From 50c332ebd9f0235785d5077756f3ba27fbbcff4e Mon Sep 17 00:00:00 2001
From: Tobias Mayer <tobim@fastmail.fm>
Date: Sun, 28 Jul 2024 16:33:28 +0200
Subject: [PATCH] rapidjson: 1.1.0 -> unstable-2024-04-09, rapidjson-unstable:
 drop

The last oficial release of rapidjson is 8 years old, development has
continued without releases since then. The old version is affected
by CVE-2024-38517.

https://www.opencve.io/cve/CVE-2024-38517
---
 .../libraries/rapidjson/default.nix           | 89 +++++++++++--------
 .../libraries/rapidjson/unstable.nix          | 80 -----------------
 pkgs/development/rocm-modules/5/default.nix   |  2 -
 pkgs/development/rocm-modules/6/default.nix   |  2 -
 pkgs/top-level/aliases.nix                    |  1 +
 pkgs/top-level/all-packages.nix               |  2 -
 6 files changed, 53 insertions(+), 123 deletions(-)
 delete mode 100644 pkgs/development/libraries/rapidjson/unstable.nix

diff --git a/pkgs/development/libraries/rapidjson/default.nix b/pkgs/development/libraries/rapidjson/default.nix
index edd427da725d..dcec1e25f700 100644
--- a/pkgs/development/libraries/rapidjson/default.nix
+++ b/pkgs/development/libraries/rapidjson/default.nix
@@ -1,65 +1,80 @@
 { lib
 , stdenv
 , fetchFromGitHub
-, fetchpatch
-, pkg-config
 , cmake
+, doxygen
+, graphviz
 , gtest
 , valgrind
+, buildDocs ? true
+, buildTests ? !stdenv.hostPlatform.isStatic && !stdenv.isDarwin
+, buildExamples ? true
 }:
 
-stdenv.mkDerivation rec {
+stdenv.mkDerivation (finalAttrs: {
   pname = "rapidjson";
-  version = "1.1.0";
+  version = "unstable-2024-04-09";
+
+  outputs = [
+    "out"
+  ] ++ lib.optionals buildDocs [
+    "doc"
+  ] ++ lib.optionals buildExamples [
+    "example"
+  ];
 
   src = fetchFromGitHub {
     owner = "Tencent";
     repo = "rapidjson";
-    rev = "v${version}";
-    sha256 = "1jixgb8w97l9gdh3inihz7avz7i770gy2j2irvvlyrq3wi41f5ab";
+    rev = "ab1842a2dae061284c0a62dca1cc6d5e7e37e346";
+    hash = "sha256-kAGVJfDHEUV2qNR1LpnWq3XKBJy4hD3Swh6LX5shJpM=";
   };
 
-  patches = [
-    (fetchpatch {
-      url = "https://src.fedoraproject.org/rpms/rapidjson/raw/48402da9f19d060ffcd40bf2b2e6987212c58b0c/f/rapidjson-1.1.0-c++20.patch";
-      sha256 = "1qm62iad1xfsixv1li7qy475xc7gc04hmi2q21qdk6l69gk7mf82";
-    })
-    (fetchpatch {
-      name = "do-not-include-gtest-src-dir.patch";
-      url = "https://git.alpinelinux.org/aports/plain/community/rapidjson/do-not-include-gtest-src-dir.patch?id=9e5eefc7a5fcf5938a8dc8a3be8c75e9e6809909";
-      hash = "sha256-BjSZEwfCXA/9V+kxQ/2JPWbc26jQn35CfN8+8NW24s4=";
-    })
-    # One of these three tests reports memcpy overlap after update to glibc-2.38
-    ./test-skip-valgrind.diff
+  patches = lib.optionals buildTests [
+    ./0000-unstable-use-nixpkgs-gtest.patch
+    # https://github.com/Tencent/rapidjson/issues/2214
+    ./0001-unstable-valgrind-suppress-failures.patch
   ];
 
-  postPatch = ''
-    find -name CMakeLists.txt | xargs \
-      sed -i -e "s/-Werror//g" -e "s/-march=native//g"
-  '';
+  nativeBuildInputs = [
+    cmake
+  ] ++ lib.optionals buildDocs [
+    doxygen
+    graphviz
+  ];
 
