From 3d44176ec8df49433f1e8e0ee0e437319fe52dac Mon Sep 17 00:00:00 2001
From: Thomas Gerbet <thomas@gerbet.me>
Date: Sat, 15 Jun 2024 12:20:20 +0200
Subject: [PATCH] iniparser: 4.1 -> 4.2.3

Fixes CVE-2023-33461 (and several buffer overflows from what I can see in the changes).

Project is now maintained on GitLab.com.

Changes:
https://gitlab.com/iniparser/iniparser/-/releases/v4.2.3
https://gitlab.com/iniparser/iniparser/-/releases/v4.2.2
https://gitlab.com/iniparser/iniparser/-/releases/v4.2.1
https://gitlab.com/iniparser/iniparser/-/releases/v4.2.0
---
 .../go-package/deepin-pw-check/default.nix    |  4 +-
 .../libraries/iniparser/default.nix           | 98 ++++++++++++-------
 .../libraries/iniparser/iniparser.pc.in       | 12 ---
 .../libraries/iniparser/no-usr.patch          | 13 ---
 .../iniparser/remove-fetchcontent-usage.patch | 17 ++++
 5 files changed, 82 insertions(+), 62 deletions(-)
 delete mode 100644 pkgs/development/libraries/iniparser/iniparser.pc.in
 delete mode 100644 pkgs/development/libraries/iniparser/no-usr.patch
 create mode 100644 pkgs/development/libraries/iniparser/remove-fetchcontent-usage.patch

diff --git a/pkgs/desktops/deepin/go-package/deepin-pw-check/default.nix b/pkgs/desktops/deepin/go-package/deepin-pw-check/default.nix
index d01c45c654d2..fd50f71ac201 100644
--- a/pkgs/desktops/deepin/go-package/deepin-pw-check/default.nix
+++ b/pkgs/desktops/deepin/go-package/deepin-pw-check/default.nix
@@ -41,9 +41,9 @@ buildGoModule rec {
   ];
 
   postPatch = ''
-    sed -i 's|iniparser/||' */*.c
+    sed -i '1i#include <stdlib.h>\n#include <string.h>' tool/pwd_conf_update.c
     substituteInPlace misc/{pkgconfig/libdeepin_pw_check.pc,system-services/org.deepin.dde.PasswdConf1.service} \
-      --replace "/usr" "$out"
+      --replace-fail "/usr" "$out"
   '';
 
   buildPhase = ''
diff --git a/pkgs/development/libraries/iniparser/default.nix b/pkgs/development/libraries/iniparser/default.nix
index 62deaeb1c281..18057753efbd 100644
--- a/pkgs/development/libraries/iniparser/default.nix
+++ b/pkgs/development/libraries/iniparser/default.nix
@@ -1,51 +1,79 @@
-{ lib, stdenv, fetchFromGitHub }:
+{ lib
+, stdenv
+, fetchFromGitLab
+, fetchpatch
+, fetchFromGitHub
+, substituteAll
+, symlinkJoin
+, cmake
+, doxygen
+, ruby
+, validatePkgConfig
+, testers
+}:
 
-stdenv.mkDerivation rec {
+stdenv.mkDerivation (finalAttrs: {
   pname = "iniparser";
-  version = "4.1";
+  version = "4.2.3";
 
-  src = fetchFromGitHub {
-    owner = "ndevilla";
+  src = fetchFromGitLab {
+    owner = "iniparser";
     repo = "iniparser";
-    rev = "v${version}";
-    sha256 = "0dhab6pad6wh816lr7r3jb6z273njlgw2vpw8kcfnmi7ijaqhnr5";
+    rev = "v${finalAttrs.version}";
+    hash = "sha256-rCp9whYPYmVd7saVFILmpdn041u6fYGqe1/Oqc7RaeA=";
   };
 
-  patches = ./no-usr.patch;
+  patches = [
+    (fetchpatch {
+      name = "fix-paths-pkgconfig-file.patch";
+      url = "https://gitlab.com/iniparser/iniparser/-/commit/6a76cd5e97b32014b22d87039bf6f4ee425c79a2.patch";
+      hash = "sha256-KlTxeOzwBZiLNmuwbbem5c/xspxsflyYfeUaQnGyarI=";
+    })
+  ] ++ lib.optionals finalAttrs.doCheck [
+    (substituteAll {
+      # Do not let cmake's fetchContent download unity
+      src = ./remove-fetchcontent-usage.patch;
+      unitySrc = symlinkJoin {
+        name = "unity-with-iniparser-config";
+        paths = [
+          (fetchFromGitHub {
+            owner = "throwtheswitch";
+            repo = "unity";
+            rev = "v2.6.0";
+            hash = "sha256-SCcUGNN/UJlu3ALJiZ9bQKxYRZey3cm9QG+NOehp6Ow=";
+          })
+        ];
+        postBuild = ''
+          ln -s ${finalAttrs.src}/test/unity_config.h $out/src/unity_config.h
+        '';
+      };
+    })
+  ];
 
