11 changed files with 16 additions and 311 deletions
--- a/Fix-broken-spec.patch
+++ b/Fix-broken-spec.patch
@ -1,23 +0,0 @@
 From 5baa1c8ddcadfdfe07b74c2a72fc9a29121851fd Mon Sep 17 00:00:00 2001
 From: Jordan Owens <jkowens@gmail.com>
 Date: Sun, 22 Jan 2023 19:28:40 -0500
 Subject: [PATCH] Fix broken spec
 HTTP ranges with non decimal characters is treated as range 0..0 as of Rack 2.2.6.2.
 ---
 test/static_test.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/test/static_test.rb b/test/static_test.rb
 index 232cd21c5d..0022f088b4 100644
 --- a/test/static_test.rb
 +++ b/test/static_test.rb
@@ -164,7 +164,7 @@ def assert_valid_range(http_range, range, path, file)
   end
   it 'correctly ignores syntactically invalid range requests' do
 -    ["bytes=45-40", "bytes=IV-LXVI", "octets=10-20", "bytes=", "bytes=3-1,4-5"].each do |http_range|
 +    ["bytes=45-40", "octets=10-20", "bytes=", "bytes=3-1,4-5"].each do |http_range|
       request = Rack::MockRequest.new(@app)
       response = request.get("/#{File.basename(__FILE__)}", 'HTTP_RANGE' => http_range)
--- a/Internal-Sinatra-errors-now-extend-Sinatra-Error-test.patch
+++ b/Internal-Sinatra-errors-now-extend-Sinatra-Error-test.patch
@ -1,66 +0,0 @@
 From d8c35ce7bc6320e5805b106e1bec39d0b64b9306 Mon Sep 17 00:00:00 2001
 From: Jordan Owens <jkowens@gmail.com>            
 Date: Thu, 31 Jan 2019 22:32:45 -0500            
 Subject: [PATCH] Internal Sinatra errors now extend Sinatra::Error
 ---
 test/mapped_error_test.rb |  6 +++---
 test/result_test.rb       | 15 +++++++++++++++
 2 files changed, 18 insertions(+), 3 deletions(-)
 diff --git a/test/mapped_error_test.rb b/test/mapped_error_test.rb
 index cb158a2..562e509 100644
 --- a/test/mapped_error_test.rb
 +++ b/test/mapped_error_test.rb
@@ -6,15 +6,15 @@ end
 class FooNotFound < Sinatra::NotFound
 end
 -class FooSpecialError < RuntimeError
 +class FooSpecialError < Sinatra::Error
   def http_status; 501 end
 end
 -class FooStatusOutOfRangeError < RuntimeError
 +class FooStatusOutOfRangeError < Sinatra::Error
   def code; 4000 end
 end
 -class FooWithCode < RuntimeError
 +class FooWithCode < Sinatra::Error
   def code; 419 end
 end
 diff --git a/test/result_test.rb b/test/result_test.rb
 index cbb7813..cc9990f 100644
 --- a/test/result_test.rb
 +++ b/test/result_test.rb
@@ -1,5 +1,9 @@
 require File.expand_path('../helper', __FILE__)
 +class ThirdPartyError < RuntimeError
 +  def http_status; 400 end
 +end
 +
 class ResultTest < Minitest::Test
   it "sets response.body when result is a String" do
     mock_app { get('/') { 'Hello World' } }
@@ -73,4 +77,15 @@ class ResultTest < Minitest::Test
     assert_equal 205, status
     assert_equal '', body
   end
 +
 +  it "sets status to 500 when raised error is not Sinatra::Error" do
 +    mock_app do
 +      set :raise_errors, false
 +      get('/') { raise ThirdPartyError }
 +    end
 +
 +    get '/'
 +    assert_equal 500, status
 +    assert_equal '<h1>Internal Server Error</h1>', body
 +  end
 end
 -- 
 2.27.0
--- a/Internal-Sinatra-errors-now-extend-Sinatra-Error.patch
+++ b/Internal-Sinatra-errors-now-extend-Sinatra-Error.patch
@ -1,57 +0,0 @@
 From 084cf2ade353d3bf5f1a76aade87efd2f887bdd5 Mon Sep 17 00:00:00 2001
 From: Jordan Owens <jkowens@gmail.com>            
