$OpenBSD: patch-lib_rubygems_remote_fetcher_rb,v 1.1 2015/06/29 18:55:03 jeremy Exp $

Add fixes for CVE-2015-3900 and CVE-2015-4020.

--- lib/rubygems/remote_fetcher.rb.orig	Mon Jun 29 08:16:00 2015
+++ lib/rubygems/remote_fetcher.rb	Mon Jun 29 08:16:29 2015
@@ -90,7 +90,13 @@ class Gem::RemoteFetcher
     rescue Resolv::ResolvError
       uri
     else
-      URI.parse "#{uri.scheme}://#{res.target}#{uri.path}"
+      target = res.target.to_s.strip
+
+      if /\.#{Regexp.quote(host)}\z/ =~ target
+        return URI.parse "#{uri.scheme}://#{target}#{uri.path}"
+      end
+
+      uri
     end
   end
 
