diff -Nru rubygems-1.8.15/debian/changelog rubygems-1.8.15/debian/changelog
--- rubygems-1.8.15/debian/changelog	2012-01-21 07:14:31.000000000 +0000
+++ rubygems-1.8.15/debian/changelog	2012-09-19 07:25:22.000000000 +0000
@@ -1,3 +1,16 @@
+rubygems (1.8.15-1ubuntu0.1) precise-security; urgency=low
+
+  * SECURITY UPDATE: Add proper handling of SSL connections
+    - debian/patches/CVE-2012-2125-2126.patch: Perform certificate
+      verification and disallow HTTP->HTTPS redirection. Based on upstream
+      patch.
+    - CVE-2012-2125
+    - CVE-2012-2126
+  * debian/control: Add ca-certificates to rubygems depends for certificate 
+    verification
+
+ -- Tyler Hicks <tyhicks@canonical.com>  Wed, 19 Sep 2012 00:25:16 -0700
+
 rubygems (1.8.15-1) unstable; urgency=low
 
   * New upstream release.
diff -Nru rubygems-1.8.15/debian/control rubygems-1.8.15/debian/control
--- rubygems-1.8.15/debian/control	2012-01-21 07:14:31.000000000 +0000
+++ rubygems-1.8.15/debian/control	2012-09-19 07:23:37.000000000 +0000
@@ -1,7 +1,8 @@
 Source: rubygems
 Section: ruby
 Priority: optional
-Maintainer: Daigo Moriwaki <daigo@debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Daigo Moriwaki <daigo@debian.org>
 Uploaders: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>, Lucas Nussbaum <lucas@debian.org>
 DM-Upload-Allowed: yes
 Build-Depends: debhelper (>= 7.0.50~), gem2deb (>= 0.2.2), rake, ruby-minitest, netbase
@@ -14,7 +15,7 @@
 Package: rubygems
 Architecture: all
 XB-Ruby-Versions: ${ruby:Versions}
-Depends: ${misc:Depends}, ruby1.8
+Depends: ${misc:Depends}, ruby1.8, ca-certificates
 Recommends: ruby1.8-dev, build-essential
 Replaces: rubygems1.8 (<< 1.7.2-1~), rubygems-doc (<< 1.7.2-1~)
 Conflicts: rubygems1.8 (<< 1.7.2-1~), rubygems-doc (<< 1.7.2-1~)
diff -Nru rubygems-1.8.15/debian/patches/CVE-2012-2125-2126.patch rubygems-1.8.15/debian/patches/CVE-2012-2125-2126.patch
--- rubygems-1.8.15/debian/patches/CVE-2012-2125-2126.patch	1970-01-01 00:00:00.000000000 +0000
+++ rubygems-1.8.15/debian/patches/CVE-2012-2125-2126.patch	2012-09-19 06:41:57.000000000 +0000
@@ -0,0 +1,402 @@
+Description: Perform SSL cert validation and disallow HTTPS->HTTP redirection
+ This patch is slightly different than the upstream patch because it strips out
+ all of the certificates bundled in upstream rubygems in favor of what is
+ provided by the distribution's ca-certificates package.
+Forwarded: not-needed
+Origin: backport, https://github.com/rubygems/rubygems/commit/d4c7eafb8efe1e13a7abf5be5a5b4548870b15b7
+Index: rubygems-1.8.15/lib/rubygems/config_file.rb
+===================================================================
+--- rubygems-1.8.15.orig/lib/rubygems/config_file.rb	2012-09-18 23:36:47.313043421 -0700
++++ rubygems-1.8.15/lib/rubygems/config_file.rb	2012-09-18 23:40:02.897048069 -0700
+@@ -129,6 +129,16 @@
+   attr_reader :api_keys
+ 
+   ##
++  # openssl verify mode value, used for remote https connection
++
++  attr_reader :ssl_verify_mode
++
++  ##
++  # Path name of directory or file of openssl CA certificate, used for remote https connection
++
++  attr_reader :ssl_ca_cert
++
++  ##
+   # Create the config file object.  +args+ is the list of arguments
+   # from the command line.
