rack 1.1.2 → 1.1.3

data/README

@@ -317,6 +317,10 @@ run on port 11211) and memcache-client installed.
   * Security fix in Rack::Auth::Digest::MD5: when authenticator
     returned nil, permission was granted on empty password.
 
+* December 28th, 2011: Twenty first public release: 1.1.3.
+  * Security fix. http://www.ocert.org/advisories/ocert-2011-003.html
+    Further information here: http://jruby.org/2011/12/27/jruby-1-6-5-1
+
 == Contact
 
 Please post bugs, suggestions and patches to

data/lib/rack.rb

@@ -20,7 +20,7 @@ module Rack
 
   # Return the Rack release as a dotted string.
   def self.release
-    "1.1.2"
+    "1.1.3"
   end
 
   autoload :Builder, "rack/builder"

data/lib/rack/utils.rb

@@ -28,6 +28,14 @@ module Rack
 
     DEFAULT_SEP = /[&;] */n
 
+    class << self
+      attr_accessor :key_space_limit
+    end
+
+    # The default number of bytes to allow parameter keys to take up.
+    # This helps prevent a rogue client from flooding a Request.
+    self.key_space_limit = 65536
+
     # Stolen from Mongrel, with some small modifications:
     # Parses a query string by breaking it up at the '&'
     # and ';' characters.  You can also use this to parse
@@ -36,8 +44,19 @@ module Rack
     def parse_query(qs, d = nil)
       params = {}
 
+      max_key_space = Utils.key_space_limit
+      bytes = 0
+
       (qs || '').split(d ? /[#{d}] */n : DEFAULT_SEP).each do |p|
         k, v = p.split('=', 2).map { |x| unescape(x) }
+
+        if k
+          bytes += k.size
+          if bytes > max_key_space
+            raise RangeError, "exceeded available parameter key space"
+          end
+        end
+
         if cur = params[k]
           if cur.class == Array
             params[k] << v
@@ -56,8 +75,19 @@ module Rack
     def parse_nested_query(qs, d = nil)
       params = {}
 
+      max_key_space = Utils.key_space_limit
+      bytes = 0
+
       (qs || '').split(d ? /[#{d}] */n : DEFAULT_SEP).each do |p|
         k, v = unescape(p).split('=', 2)
+
+        if k
+          bytes += k.size
+          if bytes > max_key_space
+            raise RangeError, "exceeded available parameter key space"
+          end
+        end
+
         normalize_params(params, k, v)
       end
 
@@ -174,8 +204,8 @@ module Rack
         path    = "; path="    + value[:path]   if value[:path]
         # According to RFC 2109, we need dashes here.
         # N.B.: cgi.rb uses spaces...
-        expires = "; expires=" + value[:expires].clone.gmtime.
-          strftime("%a, %d-%b-%Y %H:%M:%S GMT") if value[:expires]
+        expires = "; expires=" +
+          rfc2822(value[:expires].clone.gmtime) if value[:expires]
         secure = "; secure"  if value[:secure]
         httponly = "; HttpOnly" if value[:httponly]
         value = value[:value]
@@ -186,12 +216,12 @@ module Rack
         "#{domain}#{path}#{expires}#{secure}#{httponly}"
 
       case header["Set-Cookie"]
-      when Array
-        header["Set-Cookie"] << cookie
-      when String
-        header["Set-Cookie"] = [header["Set-Cookie"], cookie]
-      when nil
+      when nil, ''
         header["Set-Cookie"] = cookie
+      when String
+        header["Set-Cookie"] = [header["Set-Cookie"], cookie].join("\n")
+      when Array
+        header["Set-Cookie"] = (header["Set-Cookie"] + [cookie]).join("\n")
       end
 
       nil
@@ -199,14 +229,25 @@ module Rack
     module_function :set_cookie_header!
 
     def delete_cookie_header!(header, key, value = {})
-      unless Array === header["Set-Cookie"]
-        header["Set-Cookie"] = [header["Set-Cookie"]].compact
+      case header["Set-Cookie"]
+      when nil, ''
+        cookies = []
+      when String
+        cookies = header["Set-Cookie"].split("\n")
+      when Array
+        cookies = header["Set-Cookie"]
       end
 
-      header["Set-Cookie"].reject! { |cookie|
-        cookie =~ /\A#{escape(key)}=/
+      cookies.reject! { |cookie|
+        if value[:domain]
+          cookie =~ /\A#{escape(key)}=.*domain=#{value[:domain]}/
+        else
+          cookie =~ /\A#{escape(key)}=/
+        end
       }
 
+      header["Set-Cookie"] = cookies.join("\n")
+
       set_cookie_header!(header, key,
                  {:value => '', :path => nil, :domain => nil,
                    :expires => Time.at(0) }.merge(value))
@@ -215,6 +256,22 @@ module Rack
     end
     module_function :delete_cookie_header!
 
+    # Modified version of stdlib time.rb Time#rfc2822 to use '%d-%b-%Y' instead
+    # of '% %b %Y'.
+    # It assumes that the time is in GMT to comply to the RFC 2109.
+    #
+    # NOTE: I'm not sure the RFC says it requires GMT, but is ambigous enough
+    # that I'm certain someone implemented only that option.
+    # Do not use %a and %b from Time.strptime, it would use localized names for
+    # weekday and month.
+    #
+    def rfc2822(time)
+      wday = Time::RFC2822_DAY_NAME[time.wday]
+      mon = Time::RFC2822_MONTH_NAME[time.mon - 1]
+      time.strftime("#{wday}, %d-#{mon}-%Y %H:%M:%S GMT")
+    end
+    module_function :rfc2822
+
     # Return the bytesize of String; uses String#length under Ruby 1.8 and
     # String#bytesize under 1.9.
     if ''.respond_to?(:bytesize)
@@ -462,6 +519,9 @@ module Rack
 
           rx = /(?:#{EOL})?#{Regexp.quote boundary}(#{EOL}|--)/n
 
+          max_key_space = Utils.key_space_limit
+          bytes = 0
+
           loop {
             head = nil
             body = ''
@@ -476,6 +536,13 @@ module Rack
                 content_type = head[/Content-Type: (.*)#{EOL}/ni, 1]
                 name = head[/Content-Disposition:.*\s+name="?([^\";]*)"?/ni, 1] || head[/Content-ID:\s*([^#{EOL}]*)/ni, 1]
 
+                if name
+                  bytes += name.size
+                  if bytes > max_key_space
+                    raise RangeError, "exceeded available parameter key space"
+                  end
+                end
+
                 if content_type || filename
                   body = Tempfile.new("RackMultipart")
                   body.binmode  if body.respond_to?(:binmode)

data/rack.gemspec

@@ -33,7 +33,8 @@ EOF
 
   s.add_development_dependency 'test-spec'
 
-  s.add_development_dependency 'camping', '< 1.5'
+  s.add_development_dependency 'activesupport', '< 2'
+  s.add_development_dependency 'camping', '< 1.6'
   s.add_development_dependency 'fcgi'
   s.add_development_dependency 'memcache-client'
   s.add_development_dependency 'mongrel'

data/test/spec_rack_camping.rb

@@ -6,6 +6,10 @@ begin
   require 'rack/mock'
 
   $-w, w = nil, $-w               # yuck
+
+  # campings dependencies also don't pull this in anymore:
+  class Object;def meta_def m,&b;(class<<self;self;end).send:define_method,m,&b end end
+
   require 'camping'
   require 'rack/adapter/camping'
 

data/test/spec_rack_logger.rb

@@ -15,7 +15,7 @@ context "Rack::Logger" do
 
     errors = StringIO.new
     Rack::Logger.new(app).call({'rack.errors' => errors})
-    errors.string.should.match "INFO -- : Program started"
-    errors.string.should.match "WARN -- : Nothing to do"
+    errors.string.should.match "Program started"
+    errors.string.should.match "Nothing to do"
   end
 end

data/test/spec_rack_request.rb

@@ -79,6 +79,32 @@ context "Rack::Request" do
     req.params.should.equal "foo" => "bar", "quux" => "bla"
   end
 
