forked from mirrors/nixpkgs
665dfc26ed
Naive concatenation of $LD_LIBRARY_PATH can result in an empty colon-delimited segment; this tells glibc to load libraries from the current directory, which is definitely wrong, and may be a security vulnerability if the current directory is untrusted. This particular case probably has no security relevance, but we should avoid this unsafe pattern anyway in case it gets copied. See #76804. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
30 lines
749 B
Nix
30 lines
749 B
Nix
{ stdenv, fetchFromGitHub, cmake }:
|
|
|
|
stdenv.mkDerivation rec {
|
|
pname = "libversion";
|
|
version = "3.0.1";
|
|
|
|
src = fetchFromGitHub {
|
|
owner = "repology";
|
|
repo = "libversion";
|
|
rev = version;
|
|
sha256 = "13x5djdpv6aryxsbw6a3b6vwzi9f4aa3gn9dqb7axzppggayawyk";
|
|
};
|
|
|
|
nativeBuildInputs = [ cmake ];
|
|
|
|
preCheck = ''
|
|
export LD_LIBRARY_PATH=/build/source/build/libversion/''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH
|
|
'';
|
|
doCheck = true;
|
|
checkTarget = "test";
|
|
|
|
meta = with stdenv.lib; {
|
|
description = "Advanced version string comparison library";
|
|
homepage = "https://github.com/repology/libversion";
|
|
license = with licenses; [ mit ];
|
|
maintainers = with maintainers; [ ryantm ];
|
|
platforms = platforms.unix;
|
|
};
|
|
}
|