+   #
+@@ -190,6 +200,8 @@
+     @path             = @hash[:gempath]          if @hash.key? :gempath
+     @update_sources   = @hash[:update_sources]   if @hash.key? :update_sources
+     @verbose          = @hash[:verbose]          if @hash.key? :verbose
++    @ssl_verify_mode  = @hash[:ssl_verify_mode]  if @hash.key? :ssl_verify_mode
++    @ssl_ca_cert      = @hash[:ssl_ca_cert]      if @hash.key? :ssl_ca_cert
+ 
+     load_api_keys
+ 
+Index: rubygems-1.8.15/lib/rubygems/remote_fetcher.rb
+===================================================================
+--- rubygems-1.8.15.orig/lib/rubygems/remote_fetcher.rb	2012-09-18 23:36:47.313043421 -0700
++++ rubygems-1.8.15/lib/rubygems/remote_fetcher.rb	2012-09-18 23:41:54.653050726 -0700
+@@ -8,6 +8,8 @@
+ 
+ class Gem::RemoteFetcher
+ 
++  BuiltinSSLCerts = "/etc/ssl/certs/ca-certificates.crt"
++
+   include Gem::UserInteraction
+ 
+   ##
+@@ -210,6 +212,11 @@
+       raise FetchError.new('too many redirects', uri) if depth > 10
+ 
+       location = URI.parse response['Location']
++
++      if https?(uri) && !https?(location)
++        raise FetchError.new("redirecting to non-https resource: #{location}", uri)
++      end
++
+       fetch_http(location, last_modified, head, depth + 1)
+     else
+       raise FetchError.new("bad response #{response.message} #{response.code}", uri)
+@@ -312,19 +319,46 @@
+     @connections[connection_id] ||= Net::HTTP.new(*net_http_args)
+     connection = @connections[connection_id]
+ 
+-    if uri.scheme == 'https' and not connection.started? then
+-      require 'net/https'
+-      connection.use_ssl = true
+-      connection.verify_mode = OpenSSL::SSL::VERIFY_NONE
++    if https?(uri) and !connection.started? then
++      configure_connection_for_https(connection)
+     end
+ 
+     connection.start unless connection.started?
+ 
+     connection
+-  rescue Errno::EHOSTDOWN => e
++  rescue OpenSSL::SSL::SSLError, Errno::EHOSTDOWN => e
+     raise FetchError.new(e.message, uri)
+   end
+ 
++  def configure_connection_for_https(connection)
++    require 'net/https'
++
++    connection.use_ssl = true
++    connection.verify_mode =
++      Gem.configuration.ssl_verify_mode || OpenSSL::SSL::VERIFY_PEER
++
++    store = OpenSSL::X509::Store.new
++
++    if Gem.configuration.ssl_ca_cert
++      if File.directory? Gem.configuration.ssl_ca_cert
++        store.add_path Gem.configuration.ssl_ca_cert
++      else
++        store.add_file Gem.configuration.ssl_ca_cert
++      end
++    else
++      store.set_default_paths
++      add_rubygems_trusted_certs(store)
++    end
++
++    connection.cert_store = store
++  end
++
++  def add_rubygems_trusted_certs(store)
++    if File.file? BuiltinSSLCerts
++      store.add_file BuiltinSSLCerts
++    end
++  end
++
+   def correct_for_windows_path(path)
+     if path[0].chr == '/' && path[1].chr =~ /[a-z]/i && path[2].chr == ':'
+       path = path[1..-1]
+@@ -465,5 +499,9 @@
+     ua
+   end
+ 