-  nativeBuildInputs = [ pkg-config cmake ];
-
-  # for tests, adding gtest to checkInputs does not work
-  # https://github.com/NixOS/nixpkgs/pull/212200
-  buildInputs = [ gtest ];
   cmakeFlags = [
-    "-DGTEST_SOURCE_DIR=${gtest.dev}/include"
-
-    # Build rapidjson with std=c++17 so gtest 1.13.0+ works
-    # https://github.com/NixOS/nixpkgs/pull/282245#issuecomment-1951796902
-    "-DRAPIDJSON_BUILD_CXX11=OFF"
-    "-DRAPIDJSON_BUILD_CXX17=ON"
+    (lib.cmakeBool "RAPIDJSON_BUILD_DOC" buildDocs)
+    (lib.cmakeBool "RAPIDJSON_BUILD_TESTS" buildTests)
+    (lib.cmakeBool "RAPIDJSON_BUILD_EXAMPLES" buildExamples)
+    # gtest 1.13+ requires C++14 or later.
+    (lib.cmakeBool "RAPIDJSON_BUILD_CXX11" false)
+    (lib.cmakeBool "RAPIDJSON_BUILD_CXX17" true)
+  ] ++ lib.optionals buildTests [
+    (lib.cmakeFeature "GTEST_INCLUDE_DIR" "${lib.getDev gtest}")
   ];
 
-  nativeCheckInputs = [ valgrind ];
-  doCheck = !stdenv.hostPlatform.isStatic && !stdenv.isDarwin;
+  doCheck = buildTests;
+
+  nativeCheckInputs = [
+    gtest
+    valgrind
+  ];
+
+  postInstall = lib.optionalString buildExamples ''
+    mkdir -p $example/bin
+
+    find bin -type f -executable \
+      -not -name "perftest" \
+      -not -name "unittest" \
+      -exec cp -a {} $example/bin \;
+  '';
 
   meta = with lib; {
     description = "Fast JSON parser/generator for C++ with both SAX/DOM style API";
     homepage = "http://rapidjson.org/";
     license = licenses.mit;
     platforms = platforms.unix;
-    maintainers = with maintainers; [ dotlambda ];
+    maintainers = with maintainers; [ dotlambda Madouura tobim ];
   };
-}
+})
diff --git a/pkgs/development/libraries/rapidjson/unstable.nix b/pkgs/development/libraries/rapidjson/unstable.nix
deleted file mode 100644
index fd7ffe61ba39..000000000000
--- a/pkgs/development/libraries/rapidjson/unstable.nix
+++ /dev/null
@@ -1,80 +0,0 @@
-{ lib
-, stdenv
-, fetchFromGitHub
-, cmake
-, doxygen
-, graphviz
-, gtest
-, valgrind
-, buildDocs ? true
-, buildTests ? !stdenv.hostPlatform.isStatic && !stdenv.isDarwin
-, buildExamples ? true
-}:
-
-stdenv.mkDerivation (finalAttrs: {
-  pname = "rapidjson";
-  version = "unstable-2023-09-28";
-
-  outputs = [
-    "out"
-  ] ++ lib.optionals buildDocs [
-    "doc"
-  ] ++ lib.optionals buildExamples [
-    "example"
-  ];
-
-  src = fetchFromGitHub {
-    owner = "Tencent";
-    repo = "rapidjson";
-    rev = "f9d53419e912910fd8fa57d5705fa41425428c35";
-    hash = "sha256-rl7iy14jn1K2I5U2DrcZnoTQVEGEDKlxmdaOCF/3hfY=";
-  };
-
-  patches = lib.optionals buildTests [
-    ./0000-unstable-use-nixpkgs-gtest.patch
-    # https://github.com/Tencent/rapidjson/issues/2214
-    ./0001-unstable-valgrind-suppress-failures.patch
-  ];
-
-  nativeBuildInputs = [
-    cmake
-  ] ++ lib.optionals buildDocs [
-    doxygen
-    graphviz
-  ];
-
-  cmakeFlags = [
-    (lib.cmakeBool "RAPIDJSON_BUILD_DOC" buildDocs)
-    (lib.cmakeBool "RAPIDJSON_BUILD_TESTS" buildTests)
-    (lib.cmakeBool "RAPIDJSON_BUILD_EXAMPLES" buildExamples)
-    # gtest 1.13+ requires C++14 or later.
-    (lib.cmakeBool "RAPIDJSON_BUILD_CXX11" false)
-    (lib.cmakeBool "RAPIDJSON_BUILD_CXX17" true)
-  ] ++ lib.optionals buildTests [
-    (lib.cmakeFeature "GTEST_INCLUDE_DIR" "${lib.getDev gtest}")
-  ];
-
-  doCheck = buildTests;
-
-  nativeCheckInputs = [
-    gtest
-    valgrind
-  ];
-
-  postInstall = lib.optionalString buildExamples ''
-    mkdir -p $example/bin
-
-    find bin -type f -executable \
-      -not -name "perftest" \
-      -not -name "unittest" \
-      -exec cp -a {} $example/bin \;
-  '';
-
-  meta = with lib; {
-    description = "Fast JSON parser/generator for C++ with both SAX/DOM style API";
-    homepage = "http://rapidjson.org/";
-    license = licenses.mit;
-    platforms = platforms.unix;
-    maintainers = with maintainers; [ Madouura ];
-  };
-})
diff --git a/pkgs/development/rocm-modules/5/default.nix b/pkgs/development/rocm-modules/5/default.nix
index 7f48c4d034ce..c1ffd01c8061 100644
--- a/pkgs/development/rocm-modules/5/default.nix
+++ b/pkgs/development/rocm-modules/5/default.nix
@@ -10,7 +10,6 @@
 , opencv
 , ffmpeg_4
 , libjpeg_turbo
-, rapidjson-unstable
 }:
 