+  specify "limit the keys from the GET query string" do
+    env = Rack::MockRequest.env_for("/?foo=bar")
+
+    old, Rack::Utils.key_space_limit = Rack::Utils.key_space_limit, 1
+    begin
+      req = Rack::Request.new(env)
+      lambda { req.GET }.should.raise(RangeError)
+    ensure
+      Rack::Utils.key_space_limit = old
+    end
+  end
+
+  specify "limit the keys from the POST form data" do
+    env = Rack::MockRequest.env_for("",
+            "REQUEST_METHOD" => 'POST',
+            :input => "foo=bar&quux=bla")
+
+    old, Rack::Utils.key_space_limit = Rack::Utils.key_space_limit, 1
+    begin
+      req = Rack::Request.new(env)
+      lambda { req.POST }.should.raise(RangeError)
+    ensure
+      Rack::Utils.key_space_limit = old
+    end
+  end
+
   specify "can parse POST data with explicit content type regardless of method" do
     req = Rack::Request.new \
       Rack::MockRequest.env_for("/",
@@ -295,6 +321,29 @@ context "Rack::Request" do
       req.media_type_params['bling'].should.equal 'bam'
   end
 
+  specify "raise RangeError if the key space is exhausted" do
+    input = <<EOF
+--AaB03x\r
+Content-Disposition: form-data; name="text"\r
+Content-Type: text/plain; charset=US-ASCII\r
+\r
+contents\r
+--AaB03x--\r
+EOF
+
+    env = Rack::MockRequest.env_for("/", 
+                      "CONTENT_TYPE" => "multipart/form-data, boundary=AaB03x",
+                      "CONTENT_LENGTH" => input.size,
+                      :input => input)
+
+    old, Rack::Utils.key_space_limit = Rack::Utils.key_space_limit, 1
+    begin
+      lambda { Rack::Utils::Multipart.parse_multipart(env) }.should.raise(RangeError)
+    ensure
+      Rack::Utils.key_space_limit = old
+    end
+  end
+
   specify "can parse multipart form data" do
     # Adapted from RFC 1867.
     input = <<EOF

data/test/spec_rack_response.rb

@@ -50,9 +50,9 @@ context "Rack::Response" do
     response.set_cookie "foo", "bar"
     response["Set-Cookie"].should.equal "foo=bar"
     response.set_cookie "foo2", "bar2"
-    response["Set-Cookie"].should.equal ["foo=bar", "foo2=bar2"]
+    response["Set-Cookie"].should.equal ["foo=bar", "foo2=bar2"].join("\n")
     response.set_cookie "foo3", "bar3"
-    response["Set-Cookie"].should.equal ["foo=bar", "foo2=bar2", "foo3=bar3"]
+    response["Set-Cookie"].should.equal ["foo=bar", "foo2=bar2", "foo3=bar3"].join("\n")
   end
 
   specify "formats the Cookie expiration date accordingly to RFC 2109" do
@@ -81,7 +81,7 @@ context "Rack::Response" do
     response.set_cookie "foo2", "bar2"
     response.delete_cookie "foo"
     response["Set-Cookie"].should.equal ["foo2=bar2",
-                                  "foo=; expires=Thu, 01-Jan-1970 00:00:00 GMT"]
+                                  "foo=; expires=Thu, 01-Jan-1970 00:00:00 GMT"].join("\n")
   end
 
