test/spec_builder.rb | 1 1 + 0 - 0 !
test/spec_thin.rb | 7 7 + 0 - 0 !
2 files changed, 8 insertions(+)

 skip random failure.

test/spec_server.rb | 8 4 + 4 - 0 !
test/spec_thin.rb | 4 2 + 2 - 0 !
test/spec_webrick.rb | 6 3 + 3 - 0 !
3 files changed, 9 insertions(+), 9 deletions(-)

 make tests pass on hosts that have no ipv4 connectivity

This is a backport of the patch sent upstream.

test/spec_directory.rb | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 skip unreadable directories test
 this test failed on reprotest due to reprotest run as root.
 see: https://salsa.debian.org/salsa-ci-team/pipeline/-/issues/160

lib/rack/media_type.rb | 13 9 + 4 - 0 !
1 file changed, 9 insertions(+), 4 deletions(-)

 avoid 2nd degree polynomial regexp in mediatype

lib/rack/utils.rb | 3 3 + 0 - 0 !
test/spec_utils.rb | 4 4 + 0 - 0 !
2 files changed, 7 insertions(+)

 return an empty array when ranges are too large

If the sum of the requested ranges is larger than the file itself,
return an empty array. In other words, refuse to respond with any bytes.

[CVE-2024-26141]

lib/rack/utils.rb | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 fixing redos in header parsing

Thanks svalkanov

[CVE-2024-26146]