1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-28 08:31:59 +00:00
nixpkgs/pkgs/development/libraries/boxfort/default.nix
Anders Kaseorg 3cd8ce3bce treewide: Fix unsafe concatenation of $LD_LIBRARY_PATH
Naive concatenation of $LD_LIBRARY_PATH can result in an empty
colon-delimited segment; this tells glibc to load libraries from the
current directory, which is definitely wrong, and may be a security
vulnerability if the current directory is untrusted.  (See #67234, for
example.)  Fix this throughout the tree.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2020-01-15 09:47:03 +01:00

48 lines
1 KiB
Nix

{ stdenv, fetchFromGitHub, cmake, pkg-config, gettext, libcsptr, dyncall
, nanomsg, python37Packages }:
stdenv.mkDerivation rec {
version = "unstable-2019-09-19";
pname = "boxfort";
src = fetchFromGitHub {
owner = "Snaipe";
repo = "BoxFort";
rev = "926bd4ce968592dbbba97ec1bb9aeca3edf29b0d";
sha256 = "0mzy4f8qij6ckn5578y3l4rni2470pdkjy5xww7ak99l1kh3p3v6";
};
enableParallelBuilding = true;
nativeBuildInputs = [ cmake pkg-config ];
buildInputs = [
dyncall
gettext
libcsptr
nanomsg
];
checkInputs = with python37Packages; [ cram ];
cmakeFlags = [ "-DBXF_FORK_RESILIENCE=OFF" ];
doCheck = true;
preCheck = ''
export LD_LIBRARY_PATH=`pwd`''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH
'';
outputs = [ "dev" "out" ];
meta = with stdenv.lib; {
description = "Convenient & cross-platform sandboxing C library";
homepage = "https://github.com/Snaipe/BoxFort";
license = licenses.mit;
maintainers = with maintainers; [
thesola10
Yumasi
];
platforms = platforms.unix;
};
}