++  def https?(uri)
++    uri.scheme.downcase == 'https'
++  end
++
+ end
+ 
+Index: rubygems-1.8.15/test/rubygems/ca_cert.pem
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ rubygems-1.8.15/test/rubygems/ca_cert.pem	2012-09-18 23:40:02.897048069 -0700
+@@ -0,0 +1,45 @@
++-----BEGIN CERTIFICATE-----
++MIID0DCCArigAwIBAgIBADANBgkqhkiG9w0BAQUFADA8MQswCQYDVQQGDAJKUDES
++MBAGA1UECgwJSklOLkdSLkpQMQwwCgYDVQQLDANSUlIxCzAJBgNVBAMMAkNBMB4X
++DTA0MDEzMDAwNDIzMloXDTM2MDEyMjAwNDIzMlowPDELMAkGA1UEBgwCSlAxEjAQ
++BgNVBAoMCUpJTi5HUi5KUDEMMAoGA1UECwwDUlJSMQswCQYDVQQDDAJDQTCCASIw
++DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANbv0x42BTKFEQOE+KJ2XmiSdZpR
++wjzQLAkPLRnLB98tlzs4xo+y4RyY/rd5TT9UzBJTIhP8CJi5GbS1oXEerQXB3P0d
++L5oSSMwGGyuIzgZe5+vZ1kgzQxMEKMMKlzA73rbMd4Jx3u5+jdbP0EDrPYfXSvLY
++bS04n2aX7zrN3x5KdDrNBfwBio2/qeaaj4+9OxnwRvYP3WOvqdW0h329eMfHw0pi
++JI0drIVdsEqClUV4pebT/F+CPUPkEh/weySgo9wANockkYu5ujw2GbLFcO5LXxxm
++dEfcVr3r6t6zOA4bJwL0W/e6LBcrwiG/qPDFErhwtgTLYf6Er67SzLyA66UCAwEA
++AaOB3DCB2TAPBgNVHRMBAf8EBTADAQH/MDEGCWCGSAGG+EIBDQQkFiJSdWJ5L09w
++ZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRJ7Xd380KzBV7f
++USKIQ+O/vKbhDzAOBgNVHQ8BAf8EBAMCAQYwZAYDVR0jBF0wW4AUSe13d/NCswVe
++31EiiEPjv7ym4Q+hQKQ+MDwxCzAJBgNVBAYMAkpQMRIwEAYDVQQKDAlKSU4uR1Iu
++SlAxDDAKBgNVBAsMA1JSUjELMAkGA1UEAwwCQ0GCAQAwDQYJKoZIhvcNAQEFBQAD
++ggEBAIu/mfiez5XN5tn2jScgShPgHEFJBR0BTJBZF6xCk0jyqNx/g9HMj2ELCuK+
++r/Y7KFW5c5M3AQ+xWW0ZSc4kvzyTcV7yTVIwj2jZ9ddYMN3nupZFgBK1GB4Y05GY
++MJJFRkSu6d/Ph5ypzBVw2YMT/nsOo5VwMUGLgS7YVjU+u/HNWz80J3oO17mNZllj
++PvORJcnjwlroDnS58KoJ7GDgejv3ESWADvX1OHLE4cRkiQGeLoEU4pxdCxXRqX0U
++PbwIkZN9mXVcrmPHq8MWi4eC/V7hnbZETMHuWhUoiNdOEfsAXr3iP4KjyyRdwc7a
++d/xgcK06UVQRL/HbEYGiQL056mc=
++-----END CERTIFICATE-----
++
++-----BEGIN CERTIFICATE-----
++MIIDaDCCAlCgAwIBAgIBATANBgkqhkiG9w0BAQUFADA8MQswCQYDVQQGDAJKUDES
++MBAGA1UECgwJSklOLkdSLkpQMQwwCgYDVQQLDANSUlIxCzAJBgNVBAMMAkNBMB4X
++DTA0MDEzMDAwNDMyN1oXDTM1MDEyMjAwNDMyN1owPzELMAkGA1UEBgwCSlAxEjAQ
++BgNVBAoMCUpJTi5HUi5KUDEMMAoGA1UECwwDUlJSMQ4wDAYDVQQDDAVTdWJDQTCC
++ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ0Ou7AyRcRXnB/kVHv/6kwe
++ANzgg/DyJfsAUqW90m7Lu1nqyug8gK0RBd77yU0w5HOAMHTVSdpjZK0g2sgx4Mb1
++d/213eL9TTl5MRVEChTvQr8q5DVG/8fxPPE7fMI8eOAzd98/NOAChk+80r4Sx7fC
++kGVEE1bKwY1MrUsUNjOY2d6t3M4HHV3HX1V8ShuKfsHxgCmLzdI8U+5CnQedFgkm
++3e+8tr8IX5RR1wA1Ifw9VadF7OdI/bGMzog/Q8XCLf+WPFjnK7Gcx6JFtzF6Gi4x
++4dp1Xl45JYiVvi9zQ132wu8A1pDHhiNgQviyzbP+UjcB/tsOpzBQF8abYzgEkWEC
++AwEAAaNyMHAwDwYDVR0TAQH/BAUwAwEB/zAxBglghkgBhvhCAQ0EJBYiUnVieS9P
++cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUlCjXWLsReYzH
++LzsxwVnCXmKoB/owCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCJ/OyN
++rT8Cq2Y+G2yA/L1EMRvvxwFBqxavqaqHl/6rwsIBFlB3zbqGA/0oec6MAVnYynq4
++c4AcHTjx3bQ/S4r2sNTZq0DH4SYbQzIobx/YW8PjQUJt8KQdKMcwwi7arHP7A/Ha
++LKu8eIC2nsUBnP4NhkYSGhbmpJK+PFD0FVtD0ZIRlY/wsnaZNjWWcnWF1/FNuQ4H
++ySjIblqVQkPuzebv3Ror6ZnVDukn96Mg7kP4u6zgxOeqlJGRe1M949SS9Vudjl8X
++SF4aZUUB9pQGhsqQJVqaz2OlhGOp9D0q54xko/rekjAIcuDjl1mdX4F2WRrzpUmZ
++uY/bPeOBYiVsOYVe
++-----END CERTIFICATE-----
+Index: rubygems-1.8.15/test/rubygems/ssl_cert.pem
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ rubygems-1.8.15/test/rubygems/ssl_cert.pem	2012-09-18 23:40:02.897048069 -0700
+@@ -0,0 +1,19 @@
++-----BEGIN CERTIFICATE-----
++MIIC/zCCAeegAwIBAgIBATANBgkqhkiG9w0BAQUFADA/MQswCQYDVQQGDAJKUDES
++MBAGA1UECgwJSklOLkdSLkpQMQwwCgYDVQQLDANSUlIxDjAMBgNVBAMMBVN1YkNB
++MB4XDTA0MDEzMTAzMTMxNloXDTMzMDEyMzAzMTMxNlowQzELMAkGA1UEBgwCSlAx
++EjAQBgNVBAoMCUpJTi5HUi5KUDEMMAoGA1UECwwDUlJSMRIwEAYDVQQDDAlsb2Nh
++bGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANFJTxWqup3nV9dsJAku
++p+WaXnPNIzcpAA3qMGZDJTJsfa8Du7ZxTP0XJK5mETttBrn711cJxAuP3KjqnW9S
++vtZ9lY2sXJ6Zj62sN5LwG3VVe25dI28yR1EsbHjJ5Zjf9tmggMC6am52dxuHbt5/
++vHo4ngJuKE/U+eeGRivMn6gFAgMBAAGjgYUwgYIwDAYDVR0TAQH/BAIwADAxBglg
++hkgBhvhCAQ0EJBYiUnVieS9PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
++BgNVHQ4EFgQUpZIyygD9JxFYHHOTEuWOLbCKfckwCwYDVR0PBAQDAgWgMBMGA1Ud
++JQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4IBAQBwAIj5SaBHaA5X31IP
++CFCJiep96awfp7RANO0cuUj+ZpGoFn9d6FXY0g+Eg5wAkCNIzZU5NHN9xsdOpnUo
++zIBbyTfQEPrge1CMWMvL6uGaoEXytq84VTitF/xBTky4KtTn6+es4/e7jrrzeUXQ
++RC46gkHObmDT91RkOEGjHLyld2328jo3DIN/VTHIryDeVHDWjY5dENwpwdkhhm60
++DR9IrNBbXWEe9emtguNXeN0iu1ux0lG1Hc6pWGQxMlRKNvGh0yZB9u5EVe38tOV0
++jQaoNyL7qzcQoXD3Dmbi1p0iRmg/+HngISsz8K7k7MBNVsSclztwgCzTZOBiVtkM
++rRlQ
++-----END CERTIFICATE-----
+Index: rubygems-1.8.15/test/rubygems/ssl_key.pem
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ rubygems-1.8.15/test/rubygems/ssl_key.pem	2012-09-18 23:40:02.901048069 -0700
+@@ -0,0 +1,15 @@
++-----BEGIN RSA PRIVATE KEY-----
++MIICXQIBAAKBgQDRSU8Vqrqd51fXbCQJLqflml5zzSM3KQAN6jBmQyUybH2vA7u2
++cUz9FySuZhE7bQa5+9dXCcQLj9yo6p1vUr7WfZWNrFyemY+trDeS8Bt1VXtuXSNv
++MkdRLGx4yeWY3/bZoIDAumpudncbh27ef7x6OJ4CbihP1PnnhkYrzJ+oBQIDAQAB
++AoGBAIf4CstW2ltQO7+XYGoex7Hh8s9lTSW/G2vu5Hbr1LTHy3fzAvdq8MvVR12O
++rk9fa+lU9vhzPc0NMB0GIDZ9GcHuhW5hD1Wg9OSCbTOkZDoH3CAFqonjh4Qfwv5W
++IPAFn9KHukdqGXkwEMdErsUaPTy9A1V/aROVEaAY+HJgq/eZAkEA/BP1QMV04WEZ
++Oynzz7/lLizJGGxp2AOvEVtqMoycA/Qk+zdKP8ufE0wbmCE3Qd6GoynavsHb6aGK
++gQobb8zDZwJBANSK6MrXlrZTtEaeZuyOB4mAmRzGzOUVkUyULUjEx2GDT93ujAma
++qm/2d3E+wXAkNSeRpjUmlQXy/2oSqnGvYbMCQQDRM+cYyEcGPUVpWpnj0shrF/QU
++9vSot/X1G775EMTyaw6+BtbyNxVgOIu2J+rqGbn3c+b85XqTXOPL0A2RLYkFAkAm
++syhSDtE9X55aoWsCNZY/vi+i4rvaFoQ/WleogVQAeGVpdo7/DK9t9YWoFBIqth0L
++mGSYFu9ZhvZkvQNV8eYrAkBJ+rOIaLDsmbrgkeDruH+B/9yrm4McDtQ/rgnOGYnH
++LjLpLLOrgUxqpzLWe++EwSLwK2//dHO+SPsQJ4xsyQJy
++-----END RSA PRIVATE KEY-----
+Index: rubygems-1.8.15/test/rubygems/test_gem_config_file.rb
+===================================================================
+--- rubygems-1.8.15.orig/test/rubygems/test_gem_config_file.rb	2012-09-18 23:36:47.313043421 -0700
++++ rubygems-1.8.15/test/rubygems/test_gem_config_file.rb	2012-09-18 23:40:02.901048069 -0700
+@@ -52,6 +52,8 @@
+       fp.puts ":gempath:"
+       fp.puts "- /usr/ruby/1.8/lib/ruby/gems/1.8"
