summary refs log tree commit diff
path: root/pkgs/development
diff options
context:
space:
mode:
authorAnders Kaseorg <andersk@mit.edu>2020-01-01 16:29:34 -0800
committerFrederik Rietdijk <freddyrietdijk@fridh.nl>2020-01-15 09:47:03 +0100
commit3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba (patch)
tree7a1f1889004dce271903d69dce5c1f5a2cf92b07 /pkgs/development
parent2e5051e2235f93829f0d6531ace21e87f2a486a4 (diff)
downloadnixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar
nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.gz
nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.bz2
nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.lz
nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.xz
nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.zst
nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.zip
treewide: Fix unsafe concatenation of $LD_LIBRARY_PATH
Naive concatenation of $LD_LIBRARY_PATH can result in an empty
colon-delimited segment; this tells glibc to load libraries from the
current directory, which is definitely wrong, and may be a security
vulnerability if the current directory is untrusted.  (See #67234, for
example.)  Fix this throughout the tree.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Diffstat (limited to 'pkgs/development')
-rw-r--r--pkgs/development/compilers/halide/default.nix2
-rw-r--r--pkgs/development/compilers/llvm/4/llvm.nix2
-rw-r--r--pkgs/development/compilers/llvm/5/llvm.nix2
-rw-r--r--pkgs/development/compilers/llvm/6/llvm.nix2
-rw-r--r--pkgs/development/compilers/llvm/7/llvm.nix2
-rw-r--r--pkgs/development/compilers/llvm/8/llvm.nix2
-rw-r--r--pkgs/development/compilers/llvm/9/llvm.nix2
-rw-r--r--pkgs/development/compilers/mlton/20130715.nix2
-rw-r--r--pkgs/development/compilers/solc/default.nix2
-rw-r--r--pkgs/development/guile-modules/guile-lib/default.nix2
-rw-r--r--pkgs/development/interpreters/pure/default.nix2
-rw-r--r--pkgs/development/libraries/boxfort/default.nix2
-rw-r--r--pkgs/development/libraries/caf/default.nix4
-rw-r--r--pkgs/development/libraries/criterion/default.nix2
-rw-r--r--pkgs/development/libraries/cutelyst/default.nix2
-rw-r--r--pkgs/development/libraries/exiv2/default.nix2
-rw-r--r--pkgs/development/libraries/glib/default.nix2
-rw-r--r--pkgs/development/libraries/grpc/default.nix2
-rw-r--r--pkgs/development/libraries/jsoncpp/default.nix4
-rw-r--r--pkgs/development/libraries/libtins/default.nix4
-rw-r--r--pkgs/development/libraries/orcania/default.nix2
-rw-r--r--pkgs/development/libraries/qt-4.x/4.8/default.nix2
-rw-r--r--pkgs/development/libraries/qt-5/modules/qtbase.nix2
-rw-r--r--pkgs/development/libraries/science/math/arpack/default.nix4
-rw-r--r--pkgs/development/libraries/science/math/scalapack/default.nix2
-rw-r--r--pkgs/development/libraries/yder/default.nix2
-rw-r--r--pkgs/development/pharo/vm/build-vm.nix2
-rw-r--r--pkgs/development/python-modules/pytorch/default.nix2
28 files changed, 32 insertions, 32 deletions
diff --git a/pkgs/development/compilers/halide/default.nix b/pkgs/development/compilers/halide/default.nix
index 0b28b61a27b..44c079af926 100644
--- a/pkgs/development/compilers/halide/default.nix
+++ b/pkgs/development/compilers/halide/default.nix
@@ -29,7 +29,7 @@ in llvmPackages.stdenv.mkDerivation {
   # To handle the lack of 'local' RPATH; required, as they call one of
   # their built binaries requiring their libs, in the build process.
   preBuild = ''
-    export LD_LIBRARY_PATH="$(pwd)/lib:$LD_LIBRARY_PATH"
+    export LD_LIBRARY_PATH="$(pwd)/lib''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH"
   '';
 
