From 511fe52b0216a5950063d60191407795b96869ee Mon Sep 17 00:00:00 2001
From: Bernhard M. Wiedemann <bwiedemann@suse.de>
Date: Jan 17 2024 18:33:26 +0000
Subject: update
---
diff --git a/.files b/.files
index c2e33a0..6c19027 100644
Binary files a/.files and b/.files differ
diff --git a/.rev b/.rev
index 3f68ce8..034dbd6 100644
--- a/.rev
+++ b/.rev
@@ -105,4 +105,12 @@ This submission addresses the comments from https://build.opensuse.org/request/s
<comment></comment>
<requestid>907495</requestid>
</revision>
+ <revision rev="14" vrev="2">
+ <srcmd5>559b9271eb43881012971b3f207b4842</srcmd5>
+ <version>3.6.5</version>
+ <time>1703024136</time>
+ <user>anag+factory</user>
+ <comment></comment>
+ <requestid>1133891</requestid>
+ </revision>
</revisionlist>
diff --git a/libsass-CVE-2022-43357,CVE-2022-43358,CVE-2022-26592.patch b/libsass-CVE-2022-43357,CVE-2022-43358,CVE-2022-26592.patch
new file mode 100644
index 0000000..92114b4
--- /dev/null
+++ b/libsass-CVE-2022-43357,CVE-2022-43358,CVE-2022-26592.patch
@@ -0,0 +1,123 @@
+From 5bb0ea0c4b2ebebe542933f788ffacba459a717a Mon Sep 17 00:00:00 2001
+From: Marcel Greter <marcel.greter@ocbnet.ch>
+Date: Thu, 14 Dec 2023 14:40:04 +0100
+Subject: [PATCH] Fix most urgent issues in 2023
+
+- Fix recursion when resolving parents
+- Fix potential memory leak in `sass_not`
+- Fix potential NPE in selector list inspector
+---
+ src/ast_selectors.cpp | 14 ++++++++------
+ src/debugger.hpp | 1 +
+ src/fn_miscs.cpp | 12 ++++++++----
+ src/inspect.cpp | 3 ++-
+ 4 files changed, 19 insertions(+), 11 deletions(-)
+
+diff --git a/src/ast_selectors.cpp b/src/ast_selectors.cpp
+index c142842975..f5a4867e9e 100644
+--- a/src/ast_selectors.cpp
++++ b/src/ast_selectors.cpp
+@@ -868,7 +868,7 @@ namespace Sass {
+ for (SimpleSelectorObj simple : elements()) {
+ if (PseudoSelector * pseudo = Cast<PseudoSelector>(simple)) {
+ if (SelectorList* sel = Cast<SelectorList>(pseudo->selector())) {
+- if (parent) {
++ if (parent && !parent->has_real_parent_ref()) {
+ pseudo->selector(sel->resolve_parent_refs(
+ pstack, traces, implicit_parent));
+ }
+@@ -976,20 +976,22 @@ namespace Sass {
+ }
+
+ /* better return sass::vector? only - is empty container anyway? */
+- SelectorList* ComplexSelector::resolve_parent_refs(SelectorStack pstack, Backtraces& traces, bool implicit_parent)
++ SelectorList* ComplexSelector::resolve_parent_refs(
++ SelectorStack pstack, Backtraces& traces, bool implicit_parent)
+ {
+
+ sass::vector<sass::vector<ComplexSelectorObj>> vars;
+
+ auto parent = pstack.back();
++ auto hasRealParent = has_real_parent_ref();
+
+- if (has_real_parent_ref() && !parent) {
++ if (hasRealParent && !parent) {
+ throw Exception::TopLevelParent(traces, pstate());
+ }
+
+ if (!chroots() && parent) {
+
+- if (!has_real_parent_ref() && !implicit_parent) {
++ if (!hasRealParent && !implicit_parent) {
+ SelectorList* retval = SASS_MEMORY_NEW(SelectorList, pstate(), 1);
+ retval->append(this);
+ return retval;
+@@ -1020,10 +1022,10 @@ namespace Sass {
+ for (auto items : res) {
+ if (items.size() > 0) {
+ ComplexSelectorObj first = SASS_MEMORY_COPY(items[0]);
+- first->hasPreLineFeed(first->hasPreLineFeed() || (!has_real_parent_ref() && hasPreLineFeed()));
++ first->hasPreLineFeed(first->hasPreLineFeed() || (!hasRealParent && hasPreLineFeed()));
+ // ToDo: remove once we know how to handle line feeds
+ // ToDo: currently a mashup between ruby and dart sass
+- // if (has_real_parent_ref()) first->has_line_feed(false);
++ // if (hasRealParent) first->has_line_feed(false);
+ // first->has_line_break(first->has_line_break() || has_line_break());
+ first->chroots(true); // has been resolved by now
+ for (size_t i = 1; i < items.size(); i += 1) {
