I'm trying to update oldstable's librack-ruby to fix security issues.
I've cherry-picked upstream changes, but I'm not confident about my changes.
Would you review attached debdiff?
This package seems not to be tested by rspec (because squeeze
doesn't have test-spec package which needed by it), so I only tested
against where I've changed...
# pbuilder --login --basetgz squeeze.tgz
# ...
# gem install rspec -v 1.3.2 (not using packaged version)
# specrb -I ./lib test/rack_spec_utils.rb
Notes:
CVE-2013-0183:
The squeeze version's code is different from which I assumed when writing forwarded mail.
So I try to hand-port original code and spec.
I've confirmed that at least the spec I added doesn't report error.
regards,
--
KURASHIKI Satoru