nixpkgs/pkgs/tools
Anders Kaseorg e12f4db556 treewide: Fix unsafe concatenation of $LD_LIBRARY_PATH, round 2
Naive concatenation of $LD_LIBRARY_PATH can result in an empty
colon-delimited segment; this tells glibc to load libraries from the
current directory, which is definitely wrong, and may be a security
vulnerability if the current directory is untrusted.  (See #67234, for
example.)  Fix this throughout the tree.

Followup to #76804.  Fixes #144646.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2021-11-04 16:15:05 -07:00
..
admin Merge master into staging-next 2021-11-01 00:01:32 +00:00
archivers Merge pull request #141081 from trofi/fix-p7zip-determinism 2021-10-09 13:19:15 +00:00
audio Merge remote-tracking branch 'origin/master' into staging-next 2021-10-28 19:51:45 +02:00
backup Merge pull request #143614 from ZJvandeWeg/zj-update-duplicity-homepage 2021-10-29 17:46:24 +08:00
bluetooth
bootloaders/refind
cd-dvd ventoy-bin: 1.0.51 -> 1.0.56 (#141616) 2021-10-26 16:43:43 +02:00
compression Merge branch 'master' into staging-next 2021-10-19 19:24:43 +02:00
filesystems Merge master into staging-next 2021-10-30 00:01:30 +00:00
games treewide: Fix unsafe concatenation of $LD_LIBRARY_PATH, round 2 2021-11-04 16:15:05 -07:00
graphics Merge master into staging-next 2021-10-31 18:01:01 +00:00
inputmethods Merge pull request #142810 from bobby285271/pantheon 2021-10-28 08:16:34 +08:00
misc Merge pull request #144163 from SuperSandro2000/zoxide 2021-11-02 10:03:03 +01:00
networking Merge master into staging-next 2021-11-02 06:01:22 +00:00
nix statix: 0.3.4 -> 0.3.5 2021-11-01 12:19:13 -04:00
package-management Merge pull request #144046 from symphorien/nix-du-0.4 2021-10-31 23:35:07 +01:00
security Merge pull request #143457 from ck3d/pinentry-1.2.0 2021-11-01 22:18:08 +01:00
system datefudge: work correctly even if GNU date is not in PATH (#94045) 2021-11-01 21:15:50 +01:00
text Merge master into staging-next 2021-11-01 18:01:02 +00:00
toml2nix
typesetting Merge master into staging-next 2021-10-25 00:01:32 +00:00
video rav1e: switch to fetchCrate 2021-10-08 09:26:41 -04:00
virtualization distrobuilder: 1.3 -> 2.0 2021-10-29 10:03:44 +00:00
wayland cliphist: 0.1.0 -> 0.3.0 2021-10-29 07:14:43 +00:00
X11 xinput_calibrator: switch to fetchFromGitHub 2021-10-24 15:13:07 +02:00