mirrors/rbenv-ruby-build
1
0
Fork 0
mirror of https://github.com/rbenv/ruby-build.git synced 2025-10-22 22:00:23 +02:00
Code Issues Projects Releases Packages Wiki Activity

Install libyaml 0.1.5 for 2.x rubies also

Browse source 
This should plug the vulnerability to CVE-2013-6393 (and fix #504)
that can still occur in certain systems: If the ruby build process
couldn't find a libyaml that worked, it would build its own vendored
libyaml, which was 0.1.4 (and is vulnerable).

Instead, specify that the build always should install the latest
libyaml & build against that.
This commit is contained in:
Andreas Fuchs 2014-02-07 15:41:03 -08:00
parent 26372ad82a
commit 45067e752f
13 changed files with 13 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
share/ruby-build/2.0.0-dev
View file

@ -1,2 +1,3 @@
install_package "yaml-0.1.5" "http://pyyaml.org/download/libyaml/yaml-0.1.5.tar.gz#24f6093c1e840ca5df2eb09291a1dbf1" --if needs_yaml
install_package "openssl-1.0.1e" "https://www.openssl.org/source/openssl-1.0.1e.tar.gz#66bf6f10f060d561929de96f9dfe5b8c" mac_openssl --if has_broken_mac_openssl
install_git "ruby-2.0.0-dev" "https://github.com/ruby/ruby.git" "ruby_2_0_0" autoconf standard verify_openssl