Simon Sawicki
ff07792676
[core] Prevent RCE when using `--exec` with `%q` (CVE-2024-22423)
...
The shell escape function now properly escapes `%`, `\\` and `\n`. `utils.Popen` as well as `%q` output template expansion have been patched accordingly.
Prior to this fix using `--exec` together with `%q` when on Windows could cause remote code to execute. See https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p for more details.
Authored by: Grub4K
2024-04-09 18:36:13 +02:00
pukkandan
47ab66db0f
[docs] Misc Cleanup ( #8977 )
...
Closes #8355 , #8944
Authored by: bashonly, Grub4k, Arthurszzz, seproDev, pukkandan
Co-authored-by: sepro <4618135+seproDev@users.noreply.github.com>
Co-authored-by: bashonly <bashonly@protonmail.com>
Co-authored-by: Arthurszzz <minecraftgamerarthur@gmail.com>
Co-authored-by: Simon Sawicki <accounts@grub4k.xyz>
Co-authored-by: bashonly <88596187+bashonly@users.noreply.github.com>
2024-03-11 00:48:47 +05:30
coletdjnz
811d298b23
[networking] Remove `_CompatHTTPError` ( #8871 )
...
Use `yt_dlp.networking.exceptions.HTTPError`.
`_CompatHTTPError` was to help with transition to the networking framework.
Authored by: coletdjnz
2024-01-20 15:26:50 +13:00
bashonly
f4b95acafc
Remove Python 3.7 support ( #8361 )
...
Closes #7803
Authored by: bashonly
2023-11-16 18:39:00 +00:00
Simon Sawicki
de015e9307
[core] Prevent RCE when using `--exec` with `%q` (CVE-2023-40581)
...
The shell escape function is now using `""` instead of `\"`. `utils.Popen` has been patched to properly quote commands.
Prior to this fix using `--exec` together with `%q` when on Windows could cause remote code to execute. See https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-42h4-v29r-42qg for reference.
Authored by: Grub4K
2023-09-24 02:29:01 +02:00
bashonly
5ca095cbcd
[cleanup] Misc ( #8182 )
...
Closes #7796 , Closes #8028
Authored by: barsnick, sqrtNOT, gamer191, coletdjnz, Grub4K, bashonly
2023-09-23 20:00:31 +00:00
bashonly
35f9a306e6
[dependencies] Handle deprecation of `sqlite3.version` ( #8167 )
...
Closes #8152
Authored by: bashonly
2023-09-21 15:58:53 +00:00
pukkandan
a250b24733
[compat] Ensure submodules are imported correctly
...
Closes #7663
2023-07-22 18:10:35 +05:30
pukkandan
25b6e8f946
Fix e0c4db04dc
for pypy
2023-07-22 10:17:36 +05:30
pukkandan
62b5c94cad
[cleanup] Misc fixes
...
Closes #7528
2023-07-22 09:09:52 +05:30
pukkandan
e0c4db04dc
[compat] Add `types.NoneType`
2023-07-22 09:00:45 +05:30
coletdjnz
3d2623a898
[compat, networking] Deprecate old functions ( #2861 )
...
Authored by: coletdjnz, pukkandan
2023-07-15 16:18:35 +05:30
coletdjnz
227bf1a33b
[networking] Rewrite architecture ( #2861 )
...
New networking interface consists of a `RequestDirector` that directs
each `Request` to appropriate `RequestHandler` and returns the
`Response` or raises `RequestError`. The handlers define adapters to
transform its internal Request/Response/Errors to our interfaces.
User-facing changes:
- Fix issues with per request proxies on redirects for urllib
- Support for `ALL_PROXY` environment variable for proxy setting
- Support for `socks5h` proxy
- Closes https://github.com/yt-dlp/yt-dlp/issues/6325 , https://github.com/ytdl-org/youtube-dl/issues/22618 , https://github.com/ytdl-org/youtube-dl/pull/28093
- Raise error when using `https` proxy instead of silently converting it to `http`
Authored by: coletdjnz
2023-07-15 16:18:35 +05:30
coletdjnz
3f66b6fe50
[core] Workaround erroneous urllib Windows proxy parsing ( #7092 )
...
Convert proxies extracted from windows registry to http for older Python versions.
See: https://github.com/python/cpython/issues/86793
Authored by: coletdjnz
2023-05-27 07:17:27 +00:00
pukkandan
65f6e80780
[dependencies] Simplify `Cryptodome`
...
Closes #6292 , closes #6272 , closes #6338
2023-02-28 23:15:13 +05:30
pukkandan
45b2ee6f4f
Update to ytdl-commit-2dd6c6e
...
