patch_ubuntu_ruby.sh

# Make sure we've got readline on ubuntu
sudo apt-get install libreadline-dev

# copied from https://github.com/postmodern/ruby-install
wget -O ruby-install-0.3.2.tar.gz https://github.com/postmodern/ruby-install/archive/v0.3.2.tar.gz

# might be worth checking the gpg signature of the file you're installing per
# postmodern's instructions.  Install his key from here: http://postmodern.github.io/contact.html#pgp
# and then uncomment the lines below.

#wget https://raw.github.com/postmodern/ruby-install/master/pkg/ruby-install-0.3.2.tar.gz.asc
#gpg --verify ruby-install-0.3.2.tar.gz.asc ruby-install-0.3.2.tar.gz

# build ruby-install
tar -xzvf ruby-install-0.3.2.tar.gz
cd ruby-install-0.3.2/
sudo make install

# install ruby 1.8.7 with a patch for the floating point bug reported here:
# https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/
#
# (instructions from http://makandracards.com/railslts/19977-backported-fix-for-heap-overflow-in-floating-point-parsing-cve-2013-4164 )
sudo ruby-install -p https://railslts.com/files/ruby-1_8_7p374-fix-overflow-point-parsing-cve-2013-4164.patch ruby 1.8.7-p374

# Use update-alternatives to leave ubuntu ruby installation in place and
# swap in our patched ruby.
sudo update-alternatives --install /usr/bin/ruby ruby /opt/rubies/ruby-1.8.7-p374/bin/ruby 100 \
--slave /usr/bin/erb    erb    /opt/rubies/ruby-1.8.7-p374/bin/erb    \
--slave /usr/bin/irb    irb    /opt/rubies/ruby-1.8.7-p374/bin/irb    \
--slave /usr/bin/rdoc   rdoc   /opt/rubies/ruby-1.8.7-p374/bin/rdoc   \
--slave /usr/bin/ri     ri     /opt/rubies/ruby-1.8.7-p374/bin/ri     \
--slave /usr/bin/testrb testrb /opt/rubies/ruby-1.8.7-p374/bin/testrb