JRuby 9000 (the next major release) includes a backend that supports a
new JVM JIT compiler called Graal. Graal is based on OpenJDK but hasn't
been released yet.
http://openjdk.java.net/projects/graal/
This should plug the vulnerability to CVE-2013-6393 (and fix#504)
that can still occur in certain systems: If the ruby build process
couldn't find a libyaml that worked, it would build its own vendored
libyaml, which was 0.1.4 (and is vulnerable).
Instead, specify that the build always should install the latest
libyaml & build against that.
On OS X and some other platforms it doesn't matter, as `tar`
automatically detects the compression method, but on platforms that
don't it's important to declare the archive format. For ordinary
tarballs the extension provides this info, but since Topaz archive
doesn't have an extension in the URL, we add a fake one via a dummy
query string parameter.
Fixes#357
This build is an unofficial backport of the patch for
"Heap Overflow in Floating Point Parsing (CVE-2013-4164)"
to Ruby 1.8.7-p374.
The defnitoin refers to a tarball of this tag:
https://github.com/heroku/ruby/releases/tag/v1_8_7_375
Because OS X Mountain Lion removed X Windows, compiling Ruby 1.8 would
fail unless the user installed XQuartz manually and passed:
CPPFLAGS=-I/opt/X11/include rbenv install 1.8.7-p374
This auto-detects if `/opt/X11/include` is present on the system and
configures CPPFLAGS accordingly. However if XQuartz was never installed,
we simply configure Ruby using `--without-tk`.
Fixes#193#207
References 353246926c
The problem wasn't in quoting as per 0b5206172, but in the fact that
Ruby trunk added a LDFLAGS checker that aborts if any of the paths
listed in it are missing:
3636f8c0f5
This is probably a bug in Ruby, but for now a simple workaround is to
iterate through paths in LDFLAGS and ensure they exist.
References #441
