]> git.gag.com Git - fw/openocd/commitdiff
projects / fw / openocd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2edcb06)
GitHub/WorkFlow: fix for CVE-2020-15228
authorTarek BOCHKATI <tarek.bouchkati@gmail.com>
Mon, 2 Nov 2020 15:31:27 +0000 (16:31 +0100)
committerAntonio Borneo <borneo.antonio@gmail.com>
Sat, 7 Nov 2020 20:51:35 +0000 (20:51 +0000)
According the CVE-2020-15228 documented in:
 - https://github.com/advisories/GHSA-mfwh-5m23-j46w
 - https://nvd.nist.gov/vuln/detail/CVE-2020-15228

the `set-env` commands will be disabled in the near future
and should be replaced by:
    echo "FOO=BAR" >> $GITHUB_ENV

idem for `add-path`, should be replaced by:
    echo "/path/to/add" >> $GITHUB_PATH

Change-Id: I725c9ccd861a0d1580ac22491b6d716ec65973d1
Signed-off-by: Tarek BOCHKATI <tarek.bouchkati@gmail.com>
Reviewed-on: http://openocd.zylin.com/5866
Tested-by: jenkins
Reviewed-by: Antonio Borneo <borneo.antonio@gmail.com>
.github/workflows/snapshot.yml patch | blob | history

diff --git a/.github/workflows/snapshot.yml b/.github/workflows/snapshot.yml
index 123ee66bd89bf22b87976accd221c7c333215c85..e9a95ffb5dca9f6f5850333b22f8bd281a9f5580 100644 (file)
--- a/.github/workflows/snapshot.yml
+++ b/.github/workflows/snapshot.yml
@@ -24,7 +24,7 @@ jobs:
           mkdir -p $DL_DIR && cd $DL_DIR
           wget "https://github.com/libusb/libusb/releases/download/v${LIBUSB1_VER}/libusb-${LIBUSB1_VER}.tar.bz2"
           tar -xjf libusb-${LIBUSB1_VER}.tar.bz2
-          echo "::set-env name=LIBUSB1_SRC::$PWD/libusb-${LIBUSB1_VER}"
+          echo "LIBUSB1_SRC=$PWD/libusb-${LIBUSB1_VER}" >> $GITHUB_ENV
       - name: Prepare hidapi
         env:
           HIDAPI_VER: 0.9.0
@@ -34,7 +34,7 @@ jobs:
           tar -xzf hidapi-${HIDAPI_VER}.tar.gz
           cd hidapi-hidapi-${HIDAPI_VER}
           ./bootstrap
-          echo "::set-env name=HIDAPI_SRC::$PWD"
+          echo "HIDAPI_SRC=$PWD" >> $GITHUB_ENV
       - name: Prepare libftdi
         env:
           LIBFTDI_VER: 1.4
@@ -42,7 +42,7 @@ jobs:
           mkdir -p $DL_DIR && cd $DL_DIR
           wget "http://www.intra2net.com/en/developer/libftdi/download/libftdi1-${LIBFTDI_VER}.tar.bz2"
           tar -xjf libftdi1-${LIBFTDI_VER}.tar.bz2
-          echo "::set-env name=LIBFTDI_SRC::$PWD/libftdi1-${LIBFTDI_VER}"
+          echo "LIBFTDI_SRC=$PWD/libftdi1-${LIBFTDI_VER}" >> $GITHUB_ENV
       - name: Prepare capstone
         env:
           CAPSTONE_VER: 4.0.2
@@ -78,8 +78,8 @@ jobs:
           # prepare the artifact
           ARTIFACT="openocd-${OPENOCD_TAG}-${HOST}.tar.gz"
           tar -czf $ARTIFACT *
-          echo "::set-env name=ARTIFACT_NAME::$ARTIFACT"
-          echo "::set-env name=ARTIFACT_PATH::$PWD/$ARTIFACT"
+          echo "ARTIFACT_NAME=$ARTIFACT" >> $GITHUB_ENV
+          echo "ARTIFACT_PATH=$PWD/$ARTIFACT" >> $GITHUB_ENV
       - name: Publish OpenOCD packaged for windows
         uses: actions/upload-artifact@v1
         with:
openocd with support for Altus Metrum targets