Compile Ruby 2.1.1 with libyaml on CentOS
Compiling libyaml 1.0.6
To fix the Ruby security issue "Heap Overflow in YAML URI Escape Parsing (CVE-2014-2525)" you need to make sure that your Ruby installation uses libyaml version 1.0.6 or later. To test the used libyaml version one can use
$ ruby -rpsych -e "puts Psych.libyaml_version.join('.')"
-r requires a library and
-e runs the given command which in this case displays the libyaml version in human readable format.
To update libyaml on CentOS at the time writing you cannot use yum as the version in yum is still only 0.1.5 We therefore uninstall the yum packages libyaml and libyaml-devel:
$ yum remove libyaml
We the download libyaml from the official website, extract it, build it and install it.
$ wget http://pyyaml.org/download/libyaml/yaml-0.1.6.tar.gz $ tar xzvf yaml-0.1.6.tar.gz $ cd yaml-0.1.6 $ ./configure --prefix=/usr $ make $ make install
This will install the libyaml library into
/usr/lib/ and the headers into
/usr/include. At least on my machine the yum package installed the library into
/usr/lib64 which means I had to run
$ ldconfig -v
to update the path to the shared library. It should oputput something like this:
.../usr/lib: libyaml-0.so.2-> libyaml.so ...
Now we can compile Ruby as usual. (Actually I'm not quite sure if you really need to compile Ruby against the new version of libyaml. In my little test it worked already already just by replacing the shared library.)
Compiling Ruby 2.1.2
To compile Ruby manually we need to install some dependencies first. On CentOS this can be done using the package manager as follows.
yum install gcc openssl-devel readline-devel zlib-devel
libyaml-devel is not contained in this list as we installed it manually in the above section.
We download ruby from the official website, extract it, build it and install it.
$ wget http://ftp.ruby-lang.org/pub/ruby/ruby-2.1.2.tar.gz $ tar xzvf ruby-2.1.2.tar.gz $ cd ruby-2.1.2 $ ./configure --prefix=/usr/local/ruby-2.1.2 $ make $ make install
For easier maintenance I chose to create a symbolic link and add it to the systems path instead of direclty adding the directory containung the just installed Ruby to the path. This way it is easier to install another version of Ruby and switch the versions if you are updating Ruby and want to test if everything works fine with the never version.
$ cd /usr/local $ ln -s ruby-2.1.2 ruby
Finally we need to add ruby to the path. We therefore create a
ruby.sh in the
/etc/profile.d directory which adds Ruby to the path.
$ echo pathmunge /usr/local/ruby/bin > ruby.sh
No log back in and run
$ ruby -v
to check if everything is working fine. Instead of logging back in, you could reload the profile:
$ . /etc/profile
This will update the
You can check if OpenSSL, Zlib and Readline are actually available using the following command.
ruby -ropenssl -rzlib -rreadline -e "puts :success"
This description is mainly based on the article Install Ruby 1.9.3 with libyaml on CentOS by Brian Ryckbost which is a little bit outdated but still valid.