+       fp.puts "- /var/ruby/1.8/gem_home"
++      fp.puts ":ssl_verify_mode: 0"
++      fp.puts ":ssl_ca_cert: /etc/ssl/certs"
+     end
+ 
+     util_config_file
+@@ -65,6 +67,8 @@
+     assert_equal '--wrappers', @cfg[:install]
+     assert_equal(['/usr/ruby/1.8/lib/ruby/gems/1.8', '/var/ruby/1.8/gem_home'],
+                  @cfg.path)
++    assert_equal 0, @cfg.ssl_verify_mode
++    assert_equal '/etc/ssl/certs', @cfg.ssl_ca_cert
+   end
+ 
+   def test_initialize_handle_arguments_config_file
+@@ -291,6 +295,22 @@
+                   :other => 'a5fdbb6ba150cbb83aad2bb2fede64c'}, @cfg.api_keys)
+   end
+ 
++  def test_load_ssl_verify_mode_from_config
++    File.open @temp_conf, 'w' do |fp|
++      fp.puts ":ssl_verify_mode: 1"
++    end
++    util_config_file
++    assert_equal(1, @cfg.ssl_verify_mode)
++  end
++
++  def test_load_ssl_ca_cert_from_config
++    File.open @temp_conf, 'w' do |fp|
++      fp.puts ":ssl_ca_cert: /home/me/certs"
++    end
++    util_config_file
++    assert_equal('/home/me/certs', @cfg.ssl_ca_cert)
++  end
++
+   def util_config_file(args = @cfg_args)
+     @cfg = Gem::ConfigFile.new args
+   end
+Index: rubygems-1.8.15/test/rubygems/test_gem_remote_fetcher.rb
+===================================================================
+--- rubygems-1.8.15.orig/test/rubygems/test_gem_remote_fetcher.rb	2012-09-18 23:36:47.313043421 -0700
++++ rubygems-1.8.15/test/rubygems/test_gem_remote_fetcher.rb	2012-09-18 23:40:02.901048069 -0700
+@@ -1,6 +1,7 @@
+ require 'rubygems/test_case'
+ require 'ostruct'
+ require 'webrick'
++require 'webrick/https'
+ require 'rubygems/remote_fetcher'
+ require 'rubygems/format'
+ 
+@@ -73,6 +74,8 @@
+   PROXY_PORT = process_based_port + 100 + $1.to_i * 100 + $2.to_i * 10 + $3.to_i
+   SERVER_PORT = process_based_port + 200 + $1.to_i * 100 + $2.to_i * 10 + $3.to_i
+ 
++  DIR = File.expand_path(File.dirname(__FILE__))
++
+   def setup
+     super
+     self.class.start_servers
+@@ -740,6 +743,53 @@
+     end
+   end
+ 
++  def test_ssl_connection
++    ssl_server = self.class.start_ssl_server
++    temp_ca_cert = File.join(DIR, 'ca_cert.pem')
++    with_configured_fetcher(":ssl_ca_cert: #{temp_ca_cert}") do |fetcher|
++      fetcher.fetch_path("https://localhost:#{ssl_server.config[:Port]}/yaml")
++    end
++  end
++
++  def test_do_not_allow_insecure_ssl_connection_by_default
++    ssl_server = self.class.start_ssl_server
++    with_configured_fetcher do |fetcher|
++      assert_raises Gem::RemoteFetcher::FetchError do
++        fetcher.fetch_path("https://localhost:#{ssl_server.config[:Port]}/yaml")
++      end
++    end
++  end
++
++  def test_ssl_connection_allow_verify_none
++    ssl_server = self.class.start_ssl_server
++    with_configured_fetcher(":ssl_verify_mode: 0") do |fetcher|
++      fetcher.fetch_path("https://localhost:#{ssl_server.config[:Port]}/yaml")
++    end
++  end
++
++  def test_do_not_follow_insecure_redirect
++    ssl_server = self.class.start_ssl_server
++    temp_ca_cert = File.join(DIR, 'ca_cert.pem'),
++    with_configured_fetcher(":ssl_ca_cert: #{temp_ca_cert}") do |fetcher|
++      assert_raises Gem::RemoteFetcher::FetchError do
++        fetcher.fetch_path("https://localhost:#{ssl_server.config[:Port]}/insecure_redirect?to=#{@server_uri}")
++      end
++    end
++  end
++
++  def with_configured_fetcher(config_str = nil, &block)
++    if config_str
++      temp_conf = File.join @tempdir, '.gemrc'
++      File.open temp_conf, 'w' do |fp|
++        fp.puts config_str
++      end
++      Gem.configuration = Gem::ConfigFile.new %W[--config-file #{temp_conf}]
++    end
++    yield Gem::RemoteFetcher.new
++  ensure
++    Gem.configuration = nil
++  end
++
+   def util_stub_connection_for hash
+     def @fetcher.connection= conn
+       @conn = conn
+@@ -802,6 +852,49 @@
+       @enable_zip = false
+     end
+ 
++    DIR = File.expand_path(File.dirname(__FILE__))
++    DH_PARAM = OpenSSL::PKey::DH.new(128)
++
++    def start_ssl_server(config = {})
++      null_logger = NilLog.new
++      server = WEBrick::HTTPServer.new({
++        :Port => 0,
++        :Logger => null_logger,
++        :AccessLog => [],
++        :SSLEnable => true,
++        :SSLCACertificateFile => File.join(DIR, 'ca_cert.pem'),
++        :SSLCertificate => cert('ssl_cert.pem'),
++        :SSLPrivateKey => key('ssl_key.pem'),
++        :SSLVerifyClient => nil,
++        :SSLCertName => nil
++      }.merge(config))
++      server.mount_proc("/yaml") { |req, res|
++        res.body = "--- true\n"
++      }
++      server.mount_proc("/insecure_redirect") { |req, res|
++        res.set_redirect(WEBrick::HTTPStatus::MovedPermanently, req.query['to'])
++      }
++      server.ssl_context.tmp_dh_callback = proc { DH_PARAM }
++      t = Thread.new do
++        begin
++          server.start
++        rescue Exception => ex
++          abort ex.message
++          puts "ERROR during server thread: #{ex.message}"
++        end
++      end
++      while server.status != :Running
++        sleep 0.1
++        unless t.alive?
++          t.join
++          raise
++        end
++      end
++      server
++    end
++
++
++
+     private
+ 
+     def start_server(port, data)
+@@ -844,6 +937,14 @@
+       end
+       sleep 0.2                 # Give the servers time to startup
+     end
++
++    def cert(filename)
++      OpenSSL::X509::Certificate.new(File.read(File.join(DIR, filename)))
++    end
++
++    def key(filename)
++      OpenSSL::PKey::RSA.new(File.read(File.join(DIR, filename)))
++    end
+   end
+ 
+   def test_correct_for_windows_path
diff -Nru rubygems-1.8.15/debian/patches/series rubygems-1.8.15/debian/patches/series
--- rubygems-1.8.15/debian/patches/series	2012-01-21 07:14:31.000000000 +0000
+++ rubygems-1.8.15/debian/patches/series	2012-09-18 06:07:21.000000000 +0000
@@ -3,3 +3,4 @@
 disable-failing-tests.diff
 disable-tests-failing-as-root.diff
 fix-shebang.diff
+CVE-2012-2125-2126.patch