 4d318be195
			
		
	
	
		4d318be195
		
	
	
	
	
		
			
			The rsa_verify code was vulnerable to a BB'06 attack, allowing to forge signatures for arbitrary messages if and only if the public key exponent is 3. Since the updates key is hardcoded to 65537, there is no risk for youtube-dl, but I don't want vulnerable code in the wild. The new function adopts a way safer approach of encoding-and-comparing to replace the dangerous parsing code.
		
			
				
	
	
		
			34 lines
		
	
	
		
			No EOL
		
	
	
		
			1.6 KiB
		
	
	
	
		
			JSON
		
	
	
	
	
	
			
		
		
	
	
			34 lines
		
	
	
		
			No EOL
		
	
	
		
			1.6 KiB
		
	
	
	
		
			JSON
		
	
	
	
	
	
| {
 | |
|     "latest": "2013.01.06", 
 | |
|     "signature": "72158cdba391628569ffdbea259afbcf279bbe3d8aeb7492690735dc1cfa6afa754f55c61196f3871d429599ab22f2667f1fec98865527b32632e7f4b3675a7ef0f0fbe084d359256ae4bba68f0d33854e531a70754712f244be71d4b92e664302aa99653ee4df19800d955b6c4149cd2b3f24288d6e4b40b16126e01f4c8ce6", 
 | |
|     "versions": {
 | |
|         "2013.01.02": {
 | |
|             "bin": [
 | |
|                 "http://youtube-dl.org/downloads/2013.01.02/youtube-dl", 
 | |
|                 "f5b502f8aaa77675c4884938b1e4871ebca2611813a0c0e74f60c0fbd6dcca6b"
 | |
|             ], 
 | |
|             "exe": [
 | |
|                 "http://youtube-dl.org/downloads/2013.01.02/youtube-dl.exe", 
 | |
|                 "75fa89d2ce297d102ff27675aa9d92545bbc91013f52ec52868c069f4f9f0422"
 | |
|             ], 
 | |
|             "tar": [
 | |
|                 "http://youtube-dl.org/downloads/2013.01.02/youtube-dl-2013.01.02.tar.gz", 
 | |
|                 "6a66d022ac8e1c13da284036288a133ec8dba003b7bd3a5179d0c0daca8c8196"
 | |
|             ]
 | |
|         }, 
 | |
|         "2013.01.06": {
 | |
|             "bin": [
 | |
|                 "http://youtube-dl.org/downloads/2013.01.06/youtube-dl", 
 | |
|                 "64b6ed8865735c6302e836d4d832577321b4519aa02640dc508580c1ee824049"
 | |
|             ], 
 | |
|             "exe": [
 | |
|                 "http://youtube-dl.org/downloads/2013.01.06/youtube-dl.exe", 
 | |
|                 "58609baf91e4389d36e3ba586e21dab882daaaee537e4448b1265392ae86ff84"
 | |
|             ], 
 | |
|             "tar": [
 | |
|                 "http://youtube-dl.org/downloads/2013.01.06/youtube-dl-2013.01.06.tar.gz", 
 | |
|                 "fe77ab20a95d980ed17a659aa67e371fdd4d656d19c4c7950e7b720b0c2f1a86"
 | |
|             ]
 | |
|         }
 | |
|     }
 | |
| } |