fix: do not download and execute binaries via HTTP (#14914)

This fixes a couple of trivial remote code execution opportunities.
2021-01-29 02:59:40 +01:00
parent d6873b82ab
commit 31019e9828
3 changed files with 3 additions and 3 deletions
--- a/web3.js/bin/bpf-sdk-install.sh
+++ b/web3.js/bin/bpf-sdk-install.sh
@ -29,7 +29,7 @@ echo "Installing $channel BPF SDK into $installDir"
 set -x
 cd "$installDir/"
 curl -L  --retry 5 --retry-delay 2 -o bpf-sdk.tar.bz2 \
-  http://solana-sdk.s3.amazonaws.com/"$channel"/bpf-sdk.tar.bz2
+  https://solana-sdk.s3.amazonaws.com/"$channel"/bpf-sdk.tar.bz2
 rm -rf bpf-sdk
 mkdir -p bpf-sdk
 tar jxf bpf-sdk.tar.bz2