   enableParallelBuilding = true;
diff --git a/pkgs/development/compilers/llvm/4/llvm.nix b/pkgs/development/compilers/llvm/4/llvm.nix
index d5f64041486..0d3ce1614de 100644
--- a/pkgs/development/compilers/llvm/4/llvm.nix
+++ b/pkgs/development/compilers/llvm/4/llvm.nix
@@ -143,7 +143,7 @@ stdenv.mkDerivation ({
   '';
 
   preCheck = ''
-    export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD/lib
+    export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$PWD/lib
   '';
 
   postInstall = stdenv.lib.optionalString enableSharedLibraries ''
diff --git a/pkgs/development/compilers/llvm/5/llvm.nix b/pkgs/development/compilers/llvm/5/llvm.nix
index cd26b7d17a9..2ce17765d63 100644
--- a/pkgs/development/compilers/llvm/5/llvm.nix
+++ b/pkgs/development/compilers/llvm/5/llvm.nix
@@ -119,7 +119,7 @@ stdenv.mkDerivation ({
   '';
 
   preCheck = ''
-    export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD/lib
+    export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$PWD/lib
   '';
 
   postInstall = ''
diff --git a/pkgs/development/compilers/llvm/6/llvm.nix b/pkgs/development/compilers/llvm/6/llvm.nix
index 8faab6b94a9..80acd3fa2fe 100644
--- a/pkgs/development/compilers/llvm/6/llvm.nix
+++ b/pkgs/development/compilers/llvm/6/llvm.nix
@@ -120,7 +120,7 @@ stdenv.mkDerivation ({
   '';
 
   preCheck = ''
-    export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD/lib
+    export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$PWD/lib
   '';
 
   postInstall = ''
diff --git a/pkgs/development/compilers/llvm/7/llvm.nix b/pkgs/development/compilers/llvm/7/llvm.nix
index 62be8bbedab..d7fb1fe4b93 100644
--- a/pkgs/development/compilers/llvm/7/llvm.nix
+++ b/pkgs/development/compilers/llvm/7/llvm.nix
@@ -141,7 +141,7 @@ in stdenv.mkDerivation ({
   '';
 
   preCheck = ''
-    export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD/lib
+    export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$PWD/lib
   '';
 
   postInstall = ''
diff --git a/pkgs/development/compilers/llvm/8/llvm.nix b/pkgs/development/compilers/llvm/8/llvm.nix
index 18946f5d640..a9c4a6b0ba2 100644
--- a/pkgs/development/compilers/llvm/8/llvm.nix
+++ b/pkgs/development/compilers/llvm/8/llvm.nix
@@ -117,7 +117,7 @@ in stdenv.mkDerivation ({
   '';
 
   preCheck = ''
-    export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD/lib
+    export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$PWD/lib
   '';
 
   postInstall = ''
diff --git a/pkgs/development/compilers/llvm/9/llvm.nix b/pkgs/development/compilers/llvm/9/llvm.nix
index c0e750dc31c..2cdc5a5fd06 100644
--- a/pkgs/development/compilers/llvm/9/llvm.nix
+++ b/pkgs/development/compilers/llvm/9/llvm.nix
@@ -134,7 +134,7 @@ in stdenv.mkDerivation (rec {
   '';
 
   preCheck = ''
-    export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD/lib
+    export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$PWD/lib
   '';
 
   postInstall = ''
diff --git a/pkgs/development/compilers/mlton/20130715.nix b/pkgs/development/compilers/mlton/20130715.nix
index 207ed8f29bc..52bb0a0775c 100644
--- a/pkgs/development/compilers/mlton/20130715.nix
+++ b/pkgs/development/compilers/mlton/20130715.nix
@@ -77,7 +77,7 @@ stdenv.mkDerivation rec {
     chmod u+x $(pwd)/../${usr_prefix}/bin/mlton
 