+diff --git a/src/debugger.hpp b/src/debugger.hpp
+index 703d387183..31af47218a 100644
+--- a/src/debugger.hpp
++++ b/src/debugger.hpp
+@@ -430,6 +430,7 @@ inline void debug_ast(AST_Node* node, sass::string ind, Env* env)
+ std::cerr << " <<" << selector->ns_name() << ">>";
+ std::cerr << (selector->isClass() ? " [isClass]": " -");
+ std::cerr << (selector->isSyntacticClass() ? " [isSyntacticClass]": " -");
++ std::cerr << (selector->has_real_parent_ref(nullptr) ? " [real parent]" : " -");
+ std::cerr << std::endl;
+ debug_ast(selector->argument(), ind + " <= ", env);
+ debug_ast(selector->selector(), ind + " || ", env);
+diff --git a/src/fn_miscs.cpp b/src/fn_miscs.cpp
+index 38e8d2a820..d5e28ca6c4 100644
+--- a/src/fn_miscs.cpp
++++ b/src/fn_miscs.cpp
+@@ -160,10 +160,14 @@ namespace Sass {
+ ExpressionObj cond = ARG("$condition", Expression)->perform(&expand.eval);
+ bool is_true = !cond->is_false();
+ ExpressionObj res = ARG(is_true ? "$if-true" : "$if-false", Expression);
+- ValueObj qwe = Cast<Value>(res->perform(&expand.eval));
+- // res = res->perform(&expand.eval.val_eval);
+- qwe->set_delayed(false); // clone?
+- return qwe.detach();
++ ExpressionObj rv = res->perform(&expand.eval);
++ ValueObj value = Cast<Value>(rv);
++ if (value != nullptr) {
++ value->set_delayed(false);
++ return value.detach();
++ }
++ rv->set_delayed(false);
++ return nullptr;
+ }
+
+ //////////////////////////
+diff --git a/src/inspect.cpp b/src/inspect.cpp
+index 4d079bed8b..bdc73cdac3 100644
+--- a/src/inspect.cpp
++++ b/src/inspect.cpp
+@@ -463,6 +463,7 @@ namespace Sass {
+ { sep[0] = i % 2 ? ':' : ','; }
+ ExpressionObj list_item = list->at(i);
+ if (output_style() != TO_SASS) {
++ if (list_item == nullptr) continue;
+ if (list_item->is_invisible()) {
+ // this fixes an issue with "" in a list
+ if (!Cast<String_Constant>(list_item)) {
+@@ -1088,7 +1089,7 @@ namespace Sass {
+
+ void Inspect::operator()(CompoundSelector* sel)
+ {
+- if (sel->hasRealParent()) {
++ if (sel->hasRealParent() /* || sel->has_real_parent_ref() */) {
+ append_string("&");
+ }
+ for (auto& item : sel->elements()) {
diff --git a/libsass.changes b/libsass.changes
index 3475fd4..c5b4780 100644
--- a/libsass.changes
+++ b/libsass.changes
@@ -1,4 +1,16 @@
-------------------------------------------------------------------
+Fri Dec 15 09:40:23 UTC 2023 - Michael Vetter <mvetter@suse.com>
+
+- security update:
+ * CVE-2022-43357 [bsc#1214573]:
+ Fix stack overflow in Sass:CompoundSelector:has_real_parent_ref()
+ * CVE-2022-43358 [bsc#1214575]:
+ Fix stack overflow in Sass:ComplexSelector:has_placeholde()
+ * CVE-2022-26592 [bsc#1214576]:
+ Fix stack overflow in CompoundSelector:has_real_parent_ref function()
+ + libsass-CVE-2022-43357,CVE-2022-43358,CVE-2022-26592.patch
+
+-------------------------------------------------------------------
Sat Jul 17 06:53:55 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 3.6.5:
diff --git a/libsass.spec b/libsass.spec
index 86d4ee6..3341b4f 100644
--- a/libsass.spec
+++ b/libsass.spec
@@ -1,7 +1,7 @@
#
# spec file for package libsass
#
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -27,6 +27,8 @@ URL: https://github.com/sass/libsass
Source: https://github.com/sass/libsass/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
Patch1: libsass-am.diff
Patch2: libsass-vers.diff
+# PATCH-FIX-UPSTREAM -- mvetter@suse.com -- bsc#1214573, bsc#1214575, bsc#1214576, gh/sass/libsass#3184
+Patch3: libsass-CVE-2022-43357,CVE-2022-43358,CVE-2022-26592.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: gcc-c++
@@ -55,6 +57,7 @@ This package provides development header files for libsass.
%prep
%setup -q
%patch -P 1 -P 2 -p1
+%patch3 -p1
%build
if [ ! -f VERSION ]; then