 let
@@ -304,7 +303,6 @@ in rec {
     inherit (llvm) clang openmp;
     opencv = opencv.override { enablePython = true; };
     ffmpeg = ffmpeg_4;
-    rapidjson = rapidjson-unstable;
     stdenv = llvm.rocmClangStdenv;
 
     # Unfortunately, rocAL needs a custom libjpeg-turbo until further notice
diff --git a/pkgs/development/rocm-modules/6/default.nix b/pkgs/development/rocm-modules/6/default.nix
index ad7ff7d1d1ed..6825a8bf860d 100644
--- a/pkgs/development/rocm-modules/6/default.nix
+++ b/pkgs/development/rocm-modules/6/default.nix
@@ -10,7 +10,6 @@
 , opencv
 , ffmpeg_4
 , libjpeg_turbo
-, rapidjson-unstable
 }:
 
 let
@@ -303,7 +302,6 @@ in rec {
     inherit (llvm) clang openmp;
     opencv = opencv.override { enablePython = true; };
     ffmpeg = ffmpeg_4;
-    rapidjson = rapidjson-unstable;
     stdenv = llvm.rocmClangStdenv;
 
     # Unfortunately, rocAL needs a custom libjpeg-turbo until further notice
diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix
index c10305494b1d..b6be6867a493 100644
--- a/pkgs/top-level/aliases.nix
+++ b/pkgs/top-level/aliases.nix
@@ -1232,6 +1232,7 @@ mapAliases ({
   radicle-upstream = throw "'radicle-upstream' was sunset, see <https://community.radworks.org/t/2962>"; # Added 2024-05-04
   railway-travel = diebahn; # Added 2024-04-01
   rambox-pro = rambox; # Added 2022-12-12
+  rapidjson-unstable = lib.warn "'rapidjson-unstable' has been renamed to 'rapidjson'" rapidjson; # Added 2024-07-28
   rarian = throw "rarian has been removed as unused"; # Added 2023-07-05
   rccl = throw "'rccl' has been replaced with 'rocmPackages.rccl'"; # Added 2023-10-08
   rdc = throw "'rdc' has been replaced with 'rocmPackages.rdc'"; # Added 2023-10-08
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index c9ce5f68c609..329190fa2120 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -23659,8 +23659,6 @@ with pkgs;
 
   rapidjson = callPackage ../development/libraries/rapidjson { };
 
-  rapidjson-unstable = callPackage ../development/libraries/rapidjson/unstable.nix { };
-
   rapidxml = callPackage ../development/libraries/rapidxml { };
 
   rapidyaml = callPackage ../development/libraries/rapidyaml {};