     # So the builder runs the binary compiler with gmp.
-    export LD_LIBRARY_PATH=${gmp.out}/lib:$LD_LIBRARY_PATH
+    export LD_LIBRARY_PATH=${gmp.out}/lib''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH
 
   '' + stdenv.lib.optionalString stdenv.isLinux ''
     # Patch ELF interpreter.
diff --git a/pkgs/development/compilers/solc/default.nix b/pkgs/development/compilers/solc/default.nix
index 23e6c64f3ff..0f71ed79e7e 100644
--- a/pkgs/development/compilers/solc/default.nix
+++ b/pkgs/development/compilers/solc/default.nix
@@ -49,7 +49,7 @@ stdenv.mkDerivation rec {
   checkPhase = ''
     while IFS= read -r -d ''' dir
     do
-      LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$(pwd)/$dir
+      LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$(pwd)/$dir
       export LD_LIBRARY_PATH
     done <   <(find . -type d -print0)
 
diff --git a/pkgs/development/guile-modules/guile-lib/default.nix b/pkgs/development/guile-modules/guile-lib/default.nix
index cea464ad5d2..97f501f41db 100644
--- a/pkgs/development/guile-modules/guile-lib/default.nix
+++ b/pkgs/development/guile-modules/guile-lib/default.nix
@@ -21,7 +21,7 @@ in stdenv.mkDerivation {
   preCheck = ''
     # Make `libgcc_s.so' visible for `pthread_cancel'.
     export LD_LIBRARY_PATH=\
-    "$(dirname $(echo ${stdenv.cc.cc.lib}/lib*/libgcc_s.so)):$LD_LIBRARY_PATH"
+    "$(dirname $(echo ${stdenv.cc.cc.lib}/lib*/libgcc_s.so))''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH"
   '';
 
   meta = with stdenv.lib; {
diff --git a/pkgs/development/interpreters/pure/default.nix b/pkgs/development/interpreters/pure/default.nix
index 9c35fc35497..764ee241aff 100644
--- a/pkgs/development/interpreters/pure/default.nix
+++ b/pkgs/development/interpreters/pure/default.nix
@@ -24,7 +24,7 @@ stdenv.mkDerivation rec {
   configureFlags = [ "--enable-release" ];
   doCheck = true;
   checkPhase = ''
-    LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${llvm}/lib make check
+    LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}${llvm}/lib make check
   '';
   postInstall = ''
     wrapProgram $out/bin/pure --prefix LD_LIBRARY_PATH : ${llvm}/lib
diff --git a/pkgs/development/libraries/boxfort/default.nix b/pkgs/development/libraries/boxfort/default.nix
index 95c1afd090f..fb6e735c46e 100644
--- a/pkgs/development/libraries/boxfort/default.nix
+++ b/pkgs/development/libraries/boxfort/default.nix
@@ -29,7 +29,7 @@ stdenv.mkDerivation rec {
 
   doCheck = true;
   preCheck = ''
-    export LD_LIBRARY_PATH=`pwd`:$LD_LIBRARY_PATH
+    export LD_LIBRARY_PATH=`pwd`''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH
   '';
 
   outputs = [ "dev" "out" ];
diff --git a/pkgs/development/libraries/caf/default.nix b/pkgs/development/libraries/caf/default.nix
index ecf991cb59c..e32ec169579 100644
--- a/pkgs/development/libraries/caf/default.nix
+++ b/pkgs/development/libraries/caf/default.nix
@@ -22,8 +22,8 @@ stdenv.mkDerivation rec {
   doCheck = true;
   checkTarget = "test";
   preCheck = ''
-    export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD/lib
-    export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH:$PWD/lib
+    export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$PWD/lib
+    export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH''${DYLD_LIBRARY_PATH:+:}$PWD/lib
   '';
 