-  postPatch = lib.optionalString stdenv.isDarwin ''
-    substituteInPlace Makefile \
-        --replace -Wl,-soname= -Wl,-install_name,
+  nativeBuildInputs = [ cmake doxygen validatePkgConfig ] ++ lib.optionals finalAttrs.doCheck [ ruby ];
+
+  cmakeFlags = [
+    "-DBUILD_TESTING=${if finalAttrs.doCheck then "ON" else "OFF"}"
+  ];
+
+  doCheck = false;
+
+  postFixup = ''
+    ln -sv $out/include/iniparser/*.h $out/include/
   '';
 
-  doCheck = true;
-  preCheck = "patchShebangs test/make-tests.sh";
-
-  installPhase = ''
-    mkdir -p $out/lib
-
-    mkdir -p $out/include
-    cp src/*.h $out/include
-
-    mkdir -p $out/share/doc/${pname}-${version}
-    for i in AUTHORS INSTALL LICENSE README.md; do
-      bzip2 -c -9 $i > $out/share/doc/${pname}-${version}/$i.bz2;
-    done;
-    cp -r html $out/share/doc/${pname}-${version}
-
-    cp libiniparser.a $out/lib
-    cp libiniparser.so.1 $out/lib
-    ln -s libiniparser.so.1 $out/lib/libiniparser.so
-
-    mkdir -p $out/lib/pkgconfig
-    substituteAll ${./iniparser.pc.in} $out/lib/pkgconfig/iniparser.pc
-  '';
+  passthru.tests = {
+    pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage;
+    iniparser-with-tests = finalAttrs.overrideAttrs (_: { doCheck = true; });
+  };
 
   meta = with lib; {
-    inherit (src.meta) homepage;
+    homepage = "https://gitlab.com/iniparser/iniparser";
     description = "Free standalone ini file parsing library";
+    changelog = "https://gitlab.com/iniparser/iniparser/-/releases/v${finalAttrs.version}";
     license = licenses.mit;
     platforms = platforms.unix;
+    pkgConfigModules = [ "iniparser" ];
     maintainers = [ maintainers.primeos ];
   };
-}
+})
diff --git a/pkgs/development/libraries/iniparser/iniparser.pc.in b/pkgs/development/libraries/iniparser/iniparser.pc.in
deleted file mode 100644
index fb94188fff71..000000000000
--- a/pkgs/development/libraries/iniparser/iniparser.pc.in
+++ /dev/null
@@ -1,12 +0,0 @@
-prefix=@out@
-exec_prefix=@out@
-libdir=${exec_prefix}/lib
-includedir=${prefix}/include
-datarootdir=${prefix}/share
-datadir=${datarootdir}
-
-Name: libiniparser
-Description: Iniparser library
-Version: @version@
-Libs: -L${libdir} -liniparser
-Cflags: -I${includedir}
diff --git a/pkgs/development/libraries/iniparser/no-usr.patch b/pkgs/development/libraries/iniparser/no-usr.patch
deleted file mode 100644
index a3c568cdde43..000000000000
--- a/pkgs/development/libraries/iniparser/no-usr.patch
+++ /dev/null
@@ -1,13 +0,0 @@
---- a/Makefile	2017-10-20 20:30:41.494608284 +0200
-+++ b/Makefile	2017-10-20 20:33:22.279212026 +0200
-@@ -20,8 +20,8 @@
- ARFLAGS = rcv
- 
- SHLD = ${CC} ${CFLAGS}
--LDSHFLAGS = -shared -Wl,-Bsymbolic
--LDFLAGS += -Wl,-rpath -Wl,/usr/lib -Wl,-rpath,/usr/lib
-+LDSHFLAGS = -shared
-+LDFLAGS =
- 
- # .so.0 is for version 3.x, .so.1 is 4.x
- SO_TARGET ?= libiniparser.so.1
diff --git a/pkgs/development/libraries/iniparser/remove-fetchcontent-usage.patch b/pkgs/development/libraries/iniparser/remove-fetchcontent-usage.patch
new file mode 100644
index 000000000000..db96c37e6b2c
--- /dev/null
+++ b/pkgs/development/libraries/iniparser/remove-fetchcontent-usage.patch
@@ -0,0 +1,17 @@
+diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt
+index b28d151..33a6bcf 100644
+--- a/test/CMakeLists.txt
++++ b/test/CMakeLists.txt
+@@ -28,10 +28,8 @@ set(FETCHCONTENT_QUIET OFF)
+ 
+ FetchContent_Declare(
+   unity
+-  GIT_REPOSITORY "https://github.com/throwtheswitch/unity.git"
+-  GIT_PROGRESS TRUE
+-  PATCH_COMMAND ${CMAKE_COMMAND} -E copy
+-                ${CMAKE_CURRENT_LIST_DIR}/unity_config.h ./src/)
++  SOURCE_DIR @unitySrc@
++)
+ 
+ FetchContent_MakeAvailable(unity)
+ target_compile_definitions(unity PUBLIC UNITY_INCLUDE_CONFIG_H)