scripts: Don't add an empty entry to LD_LIBRARY_PATH

LD_LIBRARY_PATH="/path/to/lib:" is interpreted as equivalent to
LD_LIBRARY_PATH="/path/to/lib:.", loading libraries from the current
working directory, which could lead to malicious libraries being loaded
if the current working directory is untrusted. To avoid this, only add
the current LD_LIBRARY_PATH to the new LD_LIBRARY_PATH if it is
actually set.

This commit also single-quotes the interpolated @VARIABLES@ so that
their values can contain shell special characters (other than single
quotes).

Signed-off-by: Simon McVittie <smcv@debian.org>

pipewire-jack/src/pw-jack.in

@@ -53,7 +53,7 @@ done
 
 shift $(( $OPTIND - 1 ))
 
-LD_LIBRARY_PATH=@LIBJACK_PATH@:$LD_LIBRARY_PATH
+LD_LIBRARY_PATH='@LIBJACK_PATH@'"${LD_LIBRARY_PATH+":$LD_LIBRARY_PATH"}"
 export LD_LIBRARY_PATH
 
 exec "$@"

pipewire-pulseaudio/src/pw-pulse.in

@@ -53,7 +53,7 @@ done
 
 shift $(( $OPTIND - 1 ))
 
-LD_LIBRARY_PATH=@LIBPULSE_PATH@:$LD_LIBRARY_PATH
+LD_LIBRARY_PATH='@LIBPULSE_PATH@'"${LD_LIBRARY_PATH+":$LD_LIBRARY_PATH"}"
 export LD_LIBRARY_PATH
 
 exec "$@"

pw-uninstalled.sh

@@ -35,8 +35,8 @@ export PIPEWIRE_CONFIG_FILE="${BUILDDIR}/src/daemon/pipewire.conf"
 export SPA_PLUGIN_DIR="${BUILDDIR}/spa/plugins"
 export PIPEWIRE_MODULE_DIR="${BUILDDIR}/src/modules"
 export PATH="${BUILDDIR}/src/daemon:${BUILDDIR}/src/tools:${BUILDDIR}/src/examples:${PATH}"
-export LD_LIBRARY_PATH="${BUILDDIR}/pipewire-pulseaudio/src/:${BUILDDIR}/src/pipewire/:${BUILDDIR}/pipewire-jack/src/:${LD_LIBRARY_PATH}"
-export GST_PLUGIN_PATH="${BUILDDIR}/src/gst/:${GST_PLUGIN_PATH}"
+export LD_LIBRARY_PATH="${BUILDDIR}/pipewire-pulseaudio/src/:${BUILDDIR}/src/pipewire/:${BUILDDIR}/pipewire-jack/src/${LD_LIBRARY_PATH+":$LD_LIBRARY_PATH"}"
+export GST_PLUGIN_PATH="${BUILDDIR}/src/gst/${GST_PLUGIN_PATH+":${GST_PLUGIN_PATH}"}"
 
 # FIXME: find a nice, shell-neutral way to specify a prompt
 ${SHELL}