Skip to content

Fix CVE-2022-0529 and CVE-2022-0530 for unzip :3.0 #35147

Fix CVE-2022-0529 and CVE-2022-0530 for unzip :3.0

Fix CVE-2022-0529 and CVE-2022-0530 for unzip :3.0 #35147

# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
name: Check Package CGManifests
on:
push:
branches: [main, dev, 1.0*, 2.0*, 3.0*, fasttrack/*]
pull_request:
branches: [main, dev, 1.0*, 2.0*, 3.0*, fasttrack/*]
jobs:
build:
name: Check Package CGManifests
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v4
# This PR runner uses an older Ubuntu with rpm version 4.17, which doesn't understand some newer macros like %bcond
- name: Define missing rpm macros
run: |
[[ -n $(rpm --eval '%bcond test 1') ]] && echo '%bcond() %[ (%{2}) ? "%{expand:%%bcond_without %{1}}" : "%{expand:%%bcond_with %{1}}" ]' > ~/.rpmmacros
- name: Get base commit for PRs
if: ${{ github.event_name == 'pull_request' }}
run: |
git fetch origin ${{ github.base_ref }}
echo "base_sha=$(git rev-parse origin/${{ github.base_ref }})" >> $GITHUB_ENV
echo "Merging ${{ github.sha }} into ${{ github.base_ref }}"
- name: Get base commit for Pushes
if: ${{ github.event_name == 'push' }}
run: |
git fetch origin ${{ github.event.before }}
echo "base_sha=${{ github.event.before }}" >> $GITHUB_ENV
echo "Merging ${{ github.sha }} into ${{ github.event.before }}"
- name: Get the changed files
run: |
echo "Files changed: '$(git diff-tree --no-commit-id --name-only -r ${{ env.base_sha }} ${{ github.sha }})'"
changed_specs=$(git diff-tree --diff-filter=d --no-commit-id --name-only -r ${{ env.base_sha }} ${{ github.sha }} | { grep "SPECS.*/.*\.spec$" || test $? = 1; })
echo "Files to validate: '${changed_specs}'"
echo "updated-specs=$(echo ${changed_specs})" >> $GITHUB_ENV
- name: Check each spec
run: |
.github/workflows/overwrite_shell_link.sh
.github/workflows/validate-cg-manifest.sh ${{ env.updated-specs }}