openSUSE: 2023:0374-1 moderate: yt-dlp
Description
This update for yt-dlp fixes the following issues: - Update to release 2023.11.14 * Security: [CVE-2023-46121] Patch Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection * Disallow smuggling of arbitrary http_headers; extractors now only use specific headers - Make yt-dlp require the one pythonXX-yt-dlp that /usr/bin/yt-dlp was built with. - Rework Python build procedure [boo#1216467] - Enable Python library [boo#1216467] - Update to release 2023.10.13 * youtube: fix some bug with --extractor-retries inf - Update to release 2023.10.07 * yt: Fix heatmap extraction * yt: Raise a warning for Incomplete Data instead of an error - Update to release 2023.09.24 * Extract subtitles from SMIL manifests * fb: Add dash manifest URL * crunchyroll: Remove initial state extraction * youtube: Add player_params extractor arg - remove suggests on brotlicffi - this is only for != cpython - Update to release 2023.07.06 * Prevent Cookie leaks on HTTP redirect [boo#1213124] [CVE-2023-35934] * yt: Avoid false DRM detection * yt: Process post_live over 2 hours * yt: Support shorts-only playlists - Update to release 2023.06.22 * youtube: add IOS to default clients used - Update to release 2023.06.21 * Add option --compat-option playlist-match-filter * Add options --no-quiet, option --color, --netrc-cmd, --xff * Auto-select default format in -f- * Improve HTTP redirect handling * Support decoding multiple content encodings - Use python3.11 on Leap 15.5 * python3.11 is the only python3 > 3.6 version would be shipped in Leap 15.5 - Update to release 2023.03.04 * A bunch of extractor fixes - Update to release 2023.03.03 * youtube: Construct dash formats with range query * yt: Detect and break on looping comments * yt: Extract channel view_count when /about tab is passed - Update to release 2023.02.17 * Merge youtube-dl: Upto commit/2dd6c6e (Feb 17 2023) * Fix --concat-playlist * Imply --no-progress when --print * Improve default subtitle language selection * Make title completely non-fatal * Sanitize formats before sorting * [hls] Allow extractors to provide AES key * [extractor/generic] Avoid catastrophic backtracking in KVS regex * [jsinterp] Support if statements * [plugins] Fix zip search paths * [utils] Don't use Content-length with encoding * [utils] Fix time_seconds to use the provided TZ * [utils] Fix race condition in make_dir * [extractor/anchorfm] Add episode * [extractor/boxcast] Add extractor * [extractor/ebay] Add extractor * [extractor/hypergryph] Add extractor * [extractor/NZOnScreen] Add extractor * [extractor/rozhlas] Add extractor * [extractor/tempo] Add IVXPlayer extractor * [extractor/txxx] Add extractors * [extractor/vocaroo] Add extractor * [extractor/wrestleuniverse] Add extractors * [extractor/yappy] Add extractor * [extractor/youtube] Fix uploader_id extraction * [extractor/youtube] Add hyperpipe instances * [extractor/youtube] Handle consent.youtube * [extractor/youtube] Support /live/ URL * [extractor/youtube] Update invidious and piped instances * [extractor/91porn] Fix title and comment extraction * [extractor/AbemaTV] Cache user token whenever appropriate * [extractor/bfmtv] Support rmc prefix * [extractor/biliintl] Add intro and ending chapters * [extractor/clyp] Support wav * [extractor/crunchyroll] Add intro chapter * [extractor/crunchyroll] Better message for premium videos * [extractor/crunchyroll] Fix incorrect premium-only error * [extractor/DouyuTV] Use new API * [extractor/embedly] Embedded links may be for other extractors * [extractor/freesound] Workaround invalid URL in webpage * [extractor/GoPlay] Use new API * [extractor/Hidive] Fix subtitles and age-restriction * [extractor/huya] Support HD streams * [extractor/moviepilot] Fix extractor * [extractor/nbc] Fix NBC and NBCStations extractors * [extractor/nbc] Fix XML parsing * [extractor/nebula] Remove broken cookie support * [extractor/nfl] Add NFLPlus extractor * [extractor/niconico] Add support for like history * [extractor/nitter] Update instance list by OIRNOIR * [extractor/npo] Fix extractor and add HD support * [extractor/odkmedia] Add OnDemandChinaEpisodeIE * [extractor/pornez] Handle relative URLs in iframe * [extractor/radiko] Fix format sorting for Time Free * [extractor/rcs] Fix extractors * [extractor/reddit] Support user posts * [extractor/rumble] Fix format sorting * [extractor/servus] Rewrite extractor * [extractor/slideslive] Fix slides and chapters/duration * [extractor/SportDeutschland] Fix extractor * [extractor/Stripchat] Fix extractor * [extractor/tnaflix] Fix extractor * [extractor/tvp] Support stream.tvp.pl * [extractor/twitter] Fix --no-playlist and add media view_count when using GraphQL * [extractor/twitter] Fix graphql extraction on some tweets * [extractor/vimeo] Fix playerConfig extraction * [extractor/viu] Add ViuOTTIndonesiaIE extractor * [extractor/vk] Fix playlists for new API * [extractor/vlive] Replace with VLiveWebArchiveIE * [extractor/ximalaya] Update album _VALID_URL * [extractor/zdf] Use android API endpoint for UHD downloads * [youtube] Improve description extraction * [youtube] Prevent excess HTTP 301 * [bellmedia] Add support for cp24.com clip URLs
Patch
Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2023-374=1
Package List
- openSUSE Backports SLE-15-SP5 (noarch): python311-yt-dlp-2023.11.14-bp155.3.3.1 yt-dlp-2023.11.14-bp155.3.3.1 yt-dlp-bash-completion-2023.11.14-bp155.3.3.1 yt-dlp-fish-completion-2023.11.14-bp155.3.3.1 yt-dlp-zsh-completion-2023.11.14-bp155.3.3.1
References
https://www.suse.com/security/cve/CVE-2023-35934.html https://www.suse.com/security/cve/CVE-2023-46121.html https://bugzilla.suse.com/1213124 https://bugzilla.suse.com/1216467
