From c5a9c8a40870a1aca822a8ec630d2424341edf5f53bdc3a286f905b0ce191044 Mon Sep 17 00:00:00 2001
From: Dirk Mueller <dmueller@suse.com>
Date: Wed, 21 Feb 2024 10:31:05 +0000
Subject: [PATCH] Accepting request 1146898 from home:dimstar:Factory

- Update to version 3.6.6:
  + Maintenance release to fix most urgent issues in LibSass.
  + for openSUSE defacto only a version number change, as the
    upstream fix mainly contains the now obsolete patch:
    - libsass-CVE-2022-43357,CVE-2022-43358,CVE-2022-26592.patch

OBS-URL: https://build.opensuse.org/request/show/1146898
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libsass?expand=0&rev=31
---
 libsass-3.6.5.tar.gz                          |   3 -
 libsass-3.6.6.tar.gz                          |   3 +
 ...-43357,CVE-2022-43358,CVE-2022-26592.patch | 123 ------------------
 libsass.changes                               |   9 ++
 libsass.spec                                  |   9 +-
 5 files changed, 15 insertions(+), 132 deletions(-)
 delete mode 100644 libsass-3.6.5.tar.gz
 create mode 100644 libsass-3.6.6.tar.gz
 delete mode 100644 libsass-CVE-2022-43357,CVE-2022-43358,CVE-2022-26592.patch

