Commit Graph

27 Commits (eb2533ec4cc55f1a100e508ea683f345cc84dac9)

Author SHA1 Message Date
Filippo Valsorda 4d318be195 [update] fix (unexploitable) BB'06 vulnerability in rsa_verify
The rsa_verify code was vulnerable to a BB'06 attack, allowing to forge
signatures for arbitrary messages if and only if the public key exponent is
3.  Since the updates key is hardcoded to 65537, there is no risk for
youtube-dl, but I don't want vulnerable code in the wild.

The new function adopts a way safer approach of encoding-and-comparing to
replace the dangerous parsing code.
2016-01-21 20:12:17 +00:00
Sergey M․ c0384f221e Use proper encoding on compat_str construction when necessary 2015-12-20 06:29:36 +06:00
David Ben Zakai 828b2a5cd9 Removing an unnecessary import 2015-11-15 09:40:32 +02:00
David Ben Zakai d3d3e2e3aa Adding proxy to update procedure 2015-11-10 16:31:42 +02:00
Jaime Marquínez Ferrándiz de390ea077 update: Use https for getting the version info (fixes #5909) 2015-06-07 00:21:30 +02:00
Jaime Marquínez Ferrándiz 70a1165b32 Don't use bare 'except:'
They catch any exception, including KeyboardInterrupt, we don't want to catch it.
2015-03-27 13:02:20 +01:00
Philipp Hagemeister be4a824d74 Add new option --source-address
Closes #3618, fixes #721, fixes #2481, fixes #4551, closes #1020.
2015-01-10 19:56:51 +01:00
Philipp Hagemeister aa2fd59857 [update] Use utils HTTPS handler (Fixes #4666)
On FreeBSD, the default HTTPS handler is missing certificates, so use our own.
2015-01-09 20:20:48 +01:00
Jaime Marquínez Ferrándiz 83e865a370 Fix PEP8 issue E713 2014-12-09 23:11:26 +01:00
Philipp Hagemeister 673cf0e773 [update] Remove useless import 2014-11-26 12:37:45 +01:00
Philipp Hagemeister 15938ab67a [update] Modernize 2014-11-26 12:24:57 +01:00
Jouke Waleson 2514d2635e PEP8: E225,E227 2014-11-23 21:23:05 +01:00
Jouke Waleson 8bcc875676 PEP8: more applied 2014-11-23 21:20:46 +01:00
Jouke Waleson 5f6a1245ff PEP8 applied 2014-11-23 20:41:03 +01:00
Philipp Hagemeister 18a25c5d78 Clarify update output (Fixes #2205)
No, we are not intentionally hiding the version number. Why would we?
2014-01-23 10:24:44 +01:00
Philipp Hagemeister 2e767313e4 [update] fix error 2013-11-24 06:52:21 +01:00
Philipp Hagemeister d7386f6276 [update] Check if version from repository is newer before updating
Closes #1704
2013-11-22 23:05:58 +01:00
Philipp Hagemeister 0b63aed8df [update] do not assign to unused variables 2013-11-22 19:15:36 +01:00
Philipp Hagemeister ce02ed60f2 Remove * imports 2013-11-17 16:47:52 +01:00
Philipp Hagemeister d279037036 [update] Prevent cmd window popup on Windows (Fixes #1478) 2013-09-29 14:37:06 +02:00
Philipp Hagemeister 46353f6783 [update] Look for .exe extension on Windows (Fixes #745) 2013-09-29 14:37:00 +02:00
Philipp Hagemeister f9bd64c098 [update] Add package manager to error message (#959) 2013-07-01 02:36:49 +02:00
Philipp Hagemeister 46a127eecb Fix print_notes 2013-04-28 16:21:29 +02:00
Ricardo Garcia 43ff1a347d Change rg3.github.com to rg3.github.io almost everywhere 2013-04-06 10:46:17 +02:00
Philipp Hagemeister 12887875a2 Fix typo 2013-02-25 00:22:55 +01:00
Philipp Hagemeister 3bf79c752e Print *all* release notes 2013-02-22 00:36:23 +01:00
Filippo Valsorda d5ed35b664 moved updating code to update.py 2012-12-30 19:50:33 +01:00