   meta = with stdenv.lib; {
diff --git a/pkgs/development/libraries/criterion/default.nix b/pkgs/development/libraries/criterion/default.nix
index c2721d3839a..3dc4b462404 100644
--- a/pkgs/development/libraries/criterion/default.nix
+++ b/pkgs/development/libraries/criterion/default.nix
@@ -30,7 +30,7 @@ stdenv.mkDerivation rec {
   cmakeFlags = [ "-DCTESTS=ON" ];
   doCheck = true;
   preCheck = ''
-    export LD_LIBRARY_PATH=`pwd`:$LD_LIBRARY_PATH
+    export LD_LIBRARY_PATH=`pwd`''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH
   '';
   checkTarget = "criterion_tests test";
 
diff --git a/pkgs/development/libraries/cutelyst/default.nix b/pkgs/development/libraries/cutelyst/default.nix
index 6cd464e5539..2cf611eed27 100644
--- a/pkgs/development/libraries/cutelyst/default.nix
+++ b/pkgs/development/libraries/cutelyst/default.nix
@@ -24,7 +24,7 @@ stdenv.mkDerivation rec {
   ];
 
   preBuild = ''
-    export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:`pwd`/Cutelyst:`pwd`/EventLoopEPoll"
+    export LD_LIBRARY_PATH="$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}`pwd`/Cutelyst:`pwd`/EventLoopEPoll"
   '';
 
   postBuild = ''
diff --git a/pkgs/development/libraries/exiv2/default.nix b/pkgs/development/libraries/exiv2/default.nix
index 21f63e07335..425346df816 100644
--- a/pkgs/development/libraries/exiv2/default.nix
+++ b/pkgs/development/libraries/exiv2/default.nix
@@ -69,7 +69,7 @@ stdenv.mkDerivation rec {
     ''}
 
     ${stdenv.lib.optionalString stdenv.isDarwin ''
-      export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH:`pwd`/lib
+      export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH''${DYLD_LIBRARY_PATH:+:}`pwd`/lib
       # Removing tests depending on charset conversion
       substituteInPlace ../test/Makefile --replace "conversions.sh" ""
       rm -f ../tests/bugfixes/redmine/test_issue_460.py
diff --git a/pkgs/development/libraries/glib/default.nix b/pkgs/development/libraries/glib/default.nix
index 4a7d6cce90b..18756213230 100644
--- a/pkgs/development/libraries/glib/default.nix
+++ b/pkgs/development/libraries/glib/default.nix
@@ -160,7 +160,7 @@ stdenv.mkDerivation rec {
   checkInputs = [ tzdata libxml2 desktop-file-utils shared-mime-info ];
 
   preCheck = optionalString doCheck ''
-    export LD_LIBRARY_PATH="$NIX_BUILD_TOP/${pname}-${version}/glib/.libs:$LD_LIBRARY_PATH"
+    export LD_LIBRARY_PATH="$NIX_BUILD_TOP/${pname}-${version}/glib/.libs''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH"
     export TZDIR="${tzdata}/share/zoneinfo"
     export XDG_CACHE_HOME="$TMP"
     export XDG_RUNTIME_HOME="$TMP"
diff --git a/pkgs/development/libraries/grpc/default.nix b/pkgs/development/libraries/grpc/default.nix
index abcd3abaf30..dfec171f1db 100644
--- a/pkgs/development/libraries/grpc/default.nix
+++ b/pkgs/development/libraries/grpc/default.nix
@@ -38,7 +38,7 @@ stdenv.mkDerivation rec {
   '';
 
   preBuild = ''
-    export LD_LIBRARY_PATH=$(pwd):$LD_LIBRARY_PATH
+    export LD_LIBRARY_PATH=$(pwd)''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH
   '';
 
