So this week there was a boring vulnerability in Ruby. Hostname check bypassing vulnerability in SSL client (CVE-2013-4073). So rather than running an old version of Ruby, I figured I should upgrade. I use rbenv as I’m so over rvm (seriously, who overwrites ‘cd’).
There’s not, that I can see, a simple way of upgrading the version of Ruby in place and keeping all your gems, so the “easy” way is to do the following. Though please tell me if I’m utterly wrong!
[kali:~]% gem list --no-versions --local | egrep '^[a-zA-Z0-9]' >current_gems [kali:~]% rbenv install 1.9.3-p448 Downloading yaml-0.1.4.tar.gz... -> http://dqw8nmjcqpjn7.cloudfront.net/36c852831d02cf90508c29852361d01b Installing yaml-0.1.4... Installed yaml-0.1.4 to /Users/bea/.rbenv/versions/1.9.3-p448 Downloading ruby-1.9.3-p448.tar.gz... -> http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.3-p448.tar.gz Installing ruby-1.9.3-p448... Installed ruby-1.9.3-p448 to /Users/bea/.rbenv/versions/1.9.3-p448 [kali:~]% rbenv shell 1.9.3-p448 [kali:~]% xargs gem install <current_gems
This has the downside/upside of changing all your versions to be the latest. Seeing as no one ever updates their gems it’s worth the breakage in my opinion.
gem list | egrep '^[a-zA-Z0-9]' | sed -E -e 's/,.*/\)/' -e 's/^(.+) \(([0-9\.]+)\)/gem install \1 -v \2/' | sh
is something to hackishly install the top version of that which you have now! (Dirty)