mirror of
https://github.com/rbenv/ruby-build.git
synced 2025-09-26 19:11:22 +02:00
45067e752f
This should plug the vulnerability to CVE-2013-6393 (and fix #504) that can still occur in certain systems: If the ruby build process couldn't find a libyaml that worked, it would build its own vendored libyaml, which was 0.1.4 (and is vulnerable). Instead, specify that the build always should install the latest libyaml & build against that.
3 lines
404 B
Text
3 lines
404 B
Text
install_package "yaml-0.1.5" "http://pyyaml.org/download/libyaml/yaml-0.1.5.tar.gz#24f6093c1e840ca5df2eb09291a1dbf1" --if needs_yaml
|
|
install_package "openssl-1.0.1e" "https://www.openssl.org/source/openssl-1.0.1e.tar.gz#66bf6f10f060d561929de96f9dfe5b8c" mac_openssl --if has_broken_mac_openssl
|
|
install_git "ruby-2.0.0-dev" "https://github.com/ruby/ruby.git" "ruby_2_0_0" autoconf standard verify_openssl
|