   NIX_CFLAGS_COMPILE = stdenv.lib.optionalString stdenv.cc.isClang "-Wno-error=unknown-warning-option";
diff --git a/pkgs/development/libraries/jsoncpp/default.nix b/pkgs/development/libraries/jsoncpp/default.nix
index 72158e186ac..7b06cc8ad4e 100644
--- a/pkgs/development/libraries/jsoncpp/default.nix
+++ b/pkgs/development/libraries/jsoncpp/default.nix
@@ -23,9 +23,9 @@ stdenv.mkDerivation rec {
   # Hack to be able to run the test, broken because we use
   # CMAKE_SKIP_BUILD_RPATH to avoid cmake resetting rpath on install
   preBuild = if stdenv.isDarwin then ''
-    export DYLD_LIBRARY_PATH="`pwd`/src/lib_json:$DYLD_LIBRARY_PATH"
+    export DYLD_LIBRARY_PATH="`pwd`/src/lib_json''${DYLD_LIBRARY_PATH:+:}$DYLD_LIBRARY_PATH"
   '' else ''
-    export LD_LIBRARY_PATH="`pwd`/src/lib_json:$LD_LIBRARY_PATH"
+    export LD_LIBRARY_PATH="`pwd`/src/lib_json''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH"
   '';
 
   nativeBuildInputs = [ cmake python ];
diff --git a/pkgs/development/libraries/libtins/default.nix b/pkgs/development/libraries/libtins/default.nix
index c90cff31677..60bb092c6fa 100644
--- a/pkgs/development/libraries/libtins/default.nix
+++ b/pkgs/development/libraries/libtins/default.nix
@@ -32,8 +32,8 @@ stdenv.mkDerivation rec {
   enableParallelBuilding = true;
   doCheck = true;
   preCheck = ''
-    export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD${placeholder "out"}/lib
-    export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH:$PWD${placeholder "out"}/lib
+    export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$PWD${placeholder "out"}/lib
+    export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH''${DYLD_LIBRARY_PATH:+:}$PWD${placeholder "out"}/lib
   '';
   checkTarget = "tests test";
 
diff --git a/pkgs/development/libraries/orcania/default.nix b/pkgs/development/libraries/orcania/default.nix
index bc27011c588..2f8765f9a72 100644
--- a/pkgs/development/libraries/orcania/default.nix
+++ b/pkgs/development/libraries/orcania/default.nix
@@ -19,7 +19,7 @@ stdenv.mkDerivation rec {
   doCheck = true;
 
   preCheck = ''
-    export LD_LIBRARY_PATH="$(pwd):$LD_LIBRARY_PATH"
+    export LD_LIBRARY_PATH="$(pwd)''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH"
     export DYLD_FALLBACK_LIBRARY_PATH="$(pwd):$DYLD_FALLBACK_LIBRARY_PATH"
   '';
 
diff --git a/pkgs/development/libraries/qt-4.x/4.8/default.nix b/pkgs/development/libraries/qt-4.x/4.8/default.nix
index 25953949eb7..379f5b3d80e 100644
--- a/pkgs/development/libraries/qt-4.x/4.8/default.nix
+++ b/pkgs/development/libraries/qt-4.x/4.8/default.nix
@@ -125,7 +125,7 @@ stdenv.mkDerivation rec {
       ];
 
   preConfigure = ''
-    export LD_LIBRARY_PATH="`pwd`/lib:$LD_LIBRARY_PATH"
+    export LD_LIBRARY_PATH="`pwd`/lib''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH"
     configureFlags+="
       -docdir $out/share/doc/${name}
       -plugindir $out/lib/qt4/plugins
diff --git a/pkgs/development/libraries/qt-5/modules/qtbase.nix b/pkgs/development/libraries/qt-5/modules/qtbase.nix
index bc23d0f9caf..930c59d347b 100644
--- a/pkgs/development/libraries/qt-5/modules/qtbase.nix
+++ b/pkgs/development/libraries/qt-5/modules/qtbase.nix
@@ -164,7 +164,7 @@ stdenv.mkDerivation {
 
