Harden against manifest directory traversal

author: setpill 2021-01-31 18:30:29 +0100
committer: setpill 2021-01-31 18:30:29 +0100
commit: 81b230ee8f528c1f27ff9736101b8e53a19602bf (patch)
tree: e97d418487e266ec67359540dbed47bb65f151c1
parent: 86e371515ab15c17cbba72ed5892e3f6cb513acf (diff)
download: aur-81b230ee8f528c1f27ff9736101b8e53a19602bf.tar.gz
2 files changed, 3 insertions, 3 deletions
diff --git a/.SRCINFO b/.SRCINFO
index f6349de69c8f..15e6ebb31b3d 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
 pkgbase = lnd-bin
 	pkgdesc = Lightning Network Daemon ⚡
 	pkgver = 0.12.0_beta
-	pkgrel = 3
+	pkgrel = 4
 	url = https://github.com/lightningnetwork/lnd
 	arch = x86_64
 	license = MIT
diff --git a/PKGBUILD b/PKGBUILD
index c4b01cd9e428..f2f089ecf620 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -4,7 +4,7 @@ _pkgname=lnd
 pkgver=0.12.0_beta
 _pkgver="${pkgver//_/-}"
 __pkgver="${_pkgver//\./\\\.}"
-pkgrel=3
+pkgrel=4
 pkgdesc="Lightning Network Daemon ⚡"
 arch=('x86_64')
 url="https://github.com/lightningnetwork/lnd"
@@ -34,7 +34,7 @@ prepare() {
     do
         echo "Verifying signatures for $maintainer"
         gpg -o- --verify "$_pkgname-manifest-$maintainer-v$_pkgver.txt.clearsigned" \
-            | grep "^[0-9a-f]\{64\}  $_pkgname-linux-amd64-v$__pkgver" \
+            | grep "^[0-9a-f]\{64\}  $_pkgname-linux-amd64-v$__pkgver\(\.tar\.gz\|/lnd\|/lncli\)$" \
             | sha256sum -c -
     done
 }
author	setpill	2021-01-31 18:30:29 +0100
committer	setpill	2021-01-31 18:30:29 +0100
commit	81b230ee8f528c1f27ff9736101b8e53a19602bf (patch)
tree	e97d418487e266ec67359540dbed47bb65f151c1
parent	86e371515ab15c17cbba72ed5892e3f6cb513acf (diff)
download	aur-81b230ee8f528c1f27ff9736101b8e53a19602bf.tar.gz