 Date: Thu, 31 Jan 2019 22:32:45 -0500            
 Subject: [PATCH] Internal Sinatra errors now extend Sinatra::Error
 ---
 lib/sinatra/base.rb | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)
 diff --git a/lib/sinatra/base.rb b/lib/sinatra/base.rb
 index f5d7729..aebd025 100644
 --- a/lib/sinatra/base.rb
 +++ b/lib/sinatra/base.rb
@@ -233,11 +233,14 @@ module Sinatra
     end
   end
 -  class BadRequest < TypeError #:nodoc:
 +  class Error < StandardError #:nodoc:
 +  end
 +
 +  class BadRequest < Error #:nodoc:
     def http_status; 400 end
   end
 -  class NotFound < NameError #:nodoc:
 +  class NotFound < Error #:nodoc:
     def http_status; 404 end
   end
@@ -1114,15 +1117,16 @@ module Sinatra
       end
       @env['sinatra.error'] = boom
 -      if boom.respond_to? :http_status
 -        status(boom.http_status)
 -      elsif settings.use_code? and boom.respond_to? :code and boom.code.between? 400, 599
 -        status(boom.code)
 -      else
 -        status(500)
 +      http_status = if boom.kind_of? Sinatra::Error
 +        if boom.respond_to? :http_status
 +          boom.http_status
 +        elsif settings.use_code? && boom.respond_to?(:code)
 +          boom.code
 +        end
       end
 -      status(500) unless status.between? 400, 599
 +      http_status = 500 unless http_status && http_status.between?(400, 599)
 +      status(http_status)
       boom_message = boom.message if boom.message && boom.message != boom.class.name
       if server_error?
 -- 
 2.27.0
--- a/backport-CVE-2022-45442-test.patch
+++ b/backport-CVE-2022-45442-test.patch
@ -1,40 +0,0 @@
 From 1808bcdf3424eab0c659ef2d0e85579aab977a1a Mon Sep 17 00:00:00 2001
 From: namusyaka <namusyaka@gmail.com>
 Date: Wed, 23 Nov 2022 22:24:02 +0900
 Subject: [PATCH] escape filename in the Content-Disposition header
 According the multipart form data spec in WHATWG living standard.
 Ref: https://html.spec.whatwg.org/#multipart-form-data
 Origin:
 https://github.com/sinatra/sinatra/commit/1808bcdf3424eab0c659ef2d0e85579aab977a1a
 ---
 test/helpers_test.rb | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 diff --git a/test/helpers_test.rb b/test/helpers_test.rb
 index 463a21d..7201aab 100644
 --- a/test/helpers_test.rb
 +++ b/test/helpers_test.rb
@@ -781,6 +781,18 @@ class HelpersTest < Minitest::Test
       assert_equal '<sinatra></sinatra>', body
     end
 +    it 'escapes filename in the Content-Disposition header according to the multipart form data spec in WHATWG living standard' do
 +      mock_app do
 +        get('/attachment') do
 +          attachment "test.xml\";\r\next=.txt"
 +          response.write("<sinatra></sinatra>")
 +        end
 +      end
 +
 +      get '/attachment'
 +      assert_equal 'attachment; filename="test.xml%22;%0D%0Aext=.txt"', response['Content-Disposition']
 +      assert_equal '<sinatra></sinatra>', body
 +    end
   end
   describe 'send_file' do
 -- 
 2.47.0
--- a/backport-CVE-2022-45442.patch
+++ b/backport-CVE-2022-45442.patch
@ -1,51 +0,0 @@
 From 1808bcdf3424eab0c659ef2d0e85579aab977a1a Mon Sep 17 00:00:00 2001
 From: namusyaka <namusyaka@gmail.com>
 Date: Wed, 23 Nov 2022 22:24:02 +0900
 Subject: [PATCH] escape filename in the Content-Disposition header
 According the multipart form data spec in WHATWG living standard.
