How to upgrade ruby to a specific version

[Tom Ha]

Hi there,

sorry for the n00b question:

What's the correct linux command for upgrading ruby to a specific
version? (Ruby 1.8.6-p369 is needed.)

Btw, it's this security issue that leads me to it:
http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/

Thanks a lot!
Tom

 

[Tom Ha]

Anybody...?

(I couldn't find the answer using search engines...)

 

[Stefano Crocco]

|Hi there,
|
|sorry for the n00b question:
|
|What's the correct linux command for upgrading ruby to a specific
|version? (Ruby 1.8.6-p369 is needed.)
|
|Btw, it's this security issue that leads me to it:
|http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecima
|l/
|
|Thanks a lot!
|Tom

That depends on which linux distribution you use. Without knowing that, we
can't give you an answer. For example, on Gentoo it is:

sudo emerge "=ruby-1.8.6_p369"

but on Debian, or Mandriva or Ubuntu, or... the command would be completely
different.

If you want an answer, please, tell us which distribution are you using.

Stefano

 

[Tom Ha]

Sorry, I didn't know that...

I actually use Ubuntu (9.04).

 

[spox]

Sorry, I didn't know that...

I actually use Ubuntu (9.04).

And while Ubuntu has confirmed the bug, and it has been fixed in Debian
unstable, it still remains an open issue:

https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/385436

Best bet is to download the source and compile it yourself at this point.
Link:

ftp://ruby-lang.org/pub/ruby/ruby-1.8.6-p369.tar.gz

 

[Tom Ha]

Thanks for your answer.

The thing is, I'm a n00b in Linux as well (and therefore not used to
compile stuff, etc.).

Is it really not possible to update Ruby on my Ubuntu machine to a
specific patch level, simply using a terminal command?

I need to upgrade to "ruby 1.8.6-p369" (version 1.9 is not yet
sufficiently supported).

Thanks for any help with this!

 

[Rick DeNatale]

Thanks for your answer.

The thing is, I'm a n00b in Linux as well (and therefore not used to
compile stuff, etc.).

Is it really not possible to update Ruby on my Ubuntu machine to a
specific patch level, simply using a terminal command?

Assuming you mean via apt-get or it's brethren, no. You're limited to
what the Ubuntu/Debian maintainer has decided to package.

And I'm pretty sure that for 9.04 you're only going to find 1.8.7
packages anyway.

I need to upgrade to "ruby 1.8.6-p369" (version 1.9 is not yet
sufficiently supported).

The only way to get control at this level is to install from source.

It's really not that hard, google will provide lots of help.

On the other hand, I'm not sure that the bigdecimal DOS bug is really
that much of an exposure. Unless I misunderstood him, Charlie Nutter
(of JRuby fame) posted somewhere that Java has had the same issue for
quite some time.


--
Rick DeNatale

Blog: http://talklikeaduck.denhaven2.com/
Twitter: http://twitter.com/RickDeNatale
WWR: http://www.workingwithrails.com/person/9021-rick-denatale
LinkedIn: http://www.linkedin.com/in/rickdenatale

 

[Tom Ha]

Thanks!

 

[Charles Oliver Nutter]

On the other hand, I'm not sure that the bigdecimal DOS bug is really
that much of an exposure. =C2=A0Unless I misunderstood him, Charlie Nutte= r
(of JRuby fame) posted somewhere that Java has had the same issue for
quite some time.

It does...and I patched around one vector for it, but the fact that
it's been possible to have this same sort of "infinite execution DOS"
on the JVM makes me think it's not that big a deal.

- Charlie