   specify "can do redirects" do

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: rack
 version: !ruby/object:Gem::Version 
-  hash: 23
-  prerelease: false
+  hash: 21
+  prerelease: 
   segments: 
   - 1
   - 1
-  - 2
-  version: 1.1.2
+  - 3
+  version: 1.1.3
 platform: ruby
 authors: 
 - Christian Neukirchen
@@ -15,8 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-03-13 00:00:00 +01:00
-default_executable: 
+date: 2011-12-28 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: test-spec
@@ -33,36 +32,36 @@ dependencies:
   type: :development
   version_requirements: *id001
 - !ruby/object:Gem::Dependency 
-  name: camping
+  name: activesupport
   prerelease: false
   requirement: &id002 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - <
       - !ruby/object:Gem::Version 
-        hash: 5
+        hash: 7
         segments: 
-        - 1
-        - 5
-        version: "1.5"
+        - 2
+        version: "2"
   type: :development
   version_requirements: *id002
 - !ruby/object:Gem::Dependency 
-  name: fcgi
+  name: camping
   prerelease: false
   requirement: &id003 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
-    - - ">="
+    - - <
       - !ruby/object:Gem::Version 
         hash: 3
         segments: 
-        - 0
-        version: "0"
+        - 1
+        - 6
+        version: "1.6"
   type: :development
   version_requirements: *id003
 - !ruby/object:Gem::Dependency 
-  name: memcache-client
+  name: fcgi
   prerelease: false
   requirement: &id004 !ruby/object:Gem::Requirement 
     none: false
@@ -76,7 +75,7 @@ dependencies:
   type: :development
   version_requirements: *id004
 - !ruby/object:Gem::Dependency 
-  name: mongrel
+  name: memcache-client
   prerelease: false
   requirement: &id005 !ruby/object:Gem::Requirement 
     none: false
@@ -90,9 +89,23 @@ dependencies:
   type: :development
   version_requirements: *id005
 - !ruby/object:Gem::Dependency 
-  name: thin
+  name: mongrel
   prerelease: false
   requirement: &id006 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id006
+- !ruby/object:Gem::Dependency 
+  name: thin
+  prerelease: false
+  requirement: &id007 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - <
@@ -103,7 +116,7 @@ dependencies:
         - 2
         version: "1.2"
   type: :development
-  version_requirements: *id006
+  version_requirements: *id007
 description: |
   Rack provides minimal, modular and adaptable interface for developing
   web applications in Ruby.  By wrapping HTTP requests and responses in
@@ -125,65 +138,65 @@ extra_rdoc_files:
 files: 
 - bin/rackup
 - contrib/rack_logo.svg
-- example/protectedlobster.ru
 - example/lobster.ru
 - example/protectedlobster.rb
-- lib/rack/session/cookie.rb
-- lib/rack/session/pool.rb
-- lib/rack/session/memcache.rb
-- lib/rack/session/abstract/id.rb
-- lib/rack/response.rb
-- lib/rack/conditionalget.rb
-- lib/rack/showstatus.rb
-- lib/rack/rewindable_input.rb
-- lib/rack/sendfile.rb
-- lib/rack/urlmap.rb
-- lib/rack/chunked.rb
-- lib/rack/head.rb
-- lib/rack/runtime.rb
-- lib/rack/handler/webrick.rb
-- lib/rack/handler/thin.rb
-- lib/rack/handler/scgi.rb
-- lib/rack/handler/mongrel.rb
-- lib/rack/handler/evented_mongrel.rb
-- lib/rack/handler/swiftiplied_mongrel.rb
-- lib/rack/handler/lsws.rb
-- lib/rack/handler/fastcgi.rb
-- lib/rack/handler/cgi.rb
-- lib/rack/lock.rb
+- example/protectedlobster.ru
+- lib/rack/adapter/camping.rb
+- lib/rack/auth/abstract/handler.rb
+- lib/rack/auth/abstract/request.rb
+- lib/rack/auth/basic.rb
+- lib/rack/auth/digest/md5.rb
+- lib/rack/auth/digest/nonce.rb
+- lib/rack/auth/digest/params.rb
+- lib/rack/auth/digest/request.rb
 - lib/rack/builder.rb
-- lib/rack/handler.rb
-- lib/rack/mock.rb
-- lib/rack/static.rb
-- lib/rack/deflater.rb
+- lib/rack/cascade.rb
+- lib/rack/chunked.rb
+- lib/rack/commonlogger.rb
+- lib/rack/conditionalget.rb
+- lib/rack/config.rb
+- lib/rack/content_length.rb
 - lib/rack/content_type.rb
-- lib/rack/server.rb
+- lib/rack/deflater.rb
 - lib/rack/directory.rb
-- lib/rack/showexceptions.rb
