How to upgrade ruby to a specific version

Hi there,

sorry for the n00b question:

What’s the correct linux command for upgrading ruby to a specific
version? (Ruby 1.8.6-p369 is needed.)

Btw, it’s this security issue that leads me to it:
http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/

Thanks a lot!
Tom

Anybody…?

(I couldn’t find the answer using search engines…)

On Monday 06 July 2009, Tom Ha wrote:

|
|Thanks a lot!
|Tom

That depends on which linux distribution you use. Without knowing that,
we
can’t give you an answer. For example, on Gentoo it is:

sudo emerge “=ruby-1.8.6_p369”

but on Debian, or Mandriva or Ubuntu, or… the command would be
completely
different.

If you want an answer, please, tell us which distribution are you using.

Stefano

On Tuesday 07 July 2009 04:55:01 Tom Ha wrote:

Sorry, I didn’t know that…

I actually use Ubuntu (9.04).

And while Ubuntu has confirmed the bug, and it has been fixed in Debian
unstable, it still remains an open issue:

https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/385436

Best bet is to download the source and compile it yourself at this
point.
Link:

ftp://ruby-lang.org/pub/ruby/ruby-1.8.6-p369.tar.gz

Sorry, I didn’t know that…

I actually use Ubuntu (9.04).

Thanks for your answer.

The thing is, I’m a n00b in Linux as well (and therefore not used to
compile stuff, etc.).

Is it really not possible to update Ruby on my Ubuntu machine to a
specific patch level, simply using a terminal command?

I need to upgrade to “ruby 1.8.6-p369” (version 1.9 is not yet
sufficiently supported).

Thanks for any help with this!

On Tue, Jul 7, 2009 at 12:13 PM, Tom Ha[email protected] wrote:

Thanks for your answer.

The thing is, I’m a n00b in Linux as well (and therefore not used to
compile stuff, etc.).

Is it really not possible to update Ruby on my Ubuntu machine to a
specific patch level, simply using a terminal command?

Assuming you mean via apt-get or it’s brethren, no. You’re limited to
what the Ubuntu/Debian maintainer has decided to package.

And I’m pretty sure that for 9.04 you’re only going to find 1.8.7
packages anyway.

I need to upgrade to “ruby 1.8.6-p369” (version 1.9 is not yet
sufficiently supported).

The only way to get control at this level is to install from source.

It’s really not that hard, google will provide lots of help.

On the other hand, I’m not sure that the bigdecimal DOS bug is really
that much of an exposure. Unless I misunderstood him, Charlie Nutter
(of JRuby fame) posted somewhere that Java has had the same issue for
quite some time.


Rick DeNatale

Blog: http://talklikeaduck.denhaven2.com/
Twitter: http://twitter.com/RickDeNatale
WWR: http://www.workingwithrails.com/person/9021-rick-denatale
LinkedIn: http://www.linkedin.com/in/rickdenatale

On Tue, Jul 7, 2009 at 11:46 AM, Rick DeNatale[email protected]
wrote:

On the other hand, I’m not sure that the bigdecimal DOS bug is really
that much of an exposure. Â Unless I misunderstood him, Charlie Nutter
(of JRuby fame) posted somewhere that Java has had the same issue for
quite some time.

It does…and I patched around one vector for it, but the fact that
it’s been possible to have this same sort of “infinite execution DOS”
on the JVM makes me think it’s not that big a deal.

  • Charlie

Thanks!

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs