diff --git a/emacs-ruby-mode-local-command-injection-vulnerability.patch b/emacs-ruby-mode-local-command-injection-vulnerability.patch new file mode 100644 index 0000000..38c219d --- /dev/null +++ b/emacs-ruby-mode-local-command-injection-vulnerability.patch @@ -0,0 +1,28 @@ +From 9a3b08061feea14d6f37685ca1ab8801758bfd1c Mon Sep 17 00:00:00 2001 +From: Xi Lu +Date: Fri, 23 Dec 2022 12:52:48 +0800 +Subject: [PATCH] Fix ruby-mode.el local command injection vulnerability + (bug#60268) + +* lisp/progmodes/ruby-mode.el +(ruby-find-library-file): Fix local command injection vulnerability. +--- + lisp/progmodes/ruby-mode.el | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lisp/progmodes/ruby-mode.el b/lisp/progmodes/ruby-mode.el +index 1f3e9b6ae7b..a4aa61905e4 100644 +--- a/lisp/progmodes/ruby-mode.el ++++ b/lisp/progmodes/ruby-mode.el +@@ -1820,7 +1820,7 @@ ruby-find-library-file + (setq feature-name (read-string "Feature name: " init)))) + (let ((out + (substring +- (shell-command-to-string (concat "gem which " feature-name)) ++ (shell-command-to-string (concat "gem which " (shell-quote-argument feature-name))) + 0 -1))) + (if (string-match-p "\\`ERROR" out) + (user-error "%s" out) +-- +2.36.1 + diff --git a/emacs.spec b/emacs.spec index 36eebd7..7076b7d 100644 --- a/emacs.spec +++ b/emacs.spec @@ -31,6 +31,7 @@ Patch4: emacs-ctags-local-command-execute-vulnerability.patch Patch5: emacs-64KB-page-size-for-pdump.patch Patch6: emacs-etags-local-command-injection-vulnerability.patch Patch7: emacs-htmlfontify-command-injection-vulnerability.patch +Patch8: emacs-ruby-mode-local-command-injection-vulnerability.patch BuildRequires: gcc BuildRequires: atk-devel BuildRequires: cairo-devel @@ -197,6 +198,7 @@ Development header files for Emacs. %patch5 -p1 -b .64KB-page-size-for-pdump %patch6 -p1 -b .etags-local-command-injection-vulnerability %patch7 -p1 -b .htmlfontify-command-injection-vulnerability +%patch8 -p1 -b .ruby-mode-local-command-injection-vulnerability autoconf # We prefer our emacs.desktop file