-- lib/rack/adapter/camping.rb
+- lib/rack/etag.rb
 - lib/rack/file.rb
-- lib/rack/request.rb
+- lib/rack/handler/cgi.rb
+- lib/rack/handler/evented_mongrel.rb
+- lib/rack/handler/fastcgi.rb
+- lib/rack/handler/lsws.rb
+- lib/rack/handler/mongrel.rb
+- lib/rack/handler/scgi.rb
+- lib/rack/handler/swiftiplied_mongrel.rb
+- lib/rack/handler/thin.rb
+- lib/rack/handler/webrick.rb
+- lib/rack/handler.rb
+- lib/rack/head.rb
+- lib/rack/lint.rb
 - lib/rack/lobster.rb
-- lib/rack/commonlogger.rb
-- lib/rack/config.rb
-- lib/rack/utils.rb
-- lib/rack/etag.rb
-- lib/rack/methodoverride.rb
-- lib/rack/cascade.rb
+- lib/rack/lock.rb
 - lib/rack/logger.rb
-- lib/rack/auth/digest/request.rb
-- lib/rack/auth/digest/nonce.rb
-- lib/rack/auth/digest/params.rb
-- lib/rack/auth/digest/md5.rb
-- lib/rack/auth/basic.rb
-- lib/rack/auth/abstract/handler.rb
-- lib/rack/auth/abstract/request.rb
-- lib/rack/content_length.rb
+- lib/rack/methodoverride.rb
+- lib/rack/mime.rb
+- lib/rack/mock.rb
 - lib/rack/nulllogger.rb
-- lib/rack/lint.rb
 - lib/rack/recursive.rb
-- lib/rack/mime.rb
 - lib/rack/reloader.rb
+- lib/rack/request.rb
+- lib/rack/response.rb
+- lib/rack/rewindable_input.rb
+- lib/rack/runtime.rb
+- lib/rack/sendfile.rb
+- lib/rack/server.rb
+- lib/rack/session/abstract/id.rb
+- lib/rack/session/cookie.rb
+- lib/rack/session/memcache.rb
+- lib/rack/session/pool.rb
+- lib/rack/showexceptions.rb
+- lib/rack/showstatus.rb
+- lib/rack/static.rb
+- lib/rack/urlmap.rb
+- lib/rack/utils.rb
 - lib/rack.rb
 - COPYING
 - KNOWN-ISSUES
@@ -191,51 +204,50 @@ files:
 - RDOX
 - README
 - SPEC
-- test/spec_rack_lobster.rb
+- test/spec_rack_auth_basic.rb
+- test/spec_rack_auth_digest.rb
+- test/spec_rack_builder.rb
+- test/spec_rack_camping.rb
+- test/spec_rack_cascade.rb
+- test/spec_rack_cgi.rb
+- test/spec_rack_chunked.rb
+- test/spec_rack_commonlogger.rb
+- test/spec_rack_conditionalget.rb
+- test/spec_rack_config.rb
 - test/spec_rack_content_length.rb
-- test/spec_rack_runtime.rb
+- test/spec_rack_content_type.rb
+- test/spec_rack_deflater.rb
+- test/spec_rack_directory.rb
 - test/spec_rack_etag.rb
+- test/spec_rack_fastcgi.rb
+- test/spec_rack_file.rb
+- test/spec_rack_handler.rb
+- test/spec_rack_head.rb
 - test/spec_rack_lint.rb
-- test/spec_rack_builder.rb
-- test/spec_rack_rewindable_input.rb
-- test/spec_rack_showexceptions.rb
-- test/spec_rack_session_cookie.rb
-- test/spec_rack_conditionalget.rb
-- test/spec_rack_mock.rb
-- test/spec_rack_showstatus.rb
+- test/spec_rack_lobster.rb
+- test/spec_rack_lock.rb
 - test/spec_rack_logger.rb
-- test/spec_rack_request.rb
-- test/spec_rack_auth_basic.rb
-- test/spec_rack_directory.rb
-- test/spec_rack_utils.rb
+- test/spec_rack_methodoverride.rb
+- test/spec_rack_mock.rb
+- test/spec_rack_mongrel.rb
+- test/spec_rack_nulllogger.rb
 - test/spec_rack_recursive.rb
-- test/spec_rackup.rb
-- test/spec_rack_thin.rb
+- test/spec_rack_request.rb
+- test/spec_rack_response.rb
+- test/spec_rack_rewindable_input.rb
+- test/spec_rack_runtime.rb
+- test/spec_rack_sendfile.rb
+- test/spec_rack_session_cookie.rb
 - test/spec_rack_session_memcache.rb
-- test/spec_rack_commonlogger.rb
+- test/spec_rack_session_pool.rb
+- test/spec_rack_showexceptions.rb
+- test/spec_rack_showstatus.rb
 - test/spec_rack_static.rb
-- test/spec_rack_config.rb
-- test/spec_rack_cascade.rb
-- test/spec_rack_auth_digest.rb
-- test/spec_rack_chunked.rb
-- test/spec_rack_mongrel.rb
-- test/spec_rack_cgi.rb
-- test/spec_rack_head.rb
+- test/spec_rack_thin.rb
 - test/spec_rack_urlmap.rb
-- test/spec_rack_methodoverride.rb
-- test/spec_rack_lock.rb
-- test/spec_rack_file.rb
-- test/spec_rack_response.rb
-- test/spec_rack_nulllogger.rb
-- test/spec_rack_handler.rb
-- test/spec_rack_sendfile.rb
+- test/spec_rack_utils.rb
 - test/spec_rack_webrick.rb
-- test/spec_rack_camping.rb
-- test/spec_rack_content_type.rb
-- test/spec_rack_deflater.rb
-- test/spec_rack_fastcgi.rb
-- test/spec_rack_session_pool.rb
-has_rdoc: true
+- test/spec_rackup.rb
 homepage: http://rack.rubyforge.org
 licenses: []
 
