nixpkgs/pkgs/development/libraries/orcania/default.nix
Anders Kaseorg 3cd8ce3bce treewide: Fix unsafe concatenation of $LD_LIBRARY_PATH
Naive concatenation of $LD_LIBRARY_PATH can result in an empty
colon-delimited segment; this tells glibc to load libraries from the
current directory, which is definitely wrong, and may be a security
vulnerability if the current directory is untrusted.  (See #67234, for
example.)  Fix this throughout the tree.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2020-01-15 09:47:03 +01:00

32 lines
893 B
Nix

{ stdenv, fetchFromGitHub, cmake, check, subunit }:
stdenv.mkDerivation rec {
pname = "orcania";
version = "2.1.0";
src = fetchFromGitHub {
owner = "babelouest";
repo = pname;
rev = "v${version}";
sha256 = "1zp2rk267dfmfap6qsyn7maivrpid8s3rkicwk1q5v6j20cgh1f8";
};
nativeBuildInputs = [ cmake ];
checkInputs = [ check subunit ];
cmakeFlags = [ "-DBUILD_ORCANIA_TESTING=on" ];
doCheck = true;
preCheck = ''
export LD_LIBRARY_PATH="$(pwd)''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH"
export DYLD_FALLBACK_LIBRARY_PATH="$(pwd):$DYLD_FALLBACK_LIBRARY_PATH"
'';
meta = with stdenv.lib; {
description = "Potluck with different functions for different purposes that can be shared among C programs";
homepage = "https://github.com/babelouest/orcania";
license = licenses.lgpl21;
maintainers = with maintainers; [ johnazoidberg ];
};
}