This should plug the vulnerability to CVE-2013-6393 (and fix#504)
that can still occur in certain systems: If the ruby build process
couldn't find a libyaml that worked, it would build its own vendored
libyaml, which was 0.1.4 (and is vulnerable).
Instead, specify that the build always should install the latest
libyaml & build against that.
The problem wasn't in quoting as per 0b5206172, but in the fact that
Ruby trunk added a LDFLAGS checker that aborts if any of the paths
listed in it are missing:
3636f8c0f5
This is probably a bug in Ruby, but for now a simple workaround is to
iterate through paths in LDFLAGS and ensure they exist.
References #441