[YouTube] Avoid crash if uploader_id extraction fails
2dd6c6edd8
Except:
* 295736c9cba714fb5de7d1c3dd31d86e50091cf8 [jsinterp] Improve parsing
* 384f632e8a9b61e864a26678d85b2b39933b9bae [ITV] Overhaul ITV extractor
* 33db85c571304bbd6863e3407ad8d08764c9e53b [feat]: Add support to external downloader aria2p
2023-02-17 17:52:23 +05:30
pukkandan
768a001781
[compat_utils] Simplify `EnhancedModule`
2023-02-09 01:47:13 +05:30
pukkandan
acb1042a9f
[devscripts] Provide pyinstaller hooks
...
Closes #6185
2023-02-09 01:46:56 +05:30
pukkandan
88426d9446
[compat_utils] Improve `passthrough_module`
2023-02-08 08:23:36 +05:30
pukkandan
f6a765ceb5
[dependencies] Standardize `Cryptodome` imports
2023-02-08 07:28:46 +05:30
pukkandan
754c84e2e4
Support module level `__bool__` and `property`
2023-02-08 07:28:45 +05:30
ClosedPort22
fbb0ee7747
[compat] Fix `shutils.move` in restricted ACL mode on BSD ( #5309 )
...
Authored by: ClosedPort22, pukkandan
2022-11-07 20:54:30 +05:30
pukkandan
db4678e448
Update to ytdl-commit-de39d128
...
[extractor/ceskatelevize] Back-port extractor from yt-dlp
de39d1281c
Closes #5361 , Closes #4634 , Closes #5210
2022-11-07 02:18:30 +05:30
Alex Karabanov
0d2a0ecac3
[extractor/listennotes] Add extractor ( #5310 )
...
Closes #5262
Authored by: lksj, pukkandan
2022-11-07 00:00:59 +05:30
pukkandan
b4daacb4ec
[mhtml, cleanup] Use imghdr
2022-07-31 02:20:12 +05:30
pukkandan
6929b41a21
Remove Python 3.6 support
...
Closes #3764
2022-07-18 06:31:14 +05:30
pukkandan
f5e438a976
[compat] Let PyInstaller detect _legacy module
2022-07-17 18:45:43 +05:30
pukkandan
ae61d108dd
[cleanup] Misc cleanup
2022-06-29 06:43:27 +05:30
pukkandan
54007a45f1
[cleanup] Consistent style for file heads
2022-06-25 00:08:58 +05:30
pukkandan
ac66811112
[compat] Remove more functions
...
Removing any more will require changes to a large number of extractors
2022-06-25 00:08:55 +05:30
pukkandan
3c5386cd71
[compat] Fix `compat.WINDOWS_VT_MODE`
2022-06-25 00:08:52 +05:30
pukkandan
57e0f077a6
[update] Expose more functionality to API
2022-06-21 17:02:56 +05:30
pukkandan
560738f34d
[extractor] Import `_ALL_CLASSES` lazily
...
This significantly speeds up `import yt_dlp` in the absence of `lazy_extractors`
2022-06-16 06:23:50 +05:30
pukkandan
8a82af3511
[cleanup] Misc fixes and cleanup
...
Closes #3780 , Closes #3853 , Closes #3850
2022-05-27 04:43:43 +05:30
pukkandan
1a8cc83735
Bugfix for 3a408f9d19
2022-05-20 21:25:07 +05:30
pukkandan
2762dbb17e
[compat] Add `functools.cached_property`
2022-05-20 21:06:37 +05:30
pukkandan
53973b4d2c
[utils] Fix bug in 0b9c08b47b
...
* Cache of `supports_terminal_sequences` must be reset after enabling VT mode
* and move `windows_enable_vt_mode` to utils to avoid cyclic imports
2022-05-20 06:01:09 +05:30
pukkandan
0b9c08b47b
[utils] Improve performance using `functools.cache`
...
Closes #3786
2022-05-19 20:23:53 +05:30
pukkandan
5792c950bf
[compat] Implement `compat.imghdr`
...
Python 3.11 deprecates `imghdr` module
2022-05-17 19:46:01 +05:30
pukkandan
1d485a1a79
[cleanup] Misc fixes
...
Closes #3565 , https://github.com/yt-dlp/yt-dlp/issues/3514#issuecomment-1105944364
2022-04-29 07:39:33 +05:30
pukkandan
059bc4db19
[compat/asyncio] Use `asyncio.all_tasks`
2022-04-26 05:45:18 +05:30
pukkandan
9196cbfe8b
[compat] Ensure submodules are correctly wrapped
2022-04-26 05:43:20 +05:30
pukkandan
9b8ee23b99
[dependencies] Create module with all dependency imports
2022-04-21 00:48:52 +05:30
felix
77f9033095
[compat] Split into sub-modules ( #2173 )
...
Authored by: fstirlitz, pukkandan
2022-04-18 04:26:43 +05:30