Description: Prevent symlink path traversals
 rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5
 allows attackers to access arbitrary files outside the intended root
 directory via a crafted PATH_INFO environment variable, probably a directory
 traversal vulnerability that is remotely exploitable, aka "symlink path traversals."

Origin: upstream, https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30
Bug: https://security-tracker.debian.org/tracker/CVE-2013-0262
Bug-Debian: http://bugs.debian.org/700173

Index: ruby-rack/lib/rack/file.rb
===================================================================
--- ruby-rack.orig/lib/rack/file.rb	2013-02-20 21:36:40.000000000 +0900
+++ ruby-rack/lib/rack/file.rb	2013-02-20 21:39:58.265999186 +0900
@@ -40,19 +40,14 @@
       @path_info = Utils.unescape(env["PATH_INFO"])
       parts = @path_info.split SEPS
 
-      parts.inject(0) do |depth, part|
-        case part
-        when '', '.'
-          depth
-        when '..'
-          return fail(404, "Not Found") if depth - 1 < 0
-          depth - 1
-        else
-          depth + 1
-        end
+      clean = []
+
+      parts.each do |part|
+        next if part.empty? || part == '.'
+        part == '..' ? clean.pop : clean << part
       end
 
-      @path = F.join(@root, *parts)
+      @path = F.join(@root, *clean)
 
       available = begin
         F.file?(@path) && F.readable?(@path)