pacman-key: stricter parsing for -verify

Prevents trust being spoofed by using TRUST_FULLY in the signatory's name or in an added notation. Fixes FS#41147. Signed-off-by: Allan McRae <allan@archlinux.org>
author: Allan McRae <allan@archlinux.org> 2014-08-09 16:36:42 +1000
committer: Allan McRae <allan@archlinux.org> 2014-08-09 17:29:08 +1000
commit: 879e4665c4ed76376c9e2d9f2c597bb9cdabb79a (patch)
tree: c9ba61a815a79ecbd737c9a74046cb2e79be8d37 /scripts/pacman-key.sh.in
parent: 3e19cd366add23390ce4d0c9531b2c07e009a217 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 82340f9f..ba8d02e8 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -482,7 +482,7 @@ verify_sig() {
 	local ret=0
 	for sig; do
 		msg "Checking %s ..." "$sig"
-		if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "$sig" | grep -qE 'TRUST_(FULLY|ULTIMATE)'; then
+		if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "$sig" | grep -qE '^\[GNUPG:\] TRUST_(FULLY|ULTIMATE)$'; then
 			error "$(gettext "The signature identified by %s could not be verified.")" "$sig"
 			ret=1
 		fi
author	Allan McRae <allan@archlinux.org>	2014-08-09 16:36:42 +1000
committer	Allan McRae <allan@archlinux.org>	2014-08-09 17:29:08 +1000
commit	879e4665c4ed76376c9e2d9f2c597bb9cdabb79a (patch)
tree	c9ba61a815a79ecbd737c9a74046cb2e79be8d37 /scripts/pacman-key.sh.in
parent	3e19cd366add23390ce4d0c9531b2c07e009a217 (diff)