Fix ruby-mode.el local command injection vulnerability

Resolves: #2175142

emacs-ruby-mode-local-command-injection-vulnerability.patch

@@ -0,0 +1,28 @@
+From 9a3b08061feea14d6f37685ca1ab8801758bfd1c Mon Sep 17 00:00:00 2001
+From: Xi Lu <lx@shellcodes.org>
+Date: Fri, 23 Dec 2022 12:52:48 +0800
+Subject: [PATCH] Fix ruby-mode.el local command injection vulnerability
+ (bug#60268)
+
+* lisp/progmodes/ruby-mode.el
+(ruby-find-library-file): Fix local command injection vulnerability.
+---
+ lisp/progmodes/ruby-mode.el | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lisp/progmodes/ruby-mode.el b/lisp/progmodes/ruby-mode.el
+index 1f3e9b6ae7b..a4aa61905e4 100644
+--- a/lisp/progmodes/ruby-mode.el
++++ b/lisp/progmodes/ruby-mode.el
+@@ -1820,7 +1820,7 @@ ruby-find-library-file
+       (setq feature-name (read-string "Feature name: " init))))
+   (let ((out
+          (substring
+-          (shell-command-to-string (concat "gem which " feature-name))
++          (shell-command-to-string (concat "gem which " (shell-quote-argument feature-name)))
+           0 -1)))
+     (if (string-match-p "\\`ERROR" out)
+         (user-error "%s" out)
+-- 
+2.36.1
+

emacs.spec

@@ -31,6 +31,7 @@ Patch4:        emacs-ctags-local-command-execute-vulnerability.patch
 Patch5:        emacs-64KB-page-size-for-pdump.patch
 Patch6:        emacs-etags-local-command-injection-vulnerability.patch
 Patch7:        emacs-htmlfontify-command-injection-vulnerability.patch
+Patch8:        emacs-ruby-mode-local-command-injection-vulnerability.patch
 BuildRequires: gcc
 BuildRequires: atk-devel
 BuildRequires: cairo-devel
@@ -197,6 +198,7 @@ Development header files for Emacs.
 %patch5 -p1 -b .64KB-page-size-for-pdump
 %patch6 -p1 -b .etags-local-command-injection-vulnerability
 %patch7 -p1 -b .htmlfontify-command-injection-vulnerability
+%patch8 -p1 -b .ruby-mode-local-command-injection-vulnerability
 autoconf
 
 # We prefer our emacs.desktop file