From: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 7 Nov 2025 09:50:59 +0000 (+0000) Subject: Dependabot update X-Git-Tag: 3.6-PRE-CLANG-FORMAT-WEBKIT~79 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fd89d17e790cb0fc2a017d382f3483120f19db49;p=thirdparty%2Fopenssl.git Dependabot update CLA: trivial (deps): Bump actions/checkout Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Reviewed-by: Saša Nedvědický Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/29098) (cherry picked from commit 3066e59dfefd5967f46ebd699071084895c55ca3) --- diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 2c595e2e099..56a6d1fc28e 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -40,7 +40,7 @@ jobs: ] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 if: ${{ contains(join(github.event.pull_request.labels.*.name,','),matrix.release.branch) }} with: ref: ${{ github.event.pull_request.head.sha }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 75e03a6468f..b4ed4b4721e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,8 +31,8 @@ jobs: - name: install unifdef run: | sudo apt-get update - sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install unifdef - - uses: actions/checkout@v4 + sudo apt-get -yq --no-install-suggests --no-install-recommends --allow-unauthenticated --allow-downgrades --allow-remove-essential --allow-change-held-packages install unifdef + - uses: actions/checkout@v5 with: fetch-depth: 0 - name: config @@ -47,7 +47,9 @@ jobs: check_docs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: config run: ./config --strict-warnings --banner=Configured enable-fips && perl configdata.pm --dump - name: make build_generated @@ -67,7 +69,9 @@ jobs: check-c99: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: config run: CPPFLAGS='-std=c99 -D_XOPEN_SOURCE=1 -D_POSIX_C_SOURCE=200809L' ./config --strict-warnings --banner=Configured enable-sslkeylog no-asm no-secure-memory no-makedepend enable-buildtest-c++ enable-fips enable-lms && perl configdata.pm --dump - name: make @@ -76,7 +80,9 @@ jobs: basic_gcc: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: localegen @@ -108,7 +114,9 @@ jobs: basic_clang: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config @@ -131,7 +139,9 @@ jobs: linux-arm64: runs-on: ${{ github.repository == 'openssl/openssl' && 'linux-arm64' || 'ubuntu-24.04-arm' }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: config run: ./config --strict-warnings enable-demos enable-fips enable-lms enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace - name: config dump @@ -154,7 +164,9 @@ jobs: freebsd-x86_64: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: config uses: cross-platform-actions/action@fe0167d8082ac584754ef3ffb567fded22642c7d #v0.27.0 with: @@ -196,7 +208,9 @@ jobs: minimal: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config @@ -219,7 +233,9 @@ jobs: no-deprecated: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config @@ -242,7 +258,9 @@ jobs: no-shared-ubuntu: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config @@ -265,7 +283,9 @@ jobs: no-shared-macos: runs-on: macos-14 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config @@ -288,7 +308,9 @@ jobs: non-caching: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: Adjust ASLR for sanitizer @@ -315,7 +337,9 @@ jobs: address_ub_sanitizer: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: Adjust ASLR for sanitizer @@ -342,7 +366,9 @@ jobs: fuzz_tests: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: Adjust ASLR for sanitizer @@ -370,7 +396,9 @@ jobs: memory_sanitizer: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: Adjust ASLR for sanitizer @@ -398,7 +426,9 @@ jobs: threads_sanitizer: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: Adjust ASLR for sanitizer @@ -425,7 +455,9 @@ jobs: enable_non-default_options: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: modprobe tls @@ -450,7 +482,9 @@ jobs: full_featured: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: modprobe tls @@ -481,7 +515,9 @@ jobs: no-legacy: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config @@ -504,7 +540,9 @@ jobs: legacy: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config @@ -532,9 +570,10 @@ jobs: out-of-readonly-source-and-install-ubuntu: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: path: ./source + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora working-directory: ./source @@ -573,9 +612,10 @@ jobs: out-of-readonly-source-and-install-macos: runs-on: macos-15 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: path: ./source + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora working-directory: ./source @@ -614,9 +654,10 @@ jobs: external-tests-misc: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: submodules: recursive + persist-credentials: false - name: package installs run: | sudo apt-get update @@ -655,9 +696,10 @@ jobs: external-tests-oqs-provider: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: submodules: recursive + persist-credentials: false - name: config run: ./config --strict-warnings --banner=Configured --debug enable-external-tests && perl configdata.pm --dump - name: make @@ -676,7 +718,9 @@ jobs: - name: package installs run: | dnf install -y perl-FindBin perl-IPC-Cmd perl-File-Compare perl-File-Copy perl-Test-Simple perl-Test-Harness python3 make g++ perl git meson opensc expect kryoptic - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora and pkcs11-provider submodule run: | git config --global --add safe.directory /__w/openssl/openssl @@ -705,9 +749,10 @@ jobs: PYTHON: - 3.9 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: submodules: recursive + persist-credentials: false - name: package installs run: | sudo apt-get update diff --git a/.github/workflows/coveralls.yml b/.github/workflows/coveralls.yml index 0e0f1fa9213..93c2c8282ec 100644 --- a/.github/workflows/coveralls.yml +++ b/.github/workflows/coveralls.yml @@ -83,7 +83,7 @@ jobs: branches: ${{ fromJSON(needs.define-matrix.outputs.branches) }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: submodules: recursive ref: ${{ matrix.branches.branch }} diff --git a/.github/workflows/cross-compiles.yml b/.github/workflows/cross-compiles.yml index 7956c66a731..f4afd09517f 100644 --- a/.github/workflows/cross-compiles.yml +++ b/.github/workflows/cross-compiles.yml @@ -168,7 +168,9 @@ jobs: sudo apt-get -yq --force-yes install \ gcc-${{ matrix.platform.arch }} \ ${{ matrix.platform.libs }} - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora diff --git a/.github/workflows/fips-checksums.yml b/.github/workflows/fips-checksums.yml index d286d78cb9f..95ed69f4ddd 100644 --- a/.github/workflows/fips-checksums.yml +++ b/.github/workflows/fips-checksums.yml @@ -26,7 +26,7 @@ jobs: mkdir ./build mkdir ./source mkdir ./artifact - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: repository: ${{ github.event.pull_request.base.repo.full_name }} ref: ${{ github.event.pull_request.base.ref }} @@ -43,7 +43,7 @@ jobs: - name: make fips-checksums pristine run: make fips-checksums working-directory: ./build-pristine - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: path: source - name: config @@ -88,7 +88,7 @@ jobs: mkdir ./artifact - name: install extra config support run: sudo apt-get -y install libsctp-dev abigail-tools libzstd-dev zstd - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: repository: ${{ github.event.pull_request.base.repo.full_name }} ref: ${{ github.event.pull_request.base.ref }} @@ -99,7 +99,7 @@ jobs: - name: make pristine run: make -s -j4 working-directory: ./build-pristine - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: path: source - name: config diff --git a/.github/workflows/fuzz-checker.yml b/.github/workflows/fuzz-checker.yml index b7e3cf51eed..dbf3aeb05c2 100644 --- a/.github/workflows/fuzz-checker.yml +++ b/.github/workflows/fuzz-checker.yml @@ -52,7 +52,9 @@ jobs: run: | sudo cat /proc/sys/vm/mmap_rnd_bits sudo sysctl -w vm.mmap_rnd_bits=28 - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: config run: | diff --git a/.github/workflows/interop-tests.yml b/.github/workflows/interop-tests.yml index 147bd25d361..9fd76e2b070 100644 --- a/.github/workflows/interop-tests.yml +++ b/.github/workflows/interop-tests.yml @@ -23,7 +23,9 @@ jobs: env: COMPONENT: ${{ matrix.COMPONENT }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: Display environment run: export - name : Install needed tools diff --git a/.github/workflows/make-release.yml b/.github/workflows/make-release.yml index 1e2c7f25f7c..7d50db65e3d 100644 --- a/.github/workflows/make-release.yml +++ b/.github/workflows/make-release.yml @@ -17,7 +17,7 @@ jobs: runs-on: "releaser" steps: - name: "Checkout" - uses: "actions/checkout@v4" + uses: "actions/checkout@v5" with: fetch-depth: 1 ref: ${{ github.ref_name }} diff --git a/.github/workflows/os-zoo.yml b/.github/workflows/os-zoo.yml index 68f0c331ac4..311425f4dae 100644 --- a/.github/workflows/os-zoo.yml +++ b/.github/workflows/os-zoo.yml @@ -35,7 +35,9 @@ jobs: steps: - name: install packages run: apk --no-cache add build-base perl linux-headers ${{ matrix.cc }} - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: config run: | ./config --strict-warnings --banner=Configured no-shared enable-fips \ @@ -84,7 +86,9 @@ jobs: runs-on: ubuntu-latest container: ${{ matrix.zoo.image }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: install packages run: ${{ matrix.zoo.install }} - name: config @@ -107,7 +111,9 @@ jobs: os: [macos-13, macos-14, macos-15] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config @@ -134,7 +140,9 @@ jobs: vcvars: C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat runs-on: ${{ matrix.platform.