Merge #13479: contrib: Fix CVE-2018-12356 by hardening the regex

9e2e5626dabb7208dafedcc9904940b666be1c3b Fix CVE-2018-12356 by hardening the regex. (Loganaden Velvindron) Pull request description: Detailed write-up here: https://neopg.io/blog/pass-signature-spoof/ Tree-SHA512: 2020474ff4c7b5e7f1bea932c63da62aca48d3dc6dcd04507afefad6c40f2977ed2d2916defe2e8e7936a2d498125c578077870147954a7af9b29b823cbb0b10
author: Wladimir J. van der Laan <laanwj@gmail.com> 2018-06-16 15:20:13 +0200
committer: Wladimir J. van der Laan <laanwj@gmail.com> 2018-06-16 15:20:17 +0200
commit: fa2ea37940edb407a0fed547bbb93d753240263a (patch)
tree: 882c61ee67d05eb8b299675a71db5f5059d51cde /contrib
parent: 81069a75bd71f21f9cbab97c68f7347073cc9ae5 (diff)
parent: 9e2e5626dabb7208dafedcc9904940b666be1c3b (diff)
download: bitcoin-fa2ea37940edb407a0fed547bbb93d753240263a.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/contrib/verify-commits/gpg.sh b/contrib/verify-commits/gpg.sh
index 8f3e4b8063..16d41d7269 100755
--- a/contrib/verify-commits/gpg.sh
+++ b/contrib/verify-commits/gpg.sh
@@ -57,7 +57,7 @@ if ! $VALID; then
 	exit 1
 fi
 if $VALID && $REVSIG; then
-	printf '%s\n' "$INPUT" | gpg --trust-model always "$@" 2>/dev/null | grep "\[GNUPG:\] \(NEWSIG\|SIG_ID\|VALIDSIG\)"
+	printf '%s\n' "$INPUT" | gpg --trust-model always "$@" 2>/dev/null | grep "^\[GNUPG:\] \(NEWSIG\|SIG_ID\|VALIDSIG\)"
 	echo "$GOODREVSIG"
 else
 	printf '%s\n' "$INPUT" | gpg --trust-model always "$@" 2>/dev/null
author	Wladimir J. van der Laan <laanwj@gmail.com>	2018-06-16 15:20:13 +0200
committer	Wladimir J. van der Laan <laanwj@gmail.com>	2018-06-16 15:20:17 +0200
commit	fa2ea37940edb407a0fed547bbb93d753240263a (patch)
tree	882c61ee67d05eb8b299675a71db5f5059d51cde /contrib
parent	81069a75bd71f21f9cbab97c68f7347073cc9ae5 (diff)
parent	9e2e5626dabb7208dafedcc9904940b666be1c3b (diff)
download	bitcoin-fa2ea37940edb407a0fed547bbb93d753240263a.tar.xz