Install libyaml 0.1.5 for 2.x rubies also

This should plug the vulnerability to CVE-2013-6393 (and fix #504)
that can still occur in certain systems: If the ruby build process
couldn't find a libyaml that worked, it would build its own vendored
libyaml, which was 0.1.4 (and is vulnerable).

Instead, specify that the build always should install the latest
libyaml & build against that.