7

我需要安装需要 qt 库的 capybara-webkit,所以我使用 homebrew 使用以下命令安装它们

brew update
brew install qt
brew linkapps

然后我捆绑了 capybara-webkit,一切都很好。但是,我的警卫发出以下警告。

 You appear to have an outdated version of libyaml (0.1.4) installed on your system.

  Prior to 0.1.6, libyaml is vulnerable to a heap overflow exploit from malicious YAML payloads.


  The easiest thing to do right now is probably to update Psych to the latest version and enable
  the 'bundled-libyaml' option, which will install a vendored libyaml with the vulnerability patched:

  gem install psych -- --enable-bundled-libyaml

看起来很简单。但是,即使在使用“捆绑 libyaml”选项成功安装 psych 之后,我仍然会看到有关过时 libyaml 的警告。此外,当我检查与 psyche 相关的 libyaml 版本(ruby -rpsych -e 'p Psych.libyaml_version')时,它仍然是 1.4。

有任何想法吗?

4

3 回答 3

6

尝试:

brew upgrade libyaml

为我工作。

于 2014-04-08T00:26:28.710 回答
0

在 Ubuntu 上,这对我有用。它会重新安装所有红宝石,因此可能需要一段时间。

rvm pkg install libyaml
rvm reinstall all --force

样品运行

rvm pkg install libyaml

Beware, 'rvm pkg ...' is deprecated, read about the new autolibs feature: 'rvm help   autolibs'.

Checking requirements for ubuntu.
Requirements installation successful.
Fetching yaml-0.1.6.tar.gz to /home/assay/.rvm/archives
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                             Dload  Upload   Total   Spent    Left  Speed
100  491k  100  491k    0     0   142k      0  0:00:03  0:00:03 --:--:--  481k
No checksum for downloaded archive, recording checksum in user configuration.
Extracting yaml to /home/assay/.rvm/src/yaml-0.1.6...
Prepare yaml in /home/assay/.rvm/src/yaml-0.1.6..
Configuring yaml in /home/assay/.rvm/src/yaml-0.1.6..........
Compiling yaml in /home/assay/.rvm/src/yaml-0.1.6...................
Installing yaml to /home/assay/.rvm/usr.......

Please note that it's required to reinstall all rubies:

    rvm reinstall all --force
于 2014-06-07T16:21:50.437 回答
0 
brew update libyaml

对我不起作用,但是

rvm get stable

做过。

于 2014-05-28T08:49:50.827 回答