 Ref: https://html.spec.whatwg.org/#multipart-form-data
 Origin:
 https://github.com/sinatra/sinatra/commit/1808bcdf3424eab0c659ef2d0e85579aab977a1a
 ---
 lib/sinatra/base.rb | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)
 diff --git a/lib/sinatra/base.rb b/lib/sinatra/base.rb
 index f5d7729..b20a1f7 100644
 --- a/lib/sinatra/base.rb
 +++ b/lib/sinatra/base.rb
@@ -357,16 +357,23 @@ module Sinatra
       response['Content-Type'] = mime_type
     end
 +    # https://html.spec.whatwg.org/#multipart-form-data
 +    MULTIPART_FORM_DATA_REPLACEMENT_TABLE = {
 +      '"'  => '%22',
 +      "\r" => '%0D',
 +      "\n" => '%0A'
 +    }.freeze
 +
     # Set the Content-Disposition to "attachment" with the specified filename,
     # instructing the user agents to prompt to save.
     def attachment(filename = nil, disposition = :attachment)
       response['Content-Disposition'] = disposition.to_s.dup
 -      if filename
 -        params = '; filename="%s"' % File.basename(filename)
 -        response['Content-Disposition'] << params
 -        ext = File.extname(filename)
 -        content_type(ext) unless response['Content-Type'] or ext.empty?
 -      end
 +      return unless filename
 +
 +      params = format('; filename="%s"', File.basename(filename).gsub(/["\r\n]/, MULTIPART_FORM_DATA_REPLACEMENT_TABLE))
 +      response['Content-Disposition'] << params
 +      ext = File.extname(filename)
 +      content_type(ext) unless response['Content-Type'] || ext.empty?
     end
     # Use the contents of the file at +path+ as the response body.
 -- 
 2.47.0
--- a/rubygem-sinatra-2.0.8.1-Fix-failing-tests.patch
+++ b/rubygem-sinatra-2.0.8.1-Fix-failing-tests.patch
@ -1,25 +0,0 @@
 From 750aa3b0de06dad41539bdb402123b5416a3475d Mon Sep 17 00:00:00 2001
 From: Jordan Owens <jkowens@gmail.com>
 Date: Tue, 10 Mar 2020 10:24:05 -0400
 Subject: [PATCH] Fix failing tests
 Rack added support for Multi-part ranges and apparently changed the
 format of cookie expires timestamp format to match specs.
 ---
 test/static_test.rb |  3 +--
 1 files changed, 1 insertions(+), 2 deletions(-)
 diff --git a/test/static_test.rb b/test/static_test.rb
 index e8408b14e..1c6cb35e9 100644
 --- a/test/static_test.rb
 +++ b/test/static_test.rb
@@ -152,8 +152,7 @@ def assert_valid_range(http_range, range, path, file)
   end
   it 'correctly ignores syntactically invalid range requests' do
 -    # ...and also ignores multi-range requests, which aren't supported yet
 -    ["bytes=45-40", "bytes=IV-LXVI", "octets=10-20", "bytes=-", "bytes=1-2,3-4"].each do |http_range|
 +    ["bytes=45-40", "bytes=IV-LXVI", "octets=10-20", "bytes=", "bytes=3-1,4-5"].each do |http_range|
       request = Rack::MockRequest.new(@app)
       response = request.get("/#{File.basename(__FILE__)}", 'HTTP_RANGE' => http_range)
--- a/rubygem-sinatra.spec
+++ b/rubygem-sinatra.spec
@ -1,27 +1,14 @@
 %global gem_name sinatra
-%bcond_with bootstrap
+%{?_with_bootstrap: %global bootstrap 1}
 Summary:             Ruby-based web application framework
 Name:                rubygem-%{gem_name}
-Version:             2.0.8.1
+Version:             2.0.3
-Release:             4
+Release:             1
 License:             MIT
 URL:                 http://www.sinatrarb.com/
-Source0:             https://rubygems.org/gems/%{gem_name}-%{version}.gem
+Source0:             https://rubygems.org/gems/sinatra-%{version}.gem
-# git clone https://github.com/sinatra/sinatra.git && cd sinatra
+Source1:             https://github.com/sinatra/sinatra/archive/v%{version}.tar.gz