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: install nasm @@ -177,7 +185,9 @@ jobs: runs-on: linux-arm64 if: github.repository == 'openssl/openssl' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: config run: ./config --strict-warnings enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace - name: config dump @@ -193,7 +203,9 @@ jobs: runs-on: linux-ppc64le if: github.repository == 'openssl/openssl' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: config run: ./config --strict-warnings enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace - name: config dump @@ -211,7 +223,9 @@ jobs: runs-on: linux-s390x if: github.repository == 'openssl/openssl' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: config run: ./config --strict-warnings enable-fips enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace - name: config dump @@ -229,7 +243,9 @@ jobs: runs-on: linux-riscv64 if: github.repository == 'openssl/openssl' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: config run: ./config enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace - name: config dump @@ -246,7 +262,9 @@ jobs: freebsd-x86_64: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: config uses: cross-platform-actions/action@fe0167d8082ac584754ef3ffb567fded22642c7d #v0.27.0 with: diff --git a/.github/workflows/perl-minimal-checker.yml b/.github/workflows/perl-minimal-checker.yml index 11f4563dcbe..c15b0f944d4 100644 --- a/.github/workflows/perl-minimal-checker.yml +++ b/.github/workflows/perl-minimal-checker.yml @@ -37,7 +37,9 @@ jobs: make -j$(nproc) && make install perl -MTest::More -e 'print "$Test::More::VERSION\n"' popd - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: Build openssl run: ./config && make -j $(nproc) - name: Install sed diff --git a/.github/workflows/prov-compat-label.yml b/.github/workflows/prov-compat-label.yml index cda1e52be13..072b36f3abd 100644 --- a/.github/workflows/prov-compat-label.yml +++ b/.github/workflows/prov-compat-label.yml @@ -142,7 +142,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: path: ${{ matrix.branch.dir }} repository: openssl/openssl diff --git a/.github/workflows/provider-compatibility.yml b/.github/workflows/provider-compatibility.yml index 4578f1d89a4..8af8fbdf59b 100644 --- a/.github/workflows/provider-compatibility.yml +++ b/.github/workflows/provider-compatibility.yml @@ -152,7 +152,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: path: ${{ matrix.branch.dir }} repository: openssl/openssl diff --git a/.github/workflows/riscv-more-cross-compiles.yml b/.github/workflows/riscv-more-cross-compiles.yml index 737b9d50e4e..6d95960e2dd 100644 --- a/.github/workflows/riscv-more-cross-compiles.yml +++ b/.github/workflows/riscv-more-cross-compiles.yml @@ -194,7 +194,9 @@ jobs: sudo apt-get -yq --force-yes install \ gcc-${{ matrix.platform.arch }} \ ${{ matrix.platform.libs }} - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora diff --git a/.github/workflows/run-checker-ci.yml b/.github/workflows/run-checker-ci.yml index f2d2d16e595..93157f50e5f 100644 --- a/.github/workflows/run-checker-ci.yml +++ b/.github/workflows/run-checker-ci.yml @@ -46,7 +46,9 @@ jobs: ] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config diff --git a/.github/workflows/run-checker-daily.yml b/.github/workflows/run-checker-daily.yml index bef1e8aacfe..c11e4e8706c 100644 --- a/.github/workflows/run-checker-daily.yml +++ b/.github/workflows/run-checker-daily.yml @@ -136,7 +136,9 @@ jobs: ] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config @@ -155,7 +157,9 @@ jobs: run-checker-sctp: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: Install Dependencies for sctp option @@ -199,7 +203,9 @@ jobs: sudo apt-get update sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install brotli libbrotli1 libbrotli-dev - name: checkout openssl - uses: actions/checkout@v4 + uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config @@ -221,7 +227,9 @@ jobs: sudo apt-get update sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install zstd libzstd1 libzstd-dev - name: checkout openssl - uses: actions/checkout@v4 + uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config @@ -244,7 +252,9 @@ jobs: sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install brotli libbrotli1 libbrotli-dev sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install zstd libzstd1 libzstd-dev - name: checkout openssl - uses: actions/checkout@v4 + uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config @@ -262,7 +272,9 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout openssl - uses: actions/checkout@v4 + uses: actions/checkout@v5 + with: + persist-credentials: false - name: Adjust ASLR for sanitizer run: | sudo cat /proc/sys/vm/mmap_rnd_bits @@ -288,7 +300,9 @@ jobs: sudo apt-get update sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install brotli libbrotli1 libbrotli-dev - name: checkout openssl - uses: actions/checkout@v4 + uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: Adjust ASLR for sanitizer @@ -314,7 +328,9 @@ jobs: sudo apt-get update sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install zstd libzstd1 libzstd-dev - name: checkout openssl - uses: actions/checkout@v4 + uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: Adjust ASLR for sanitizer @@ -338,7 +354,9 @@ jobs: os: [ ubuntu-latest, macos-13, macos-14 ] runs-on: ${{matrix.os}} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config @@ -353,7 +371,9 @@ jobs: enable_buildtest: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config @@ -370,7 +390,9 @@ jobs: memory_sanitizer_slh_dsa: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: Adjust ASLR for sanitizer diff --git a/.github/workflows/run-checker-merge.yml b/.github/workflows/run-checker-merge.yml index eb98a00a2c1..fd553f54917 100644 --- a/.github/workflows/run-checker-merge.yml +++ b/.github/workflows/run-checker-merge.yml @@ -43,7 +43,9 @@ jobs: run: | sudo cat /proc/sys/vm/mmap_rnd_bits sudo sysctl -w vm.mmap_rnd_bits=28 - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config @@ -63,13 +65,16 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout openssl - uses: actions/checkout@v4 + uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout jitter - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: repository: smuellerDD/jitterentropy-library ref: v3.5.0 path: jitter + persist-credentials: false - name: build jitter run: make -C jitter/ - name: checkout fuzz/corpora submodule @@ -88,7 +93,9 @@ jobs: threads_sanitizer_atomic_fallback: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: Adjust ASLR for sanitizer diff --git a/.github/workflows/run_quic_interop.yml b/.github/workflows/run_quic_interop.yml index 386315f77ec..a8063c365f6 100644 --- a/.github/workflows/run_quic_interop.yml +++ b/.github/workflows/run_quic_interop.yml @@ -20,10 +20,11 @@ jobs: fail-fast: false runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: - repository: 'quic-interop/quic-interop-runner' - fetch-depth: 0 + repository: 'quic-interop/quic-interop-runner' + fetch-depth: 0 + persist-credentials: false - name: Install python requirements run: | for i in {1..3}; do pip install -r requirements.txt && break; sleep 10; done @@ -77,10 +78,11 @@ jobs: fail-fast: false runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: - repository: 'quic-interop/quic-interop-runner' - fetch-depth: 0 + repository: 'quic-interop/quic-interop-runner' + fetch-depth: 0 + persist-credentials: false - name: Install python requirements run: | for i in {1..3}; do pip install -r requirements.txt && break; sleep 10; done diff --git a/.github/workflows/static-analysis-on-prem.yml b/.github/workflows/static-analysis-on-prem.yml index d346eab7973..0dc82eb427c 100644 --- a/.github/workflows/static-analysis-on-prem.yml +++ b/.github/workflows/static-analysis-on-prem.yml @@ -27,7 +27,9 @@ jobs: run: | echo ${{ secrets.COVERITY_AUTH_KEY }} | base64 -d > /auth_key_file.txt chmod 0600 /auth_key_file.txt - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: Config run: CC=gcc ./config --strict-warnings --banner=Configured --debug enable-lms enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC - name: Config dump diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml index f9bb9b076e7..3ee2769a136 100644 --- a/.github/workflows/static-analysis.yml +++ b/.github/workflows/static-analysis.yml @@ -21,7 +21,9 @@ jobs: if: github.repository == 'openssl/openssl' runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: tool download run: | wget https://scan.coverity.com/download/linux64 \ diff --git a/.github/workflows/style-checks.yml b/.github/workflows/style-checks.yml index 69c9ca6c8ef..f928c5bd19f 100644 --- a/.github/workflows/style-checks.yml +++ b/.github/workflows/style-checks.yml @@ -20,7 +20,7 @@ jobs: check-style: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: fetch-depth: 0 path: openssl diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index dd03796f2d0..0a8658d302c 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -32,7 +32,9 @@ jobs: vcvars: C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars32.bat runs-on: ${{ matrix.platform.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: install nasm @@ -102,7 +104,9 @@ jobs: plain: runs-on: windows-2022 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: prepare the build directory @@ -141,7 +145,9 @@ jobs: minimal: runs-on: windows-2022 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: prepare the build directory @@ -197,7 +203,9 @@ jobs: MAKE_PARAMS: -j 4 steps: # Checkout before cygwin can mess with PATH... - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - uses: cygwin/cygwin-install-action@f2009323764960f80959895c7bc3bb30210afe4d #v6 with: packages: perl git make gcc-core diff --git a/.github/workflows/windows_comp.yml b/.github/workflows/windows_comp.yml index 7496c1b7e74..adaa5861674 100644 --- a/.github/workflows/windows_comp.yml +++ b/.github/workflows/windows_comp.yml @@ -23,7 +23,9 @@ jobs: zstd: runs-on: windows-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: install nasm @@ -88,7 +90,9 @@ jobs: brotli: runs-on: windows-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 + with: + persist-credentials: false - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: install nasm