Index: configure
===================================================================
RCS file: /cvs/mandoc/configure,v
retrieving revision 1.77
diff -r1.77 configure
464c464,469
< [ -n "${HOMEBREWDIR}" ] && echo "#define HOMEBREWDIR \"${HOMEBREWDIR}\""
---
> if [ -n "${HOMEBREWDIR}" ]; then
>   # support deprecated configuration variable HOMEBREWDIR
>   # by appending it to READ_ALLOWED_PATH
>   READ_ALLOWED_PATH="${READ_ALLOWED_PATH:+$READ_ALLOWED_PATH:}${HOMEBREWDIR}"
> fi
> [ -n "${READ_ALLOWED_PATH}" ] && echo "#define READ_ALLOWED_PATH \"${READ_ALLOWED_PATH}\""
Index: configure.local.example
===================================================================
RCS file: /cvs/mandoc/configure.local.example,v
retrieving revision 1.39
diff -r1.39 configure.local.example
214,216c214,220
< # into the manual trees.  To allow mandoc to follow such symlinks,
< # you have to specify the physical location of the cellar as returned
< # by realpath(3), for example:
---
> # into the manual trees.  A similar situation arises on Linux
> # distribution such as NixOS and Guix where all man pages are in a
> # so-called “store” directory which are then symlinked into the man
> # basedir. To allow mandoc to follow such symlinks, you have to specify
> # the physical location of the cellar / store directory as returned by
> # realpath(3) like in the following example. You can specify multiple
> # locations by separating them with colons.
219c223
< HOMEBREWDIR="${PREFIX}/Cellar"
---
> READ_ALLOWED_PATH="/nix/store:/gnu/store:${PREFIX}/Cellar"
Index: mandocdb.c
===================================================================
RCS file: /cvs/mandoc/mandocdb.c,v
retrieving revision 1.267
diff -r1.267 mandocdb.c
167a168
> static	ssize_t	 read_allowed(char *);
614,618c615
< 			if (strncmp(buf, basedir, basedir_len) != 0
< #ifdef HOMEBREWDIR
< 			    && strncmp(buf, HOMEBREWDIR, strlen(HOMEBREWDIR))
< #endif
< 			) {
---
> 			if (read_allowed(buf) == -1) {
788a786
> 	ssize_t		 prefix_len;
824,829c822,823
< 	else if (strncmp(usefile, basedir, basedir_len) == 0)
< 		start = usefile + basedir_len;
< #ifdef HOMEBREWDIR
< 	else if (strncmp(usefile, HOMEBREWDIR, strlen(HOMEBREWDIR)) == 0)
< 		start = usefile;
< #endif
---
> 	else if ((prefix_len = read_allowed(usefile)) != -1)
> 		start = usefile + prefix_len;
1947a1942,1980
> }
> 
> /*
>  * Checks if we may read from a given realpath when
>  * constructing a database. This checks if the given
>  * path is in the current set basedir or any directory
>  * in READ_ALLOWED_PATH if it is defined.
>  *
>  * Returns -1 if reading is not allowed, the length
>  * of the allowed directory part of the realpath if
>  * reading is allowed. Note that stripping a prefix of
>  * this length is only guaranteed to be a man dir if
>  * the file is in basedir.
>  */
> static ssize_t
> read_allowed(char *realpath)
> {
> 	// if we have no basedir, don't check
> 	if(basedir_len == 0 || basedir == NULL || *basedir == '\0')
> 		return basedir_len;
> 
> 	if(strncmp(realpath, basedir, basedir_len) == 0)
> 		return basedir_len;
> 
> #ifdef READ_ALLOWED_PATH
> 	const char *pb = READ_ALLOWED_PATH;
> 
> 	while (*pb != '\0') {
> 		size_t len = strcspn(pb, ":");
> 
> 		if (len > 0 && strncmp(realpath, pb, len) == 0)
> 			return len;
> 
> 		pb += len;
> 		pb += strspn(pb, ":");
> 	}
> #endif
> 
> 	return -1;