[update] yt-dlp - rce via path traversal

Fixed in 2024.07.01:

https://securitylab.github.com/advisories/GHSL-2024-090_yt-dlp/

youtube-dl has the same problem, fixed in ytdl-nightly 2024.07.03

https://github.com/ytdl-org/ytdl-nightly/releases/tag/2024.07.03

perhaps youtube-dl should switch to nightly rather than being stuck
on a probably mostly dysfunctional old version?

Index: Makefile
===================================================================
RCS file: /cvs/ports/www/yt-dlp/Makefile,v
diff -u -p -r1.38 Makefile
--- Makefile 31 May 2024 14:38:53 -0000 1.38
+++ Makefile 7 Jul 2024 04:56:05 -0000
@@ -1,6 +1,6 @@
COMMENT = CLI program to download videos from YouTube and other sites

-VERSION = 2024.05.27
+VERSION = 2024.07.02
MODPY_EGG_VERSION = ${VERSION:S/.0/./g}

DISTNAME = yt-dlp-${VERSION}
Index: distinfo
===================================================================
RCS file: /cvs/ports/www/yt-dlp/distinfo,v
diff -u -p -r1.33 distinfo
--- distinfo 31 May 2024 14:38:53 -0000 1.33
+++ distinfo 7 Jul 2024 04:56:09 -0000
@@ -1,2 +1,2 @@
-SHA256 (yt-dlp-2024.05.27.tar.gz) = g9vxVFZJDn7+m6g5ki+CIdB88RaLKWU/1Hb6o835EjU=
-SIZE (yt-dlp-2024.05.27.tar.gz) = 5638920
+SHA256 (yt-dlp-2024.07.02.tar.gz) = EJSvOlgnpqMSabl71wFFYmmvGFlUJ8mQXz/74aEVgqA=
+SIZE (yt-dlp-2024.07.02.tar.gz) = 5671980
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/www/yt-dlp/pkg/PLIST,v
diff -u -p -r1.31 PLIST
--- pkg/PLIST 27 May 2024 12:46:30 -0000 1.31
+++ pkg/PLIST 7 Jul 2024 04:58:27 -0000
@@ -792,6 +792,8 @@ lib/python${MODPY_VERSION}/site-packages
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/${MODPY_PYCACHE}gotostage.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/${MODPY_PYCACHE}gputechconf.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/${MODPY_PYCACHE}gputechconf.${MODPY_PYC_MAGIC_TAG}pyc
+lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/${MODPY_PYCACHE}graspop.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
+lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/${MODPY_PYCACHE}graspop.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/${MODPY_PYCACHE}gronkh.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/${MODPY_PYCACHE}gronkh.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/${MODPY_PYCACHE}groupon.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
@@ -966,6 +968,8 @@ lib/python${MODPY_VERSION}/site-packages
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/${MODPY_PYCACHE}kuwo.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/${MODPY_PYCACHE}la7.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/${MODPY_PYCACHE}la7.${MODPY_PYC_MAGIC_TAG}pyc
+lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/${MODPY_PYCACHE}laracasts.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
+lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/${MODPY_PYCACHE}laracasts.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/${MODPY_PYCACHE}lastfm.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/${MODPY_PYCACHE}lastfm.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/${MODPY_PYCACHE}laxarxames.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
@@ -1094,8 +1098,6 @@ lib/python${MODPY_VERSION}/site-packages
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/${MODPY_PYCACHE}microsoftembed.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/${MODPY_PYCACHE}microsoftstream.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/${MODPY_PYCACHE}microsoftstream.${MODPY_PYC_MAGIC_TAG}pyc
-lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/${MODPY_PYCACHE}microsoftvirtualacademy.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
-lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/${MODPY_PYCACHE}microsoftvirtualacademy.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/${MODPY_PYCACHE}mildom.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/${MODPY_PYCACHE}mildom.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/${MODPY_PYCACHE}minds.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
@@ -1672,6 +1674,8 @@ lib/python${MODPY_VERSION}/site-packages
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/${MODPY_PYCACHE}springboardplatform.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/${MODPY_PYCACHE}sprout.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/${MODPY_PYCACHE}sprout.${MODPY_PYC_MAGIC_TAG}pyc
+lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/${MODPY_PYCACHE}sproutvideo.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
+lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/${MODPY_PYCACHE}sproutvideo.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/${MODPY_PYCACHE}srgssr.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/${MODPY_PYCACHE}srgssr.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/${MODPY_PYCACHE}srmediathek.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
@@ -2464,6 +2468,7 @@ lib/python${MODPY_VERSION}/site-packages
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/goshgay.py
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/gotostage.py
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/gputechconf.py
+lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/graspop.py
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/gronkh.py
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/groupon.py
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/harpodeon.py
@@ -2551,6 +2556,7 @@ lib/python${MODPY_VERSION}/site-packages
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/kukululive.py
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/kuwo.py
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/la7.py
+lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/laracasts.py
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/lastfm.py
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/laxarxames.py
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/lazy_extractors.py
@@ -2615,7 +2621,6 @@ lib/python${MODPY_VERSION}/site-packages
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/mgtv.py
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/microsoftembed.py
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/microsoftstream.py
-lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/microsoftvirtualacademy.py
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/mildom.py
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/minds.py
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/minoto.py
@@ -2904,6 +2909,7 @@ lib/python${MODPY_VERSION}/site-packages
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/spreaker.py
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/springboardplatform.py
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/sprout.py
+lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/sproutvideo.py
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/srgssr.py
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/srmediathek.py
lib/python${MODPY_VERSION}/site-packages/yt_dlp/extractor/stacommu.py