File rubygem-rack-CVE-2020-8184.patch of Package rubygem-rack.28303

--- a/lib/rack/utils.rb	2022-09-15 15:00:32.425815976 +0000
+++ b/lib/rack/utils.rb	2022-09-15 15:02:24.654561340 +0000
@@ -210,8 +210,12 @@ module Rack
       #   the Cookie header such that those with more specific Path attributes
       #   precede those with less specific.  Ordering with respect to other
       #   attributes (e.g., Domain) is unspecified.
-      cookies = parse_query(header, ';,') { |s| unescape(s) rescue s }
-      cookies.each_with_object({}) { |(k,v), hash| hash[k] = Array === v ? v.first : v }
+      return {} unless header
+      header.split(/[;] */n).each_with_object({}) do |cookie, cookies|
+        next if cookie.empty?
+        key, value = cookie.split('=', 2)
+        cookies[key] = (unescape(value) rescue value) unless cookies.key?(key)
+      end
     end
     module_function :parse_cookies_header