diff options
Diffstat (limited to 'lang/ruby21-base/patches/patch-lib_rubygems_remote__fetcher.rb')
-rw-r--r-- | lang/ruby21-base/patches/patch-lib_rubygems_remote__fetcher.rb | 21 |
1 files changed, 0 insertions, 21 deletions
diff --git a/lang/ruby21-base/patches/patch-lib_rubygems_remote__fetcher.rb b/lang/ruby21-base/patches/patch-lib_rubygems_remote__fetcher.rb deleted file mode 100644 index 8511d602784..00000000000 --- a/lang/ruby21-base/patches/patch-lib_rubygems_remote__fetcher.rb +++ /dev/null @@ -1,21 +0,0 @@ -$NetBSD: patch-lib_rubygems_remote__fetcher.rb,v 1.1 2015/06/23 14:04:03 taca Exp $ - -Fix for CVE-2015-3900. - ---- lib/rubygems/remote_fetcher.rb.orig 2014-02-06 02:59:36.000000000 +0000 -+++ lib/rubygems/remote_fetcher.rb -@@ -90,7 +90,13 @@ class Gem::RemoteFetcher - rescue Resolv::ResolvError - uri - else -- URI.parse "#{uri.scheme}://#{res.target}#{uri.path}" -+ target = res.target.to_s.strip -+ -+ if /\.#{Regexp.quote(host)}\z/ =~ target -+ return URI.parse "#{uri.scheme}://#{target}#{uri.path}" -+ end -+ -+ uri - end - end - |