   setOutputFlags = false;
   preConfigure = ''
-    export LD_LIBRARY_PATH="$PWD/lib:$PWD/plugins/platforms:$LD_LIBRARY_PATH"
+    export LD_LIBRARY_PATH="$PWD/lib:$PWD/plugins/platforms''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH"
     ${lib.optionalString (compareVersion "5.9.0" < 0) ''
     # We need to set LD to CXX or otherwise we get nasty compile errors
     export LD=$CXX
diff --git a/pkgs/development/libraries/science/math/arpack/default.nix b/pkgs/development/libraries/science/math/arpack/default.nix
index 36576de0563..89f3aa94247 100644
--- a/pkgs/development/libraries/science/math/arpack/default.nix
+++ b/pkgs/development/libraries/science/math/arpack/default.nix
@@ -30,9 +30,9 @@ stdenv.mkDerivation {
   ];
 
   preCheck = if stdenv.isDarwin then ''
-    export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH:`pwd`/lib
+    export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH''${DYLD_LIBRARY_PATH:+:}`pwd`/lib
   '' else ''
-    export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:`pwd`/lib
+    export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}`pwd`/lib
   '' + ''
     # Prevent tests from using all cores
     export OMP_NUM_THREADS=2
diff --git a/pkgs/development/libraries/science/math/scalapack/default.nix b/pkgs/development/libraries/science/math/scalapack/default.nix
index bff0d9a85fa..fda902f320c 100644
--- a/pkgs/development/libraries/science/math/scalapack/default.nix
+++ b/pkgs/development/libraries/science/math/scalapack/default.nix
@@ -40,7 +40,7 @@ stdenv.mkDerivation rec {
     # Run single threaded
     export OMP_NUM_THREADS=1
 
-    export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:`pwd`/lib
+    export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}`pwd`/lib
   '';
 
   meta = with stdenv.lib; {
diff --git a/pkgs/development/libraries/yder/default.nix b/pkgs/development/libraries/yder/default.nix
index 7025fd2eb1c..5ddb1d1a131 100644
--- a/pkgs/development/libraries/yder/default.nix
+++ b/pkgs/development/libraries/yder/default.nix
@@ -32,7 +32,7 @@ stdenv.mkDerivation rec {
   doCheck = true;
 
   preCheck = ''
-    export LD_LIBRARY_PATH="$(pwd):$LD_LIBRARY_PATH"
+    export LD_LIBRARY_PATH="$(pwd)''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH"
     export DYLD_FALLBACK_LIBRARY_PATH="$(pwd):$DYLD_FALLBACK_LIBRARY_PATH"
   '';
 
diff --git a/pkgs/development/pharo/vm/build-vm.nix b/pkgs/development/pharo/vm/build-vm.nix
index 5fc747cbc8c..38516cc1914 100644
--- a/pkgs/development/pharo/vm/build-vm.nix
+++ b/pkgs/development/pharo/vm/build-vm.nix
@@ -117,7 +117,7 @@ stdenv.mkDerivation rec {
     cat > "$out/bin/${cmd}" <<EOF
     #!${runtimeShell}
     set -f
-    LD_LIBRARY_PATH="\$LD_LIBRARY_PATH:$libs" exec $out/pharo "\$@"
+    LD_LIBRARY_PATH="\$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$libs" exec $out/pharo "\$@"
     EOF
     chmod +x "$out/bin/${cmd}"
     ln -s ${libgit2}/lib/libgit2.so* "$out/"
diff --git a/pkgs/development/python-modules/pytorch/default.nix b/pkgs/development/python-modules/pytorch/default.nix
index d55be70ae49..0556ff93c13 100644
--- a/pkgs/development/python-modules/pytorch/default.nix
+++ b/pkgs/development/python-modules/pytorch/default.nix
@@ -105,7 +105,7 @@ let
     path = "${cudatoolkit}/lib/stubs/libcuda.so";
   }];
   cudaStubEnv = lib.optionalString cudaSupport
-    "LD_LIBRARY_PATH=${cudaStub}\${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH} ";
+    "LD_LIBRARY_PATH=${cudaStub}\${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH ";
 
 in buildPythonPackage rec {
   version = "1.2.0";
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-20 13:02:42 +0000