Commit Graph

23 Commits (1a6ac547ea3dbd1814e37dcb6ab14e40fe068ee2)

Author SHA1 Message Date
bashonly b337d2989c
[cleanup] Misc (#10383)
Authored by: bashonly
5 months ago
bashonly 93d33cb29a
[cleanup] Misc (#10330)
Authored by: bashonly
5 months ago
Simon Sawicki 5ce582448e
[core] Disallow unsafe extensions (CVE-2024-38519)
Ref: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j

Authored by: Grub4K
5 months ago
bashonly 6aaf96a3d6
[cleanup] Misc (#10075)
Closes #10303
Authored by: bashonly, seproDev, jucor, c-basalt

Co-authored-by: sepro <4618135+seproDev@users.noreply.github.com>
Co-authored-by: Julien Cornebise <julien@cornebise.com>
Co-authored-by: c-basalt <117849907+c-basalt@users.noreply.github.com>
5 months ago
bashonly ae2af1104f
[cleanup] Misc
Authored by: bashonly, seproDev, Grub4K
6 months ago
Simon Sawicki 5c019f6328
[misc] Cleanup (#9765)
Closes #9763
Authored by: bashonly, seproDev, Grub4K

Co-authored-by: bashonly <88596187+bashonly@users.noreply.github.com>
Co-authored-by: sepro <4618135+seproDev@users.noreply.github.com>
6 months ago
Simon Sawicki ff07792676
[core] Prevent RCE when using `--exec` with `%q` (CVE-2024-22423)
The shell escape function now properly escapes `%`, `\\` and `\n`. `utils.Popen` as well as `%q` output template expansion have been patched accordingly.

Prior to this fix using `--exec` together with `%q` when on Windows could cause remote code to execute. See https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p for more details.

Authored by: Grub4K
8 months ago
bashonly 216f6a3cb5
[cleanup] Misc (#9426)
Authored by: bashonly, pukkandan
8 months ago
sepro 86e3b82261
[core] Fix `filesize_approx` calculation (#9560)
Reverts 22e4dfacb6

Despite being documented as `Kbit/s`, the extractors/manifests were returning bitrates in SI units of kilobits/sec.

Authored by: seproDev, pukkandan
8 months ago
pukkandan 615a84447e
[cleanup] Misc (#8968)
Authored by: pukkandan, bashonly, seproDev
9 months ago
Simon Sawicki f9fb3ce86e
[cleanup] Misc (#8598)
Authored by: bashonly, pukkandan, seproDev, Grub4K

Co-authored-by: bashonly <bashonly@protonmail.com>
Co-authored-by: pukkandan <pukkandan.ytdlp@gmail.com>
Co-authored-by: sepro <4618135+seproDev@users.noreply.github.com>
11 months ago
bashonly a9d3f4b20a
[cleanup] Fix changelog typo
Authored by: bashonly
1 year ago
Simon Sawicki b012271d01
[cleanup] Misc (#8510)
Authored by: bashonly, coletdjnz, dirkf, gamer191, seproDev, Grub4K
1 year ago
Simon Sawicki de015e9307
[core] Prevent RCE when using `--exec` with `%q` (CVE-2023-40581)
The shell escape function is now using `""` instead of `\"`. `utils.Popen` has been patched to properly quote commands.

Prior to this fix using `--exec` together with `%q` when on Windows could cause remote code to execute. See https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-42h4-v29r-42qg for reference.

Authored by: Grub4K
1 year ago
Simon Sawicki 61bdf15fc7
[core] Raise minimum recommended Python version to 3.8 (#8183)
Authored by: Grub4K
1 year ago
Simon Sawicki 30ba233d4c
[devscripts] `make_changelog`: Fix changelog grouping and add networking group (#8124)
Authored by: Grub4K
1 year ago
pukkandan 62b5c94cad
[cleanup] Misc fixes
Closes #7528
1 year ago
pukkandan b532a34810
[docs] Minor fixes
Closes #7515
1 year ago
pukkandan 812cdfa06c
[cleanup] Misc 1 year ago
pukkandan ad54c9130e
[cleanup] Misc
Closes #6288, Closes #7197, Closes #7265, Closes #7353, Closes #5773
Authored by: mikf, freezboltz, pukkandan
1 year ago
pukkandan 7accdd9845
[devscripts] `make_changelog`: Stop at `Release ...` commit
Closes #6415
2 years ago
pukkandan 4815bbfc41
[cleanup] Misc 2 years ago
Simon Sawicki d400e261cf
[devscripts] Script to generate changelog (#6220)
Authored by: Grub4K
2 years ago