-# git archive -v -o sinatra-2.0.8.1-test.tar.gz v2.0.8.1 test/
+BuildRequires:       rubygems-devel
 Source1:             %{gem_name}-%{version}-test.tar.gz
 # Fix test failure due to Rack 2.2.2 incompatibility.
 # https://github.com/sinatra/sinatra/pull/1605
 Patch0:              rubygem-sinatra-2.0.8.1-Fix-failing-tests.patch
 Patch1:              Internal-Sinatra-errors-now-extend-Sinatra-Error-test.patch
 Patch2:              Internal-Sinatra-errors-now-extend-Sinatra-Error.patch
 Patch3:              Fix-broken-spec.patch
 # Security fix
 Patch3000:           backport-CVE-2022-45442.patch
 Patch3001:           backport-CVE-2022-45442-test.patch
 BuildRequires:       rubygems-devel ruby(release) ruby >= 2.2.0
 %if ! 0%{?bootstrap}
 BuildRequires:       rubygem(rack) >= 2.0 rubygem(rack-protection) = %{version} rubygem(tilt)
 BuildRequires:       rubygem(mustermann) rubygem(rack-test) rubygem(minitest) > 5
@ -41,20 +28,12 @@ Obsoletes:           %{name}-doc < %{version}-%{release}
 This package contains documentation for %{name}.
 %prep
-%setup -q -n %{gem_name}-%{version} -b 1
+gem unpack %{SOURCE0}
-
+%setup -q -D -T -n  %{gem_name}-%{version}
-pushd %{_builddir}
+gem spec %{SOURCE0} -l --ruby > %{gem_name}.gemspec
 %patch0 -p1
 %patch1 -p1
 %patch3 -p1
 %patch3001 -p1
 popd
 %patch2 -p1
 %patch3000 -p1
 %build
-gem build ../%{gem_name}-%{version}.gemspec
+gem build %{gem_name}.gemspec
 %gem_install
 %install
@ -63,11 +42,14 @@ cp -rv .%{gem_dir}/* %{buildroot}%{gem_dir}
 sed -i -e 's|^#!/usr/bin/env ruby|#!/usr/bin/ruby|' \
  %{buildroot}%{gem_instdir}/examples/*.rb
 %if %{without bootstrap}
 %check
 %if ! 0%{?bootstrap}
 pushd .%{gem_instdir}
-cp -a %{_builddir}/test test
+tar xzvf %{SOURCE1}
-sed -i '/active_support/ s/$/ unless Hash.method_defined?(:slice)/' test/helper.rb
+cd %{gem_name}-%{version}
 for FILE in $(grep -rl '^require.*bundler.*' test/); do
  sed -i "/^require 'bundler.*'/ s/^/#/" ${FILE}
 done
 mv test/integration_test.rb{,.disabled}
 ruby -e 'Dir.glob "./test/*_test.rb", &method(:require)'
 popd
@ -96,20 +78,5 @@ popd
 %{gem_instdir}/examples
 %changelog
 * Mon Nov 18 2024 yaoxin <yao_xin001@hoperun.com> - 1:2.0.8.1-4
 - Fix CVE-2022-45442
 * Sat May 11 2024 Zhengxin Guo <guozhengxin@kylinos.cn> - 1:2.0.8.1-3
 - fix the correctly ignores syntactically invalid range requests test
 * Tue Jan 17 2023 wulei <wulei80@h-partners.com> - 1:2.0.8.1-2
 - fix the error_highlight test
 * Thu Feb 24 2022 liyanan <liyanan32@huawei.com> - 2.0.8.1-1
 - update to 2.0.8.1
 * Wed Feb 10 2021 Ge Wang <wangge20@huawei.com> - 2.0.3-2
 - solve test error due to rubygem-rack update to 2.2.0+
 * Sat Aug 22 2020 liyanan <liyanan32@huawei.com> - 2.0.3-1
 - package init
--- a/sinatra-2.0.3.gem
+++ b/sinatra-2.0.3.gem
--- a/sinatra-2.0.8.1-test.tar.gz
+++ b/sinatra-2.0.8.1-test.tar.gz
--- a/sinatra-2.0.8.1.gem
+++ b/sinatra-2.0.8.1.gem
--- a/v2.0.3.tar.gz
+++ b/v2.0.3.tar.gz