yt-dlp/devscripts
Simon Sawicki ff07792676
[core] Prevent RCE when using `--exec` with `%q` (CVE-2024-22423)
The shell escape function now properly escapes `%`, `\\` and `\n`. `utils.Popen` as well as `%q` output template expansion have been patched accordingly.

Prior to this fix using `--exec` together with `%q` when on Windows could cause remote code to execute. See https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p for more details.

Authored by: Grub4K
..
__init__.py [cleanup] Misc ()
bash-completion.in Completely change project name to yt-dlp ()
bash-completion.py [cleanup] Consistent style for file heads
changelog_override.json [core] Prevent RCE when using `--exec` with `%q` (CVE-2024-22423)
changelog_override.schema.json [devscripts] Script to generate changelog ()
check-porn.py [compat] Remove deprecated functions from core code
cli_to_api.py [cleanup] Misc
fish-completion.in Completely change project name to yt-dlp ()
fish-completion.py [cleanup] Consistent style for file heads
generate_aes_testdata.py [cleanup] Consistent style for file heads
install_deps.py [build] Optional dependencies cleanup ()
lazy_load_template.py [extractor] Support multiple `_VALID_URL`s ()
logo.ico Add logo and banner
make_changelog.py [build] Update changelog for tarball and sdist ()
make_contributing.py [cleanup] Consistent style for file heads
make_issue_template.py [cleanup] Misc ()
make_lazy_extractors.py Improve plugin architecture ()
make_readme.py [build] Automated builds and nightly releases ()
make_supportedsites.py [devscripts] Create `utils` and refactor
prepare_manpage.py [docs] Various manpage fixes
run_tests.bat [devscripts] `run_tests`: Create Python script ()
run_tests.py Fix 2d1d683a54
run_tests.sh [devscripts] `run_tests`: Create Python script ()
set-variant.py [build, devscripts] Add devscript to set a build variant
tomlparse.py [cleanup] Standardize `import datetime as dt` ()
update-version.py [cleanup] Standardize `import datetime as dt` ()
update_changelog.py [build] Update changelog for tarball and sdist ()
utils.py [build] Overhaul and unify release workflow
zsh-completion.in Completely change project name to yt-dlp ()
zsh-completion.py [cleanup] Consistent style for file heads