkandan
6929b41a21
Remove Python 3.6 support
Closes #3764
2022-07-18 06:31:14 +05:30
pukkandan
f5e438a976
[compat] Let PyInstaller detect _legacy module 2022-07-17 18:45:43 +05:30
pukkandan
54007a45f1
[cleanup] Consistent style for file heads 2022-06-25 00:08:58 +05:30
pukkandan
57e0f077a6
[update] Expose more functionality to API 2022-06-21 17:02:56 +05:30
pukkandan
8a82af3511
[cleanup] Misc fixes and cleanup
Closes #3780, Closes #3853, Closes #3850
2022-05-27 04:43:43 +05:30
pukkandan
53973b4d2c
[utils] Fix bug in 0b9c08b47b
* Cache of `supports_terminal_sequences` must be reset after enabling VT mode
* and move `windows_enable_vt_mode` to utils to avoid cyclic imports
2022-05-20 06:01:09 +05:30
pukkandan
1d485a1a79
[cleanup] Misc fixes
Closes #3565, https://github.com/yt-dlp/yt-dlp/issues/3514#issuecomment-1105944364
2022-04-29 07:39:33 +05:30
pukkandan
9196cbfe8b
[compat] Ensure submodules are correctly wrapped 2022-04-26 05:43:20 +05:30
pukkandan
9b8ee23b99
[dependencies] Create module with all dependency imports 2022-04-21 00:48:52 +05:30
felix
77f9033095
[compat] Split into sub-modules (#2173)
Authored by: fstirlitz, pukkandan
2022-04-18 04:26:43 +05:30