diff --git a/libsass-3.6.5.tar.gz b/libsass-3.6.5.tar.gz
deleted file mode 100644
index cb5b113..0000000
--- a/libsass-3.6.5.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:89d8f2c46ae2b1b826b58ce7dde966a176bac41975b82e84ad46b01a55080582
-size 342426
diff --git a/libsass-3.6.6.tar.gz b/libsass-3.6.6.tar.gz
new file mode 100644
index 0000000..d2857a2
--- /dev/null
+++ b/libsass-3.6.6.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:11f0bb3709a4f20285507419d7618f3877a425c0131ea8df40fe6196129df15d
+size 342625
diff --git a/libsass-CVE-2022-43357,CVE-2022-43358,CVE-2022-26592.patch b/libsass-CVE-2022-43357,CVE-2022-43358,CVE-2022-26592.patch
deleted file mode 100644
index c7f3504..0000000
--- a/libsass-CVE-2022-43357,CVE-2022-43358,CVE-2022-26592.patch
+++ /dev/null
@@ -1,123 +0,0 @@
-From 5bb0ea0c4b2ebebe542933f788ffacba459a717a Mon Sep 17 00:00:00 2001
-From: Marcel Greter <marcel.greter@ocbnet.ch>
-Date: Thu, 14 Dec 2023 14:40:04 +0100
-Subject: [PATCH] Fix most urgent issues in 2023
-
-- Fix recursion when resolving parents
-- Fix potential memory leak in `sass_not`
-- Fix potential NPE in selector list inspector
----
- src/ast_selectors.cpp | 14 ++++++++------
- src/debugger.hpp      |  1 +
- src/fn_miscs.cpp      | 12 ++++++++----
- src/inspect.cpp       |  3 ++-
- 4 files changed, 19 insertions(+), 11 deletions(-)
-
-diff --git a/src/ast_selectors.cpp b/src/ast_selectors.cpp
-index c142842975..f5a4867e9e 100644
---- a/src/ast_selectors.cpp
-+++ b/src/ast_selectors.cpp
-@@ -868,7 +868,7 @@ namespace Sass {
-     for (SimpleSelectorObj simple : elements()) {
-       if (PseudoSelector * pseudo = Cast<PseudoSelector>(simple)) {
-         if (SelectorList* sel = Cast<SelectorList>(pseudo->selector())) {
--          if (parent) {
-+          if (parent && !parent->has_real_parent_ref()) {
-             pseudo->selector(sel->resolve_parent_refs(
-               pstack, traces, implicit_parent));
-           }
-@@ -976,20 +976,22 @@ namespace Sass {
-   }
- 
-   /* better return sass::vector? only - is empty container anyway? */
--  SelectorList* ComplexSelector::resolve_parent_refs(SelectorStack pstack, Backtraces& traces, bool implicit_parent)
-+  SelectorList* ComplexSelector::resolve_parent_refs(
-+    SelectorStack pstack, Backtraces& traces, bool implicit_parent)
-   {
- 
-     sass::vector<sass::vector<ComplexSelectorObj>> vars;
- 
-     auto parent = pstack.back();
-+    auto hasRealParent = has_real_parent_ref();
- 
--    if (has_real_parent_ref() && !parent) {
-+    if (hasRealParent && !parent) {
-       throw Exception::TopLevelParent(traces, pstate());
-     }
- 
-     if (!chroots() && parent) {
- 
--      if (!has_real_parent_ref() && !implicit_parent) {
-+      if (!hasRealParent && !implicit_parent) {
-         SelectorList* retval = SASS_MEMORY_NEW(SelectorList, pstate(), 1);
-         retval->append(this);
-         return retval;
-@@ -1020,10 +1022,10 @@ namespace Sass {
-     for (auto items : res) {
-       if (items.size() > 0) {
-         ComplexSelectorObj first = SASS_MEMORY_COPY(items[0]);
--        first->hasPreLineFeed(first->hasPreLineFeed() || (!has_real_parent_ref() && hasPreLineFeed()));
-+        first->hasPreLineFeed(first->hasPreLineFeed() || (!hasRealParent && hasPreLineFeed()));
-         // ToDo: remove once we know how to handle line feeds
-         // ToDo: currently a mashup between ruby and dart sass
--        // if (has_real_parent_ref()) first->has_line_feed(false);
-+        // if (hasRealParent) first->has_line_feed(false);
-         // first->has_line_break(first->has_line_break() || has_line_break());
-         first->chroots(true); // has been resolved by now
-         for (size_t i = 1; i < items.size(); i += 1) {
-diff --git a/src/debugger.hpp b/src/debugger.hpp
-index 703d387183..31af47218a 100644
---- a/src/debugger.hpp
-+++ b/src/debugger.hpp
-@@ -430,6 +430,7 @@ inline void debug_ast(AST_Node* node, sass::string ind, Env* env)
-     std::cerr << " <<" << selector->ns_name() << ">>";
-     std::cerr << (selector->isClass() ? " [isClass]": " -");
-     std::cerr << (selector->isSyntacticClass() ? " [isSyntacticClass]": " -");
-+    std::cerr << (selector->has_real_parent_ref(nullptr) ? " [real parent]" : " -");
-     std::cerr << std::endl;
-     debug_ast(selector->argument(), ind + " <= ", env);
-     debug_ast(selector->selector(), ind + " || ", env);
-diff --git a/src/fn_miscs.cpp b/src/fn_miscs.cpp
-index 38e8d2a820..d5e28ca6c4 100644
---- a/src/fn_miscs.cpp
-+++ b/src/fn_miscs.cpp
-@@ -160,10 +160,14 @@ namespace Sass {
-       ExpressionObj cond = ARG("$condition", Expression)->perform(&expand.eval);
-       bool is_true = !cond->is_false();
-       ExpressionObj res = ARG(is_true ? "$if-true" : "$if-false", Expression);
--      ValueObj qwe = Cast<Value>(res->perform(&expand.eval));
--      // res = res->perform(&expand.eval.val_eval);
--      qwe->set_delayed(false); // clone?
--      return qwe.detach();
-+      ExpressionObj rv = res->perform(&expand.eval);
-+      ValueObj value = Cast<Value>(rv);
-+      if (value != nullptr) {
-+        value->set_delayed(false);
-+        return value.detach();
-+      }
-+      rv->set_delayed(false);
-+      return nullptr;
-     }
- 
-     //////////////////////////
-diff --git a/src/inspect.cpp b/src/inspect.cpp
-index 4d079bed8b..bdc73cdac3 100644
---- a/src/inspect.cpp
-+++ b/src/inspect.cpp
-@@ -463,6 +463,7 @@ namespace Sass {
-       { sep[0] = i % 2 ? ':' : ','; }
-       ExpressionObj list_item = list->at(i);
-       if (output_style() != TO_SASS) {
-+        if (list_item == nullptr) continue;
-         if (list_item->is_invisible()) {
-           // this fixes an issue with "" in a list
-           if (!Cast<String_Constant>(list_item)) {
-@@ -1088,7 +1089,7 @@ namespace Sass {
- 
-   void Inspect::operator()(CompoundSelector* sel)
-   {
--    if (sel->hasRealParent()) {
-+    if (sel->hasRealParent() /* || sel->has_real_parent_ref() */) {
-       append_string("&");
-     }
-     for (auto& item : sel->elements()) {
diff --git a/libsass.changes b/libsass.changes
index e131610..65c136c 100644
--- a/libsass.changes
+++ b/libsass.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Thu Feb 15 15:49:04 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Update to version 3.6.6:
+  + Maintenance release to fix most urgent issues in LibSass.
+  + for openSUSE defacto only a version number change, as the
+    upstream fix mainly contains the now obsolete patch:
+    - libsass-CVE-2022-43357,CVE-2022-43358,CVE-2022-26592.patch
+
 -------------------------------------------------------------------
 Fri Dec 15 09:40:23 UTC 2023 - Michael Vetter <mvetter@suse.com>
 
diff --git a/libsass.spec b/libsass.spec
index 994f2b8..7e7d030 100644
--- a/libsass.spec
+++ b/libsass.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package libsass
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,9 +16,9 @@
 #
 
 
-%define libname libsass-3_6_5-1
+%define libname libsass-3_6_6-1
 Name:           libsass
-Version:        3.6.5
+Version:        3.6.6
 Release:        0
 Summary:        Compiler library for A CSS preprocessor language
 License:        MIT
@@ -27,8 +27,6 @@ URL:            https://github.com/sass/libsass
 Source:         https://github.com/sass/libsass/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Patch1:         libsass-am.diff
 Patch2:         libsass-vers.diff
-# PATCH-FIX-UPSTREAM -- mvetter@suse.com -- bsc#1214573, bsc#1214575, bsc#1214576, gh/sass/libsass#3184
-Patch3:         libsass-CVE-2022-43357,CVE-2022-43358,CVE-2022-26592.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  gcc-c++
@@ -57,7 +55,6 @@ This package provides development header files for libsass.
 %prep
 %setup -q
 %patch -P 1 -P 2 -p1
-%patch3 -p1
 
 %build
 if [ ! -f VERSION ]; then