$OpenBSD: patch-lib_rubygems_remote_fetcher_rb,v 1.1 2015/06/29 18:55:03 jeremy Exp $

Add fixes for CVE-2015-3900 and CVE-2015-4020.

--- lib/rubygems/remote_fetcher.rb.orig	Sun Nov 16 19:55:02 2014
+++ lib/rubygems/remote_fetcher.rb	Mon Jun 29 08:19:28 2015
@@ -94,7 +94,13 @@ class Gem::RemoteFetcher
     rescue Resolv::ResolvError
       uri
     else
-      URI.parse "#{uri.scheme}://#{res.target}#{uri.path}"
+      target = res.target.to_s.strip
+
+      if /\.#{Regexp.quote(host)}\z/ =~ target
+        return URI.parse "#{uri.scheme}://#{target}#{uri.path}"
+      end
+
+      uri
     end
   end
 
