From fc251cd339c7a1bd50ef8e01ef5f455d3fcd1008 Mon Sep 17 00:00:00 2001
From: Jacob Bachmeyer <jcb@gnu.org>
Date: Tue, 25 Oct 2022 20:28:51 -0500
Subject: [PATCH] Avoid passing tainted keyrings to signature verification

---
 gatekeeper.pl | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/gatekeeper.pl b/gatekeeper.pl
index 95e5996..cad4a52 100755
--- a/gatekeeper.pl
+++ b/gatekeeper.pl
@@ -1773,8 +1773,9 @@ sub read_directive_file {
   my @tmp_keyrings;
   open(TMP,"/usr/bin/find $package_config_base -name pubring.gpg|");
   while(<TMP>) {
-    chomp();
-    push(@tmp_keyrings,$_);
+    chomp;
+    m,^(/?${RE_filename_relative})$, or next;
+    push @tmp_keyrings, $1;
   }
   close(TMP);
 
-- 
2.25.1