@@ -265,52 +277,52 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: rack
-rubygems_version: 1.3.7
+rubygems_version: 1.8.12
 signing_key: 
 specification_version: 3
 summary: a modular Ruby webserver interface
 test_files: 
-- test/spec_rack_lobster.rb
+- test/spec_rack_auth_basic.rb
+- test/spec_rack_auth_digest.rb
+- test/spec_rack_builder.rb
+- test/spec_rack_camping.rb
+- test/spec_rack_cascade.rb
+- test/spec_rack_cgi.rb
+- test/spec_rack_chunked.rb
+- test/spec_rack_commonlogger.rb
+- test/spec_rack_conditionalget.rb
+- test/spec_rack_config.rb
 - test/spec_rack_content_length.rb
-- test/spec_rack_runtime.rb
+- test/spec_rack_content_type.rb
+- test/spec_rack_deflater.rb
+- test/spec_rack_directory.rb
 - test/spec_rack_etag.rb
+- test/spec_rack_fastcgi.rb
+- test/spec_rack_file.rb
+- test/spec_rack_handler.rb
+- test/spec_rack_head.rb
 - test/spec_rack_lint.rb
-- test/spec_rack_builder.rb
-- test/spec_rack_rewindable_input.rb
-- test/spec_rack_showexceptions.rb
-- test/spec_rack_session_cookie.rb
-- test/spec_rack_conditionalget.rb
-- test/spec_rack_mock.rb
-- test/spec_rack_showstatus.rb
+- test/spec_rack_lobster.rb
+- test/spec_rack_lock.rb
 - test/spec_rack_logger.rb
-- test/spec_rack_request.rb
-- test/spec_rack_auth_basic.rb
-- test/spec_rack_directory.rb
-- test/spec_rack_utils.rb
+- test/spec_rack_methodoverride.rb
+- test/spec_rack_mock.rb
+- test/spec_rack_mongrel.rb
+- test/spec_rack_nulllogger.rb
 - test/spec_rack_recursive.rb
-- test/spec_rackup.rb
-- test/spec_rack_thin.rb
+- test/spec_rack_request.rb
+- test/spec_rack_response.rb
+- test/spec_rack_rewindable_input.rb
+- test/spec_rack_runtime.rb
+- test/spec_rack_sendfile.rb
+- test/spec_rack_session_cookie.rb
 - test/spec_rack_session_memcache.rb
-- test/spec_rack_commonlogger.rb
+- test/spec_rack_session_pool.rb
+- test/spec_rack_showexceptions.rb
+- test/spec_rack_showstatus.rb
 - test/spec_rack_static.rb
-- test/spec_rack_config.rb
-- test/spec_rack_cascade.rb
-- test/spec_rack_auth_digest.rb
-- test/spec_rack_chunked.rb
-- test/spec_rack_mongrel.rb
-- test/spec_rack_cgi.rb
-- test/spec_rack_head.rb
+- test/spec_rack_thin.rb
 - test/spec_rack_urlmap.rb
-- test/spec_rack_methodoverride.rb
-- test/spec_rack_lock.rb
-- test/spec_rack_file.rb
-- test/spec_rack_response.rb
-- test/spec_rack_nulllogger.rb
-- test/spec_rack_handler.rb
-- test/spec_rack_sendfile.rb
+- test/spec_rack_utils.rb
 - test/spec_rack_webrick.rb
-- test/spec_rack_camping.rb
-- test/spec_rack_content_type.rb
-- test/spec_rack_deflater.rb
-- test/spec_rack_fastcgi.rb
-- test/spec_rack_session_pool.rb
+- test/spec_rackup.rb