diff options
author | Anders Kaseorg <andersk@mit.edu> | 2020-01-01 16:29:34 -0800 |
---|---|---|
committer | Frederik Rietdijk <freddyrietdijk@fridh.nl> | 2020-01-15 09:47:03 +0100 |
commit | 3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba (patch) | |
tree | 7a1f1889004dce271903d69dce5c1f5a2cf92b07 /pkgs/applications/office/gnucash | |
parent | 2e5051e2235f93829f0d6531ace21e87f2a486a4 (diff) | |
download | nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.gz nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.bz2 nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.lz nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.xz nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.zst nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.zip |
treewide: Fix unsafe concatenation of $LD_LIBRARY_PATH
Naive concatenation of $LD_LIBRARY_PATH can result in an empty colon-delimited segment; this tells glibc to load libraries from the current directory, which is definitely wrong, and may be a security vulnerability if the current directory is untrusted. (See #67234, for example.) Fix this throughout the tree. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Diffstat (limited to 'pkgs/applications/office/gnucash')
-rw-r--r-- | pkgs/applications/office/gnucash/default.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/pkgs/applications/office/gnucash/default.nix b/pkgs/applications/office/gnucash/default.nix index 963a896dd51..476b1128b94 100644 --- a/pkgs/applications/office/gnucash/default.nix +++ b/pkgs/applications/office/gnucash/default.nix @@ -79,7 +79,7 @@ stdenv.mkDerivation rec { # 80 - test-gnc-module-scm-module (Failed) # 81 - test-gnc-module-scm-multi (Failed) preCheck = '' - export LD_LIBRARY_PATH=$PWD/lib:$PWD/lib/gnucash:$PWD/lib/gnucash/test:$LD_LIBRARY_PATH + export LD_LIBRARY_PATH=$PWD/lib:$PWD/lib/gnucash:$PWD/lib/gnucash/test''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH export NIX_CFLAGS_LINK="-lgtest -lgtest_main" ''; doCheck = false; |