From fd1d58abd6b9a969893b0c09831003c71d0c9e5a Mon Sep 17 00:00:00 2001
From: cn <cn@mycrobase.de>
Date: Fri, 2 Oct 2020 00:49:14 +0200
Subject: [PATCH] gems: update webrick to version 1.6.1

- explicitly use webrick gem version with patch against CVE-2020-25613
- https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/
- webrick versions bundled with ruby are vulnerable at this point
---
 CHANGELOG.md    | 6 ++++++
 dyndnsd.gemspec | 1 +
 2 files changed, 7 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 825c940..bad80a7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changelog
 
+## 3.1.1
+
+IMPROVEMENTS:
+
+- Use webrick gem which contains fixes against [CVE-2020-25613](https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/)
+
 ## 3.1.0 (August 19, 2020)
 
 IMPROVEMENTS:
diff --git a/dyndnsd.gemspec b/dyndnsd.gemspec
index e32d9dc..8de614e 100644
--- a/dyndnsd.gemspec
+++ b/dyndnsd.gemspec
@@ -33,6 +33,7 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency 'opentracing', '~> 0.5.0'
   s.add_runtime_dependency 'rack', '~> 2.0'
   s.add_runtime_dependency 'rack-tracer', '~> 0.9.0'
+  s.add_runtime_dependency 'webrick', '>= 1.6.1'
 
   s.add_development_dependency 'bundler'
   s.add_development_dependency 'bundler-audit', '~> 0.7.0'