4 changed files with 0 additions and 198 deletions
--- a/3.6.5.tar.gz
+++ b/3.6.5.tar.gz
--- a/backport-CVE-2022-26592-CVE-2022-43358-CVE-2022-43357.patch
+++ b/backport-CVE-2022-26592-CVE-2022-43358-CVE-2022-43357.patch
@ -1,126 +0,0 @@
 From 5bb0ea0c4b2ebebe542933f788ffacba459a717a Mon Sep 17 00:00:00 2001
 From: Marcel Greter <marcel.greter@ocbnet.ch>
 Date: Thu, 14 Dec 2023 14:40:04 +0100
 Subject: [PATCH] Fix most urgent issues in 2023
 - Fix recursion when resolving parents
 - Fix potential memory leak in `sass_not`
 - Fix potential NPE in selector list inspector
 ---
 src/ast_selectors.cpp | 14 ++++++++------
 src/debugger.hpp      |  1 +
 src/fn_miscs.cpp      | 12 ++++++++----
 src/inspect.cpp       |  3 ++-
 4 files changed, 19 insertions(+), 11 deletions(-)
 diff --git a/src/ast_selectors.cpp b/src/ast_selectors.cpp
 index c1428429..f5a4867e 100644
 --- a/src/ast_selectors.cpp
 +++ b/src/ast_selectors.cpp
@@ -868,7 +868,7 @@ namespace Sass {
     for (SimpleSelectorObj simple : elements()) {
       if (PseudoSelector * pseudo = Cast<PseudoSelector>(simple)) {
         if (SelectorList* sel = Cast<SelectorList>(pseudo->selector())) {
 -          if (parent) {
 +          if (parent && !parent->has_real_parent_ref()) {
             pseudo->selector(sel->resolve_parent_refs(
               pstack, traces, implicit_parent));
           }
@@ -976,20 +976,22 @@ namespace Sass {
   }
   /* better return sass::vector? only - is empty container anyway? */
 -  SelectorList* ComplexSelector::resolve_parent_refs(SelectorStack pstack, Backtraces& traces, bool implicit_parent)
 +  SelectorList* ComplexSelector::resolve_parent_refs(
 +    SelectorStack pstack, Backtraces& traces, bool implicit_parent)
   {
     sass::vector<sass::vector<ComplexSelectorObj>> vars;
     auto parent = pstack.back();
 +    auto hasRealParent = has_real_parent_ref();
 -    if (has_real_parent_ref() && !parent) {
 +    if (hasRealParent && !parent) {
       throw Exception::TopLevelParent(traces, pstate());
     }
     if (!chroots() && parent) {
 -      if (!has_real_parent_ref() && !implicit_parent) {
 +      if (!hasRealParent && !implicit_parent) {
         SelectorList* retval = SASS_MEMORY_NEW(SelectorList, pstate(), 1);
         retval->append(this);
         return retval;
@@ -1020,10 +1022,10 @@ namespace Sass {
     for (auto items : res) {
       if (items.size() > 0) {
         ComplexSelectorObj first = SASS_MEMORY_COPY(items[0]);
 -        first->hasPreLineFeed(first->hasPreLineFeed() || (!has_real_parent_ref() && hasPreLineFeed()));
 +        first->hasPreLineFeed(first->hasPreLineFeed() || (!hasRealParent && hasPreLineFeed()));
         // ToDo: remove once we know how to handle line feeds
         // ToDo: currently a mashup between ruby and dart sass
 -        // if (has_real_parent_ref()) first->has_line_feed(false);
 +        // if (hasRealParent) first->has_line_feed(false);
         // first->has_line_break(first->has_line_break() || has_line_break());
         first->chroots(true); // has been resolved by now
         for (size_t i = 1; i < items.size(); i += 1) {
 diff --git a/src/debugger.hpp b/src/debugger.hpp
 index 703d3871..31af4721 100644
 --- a/src/debugger.hpp
 +++ b/src/debugger.hpp
@@ -430,6 +430,7 @@ inline void debug_ast(AST_Node* node, sass::string ind, Env* env)
     std::cerr << " <<" << selector->ns_name() << ">>";
     std::cerr << (selector->isClass() ? " [isClass]": " -");
     std::cerr << (selector->isSyntacticClass() ? " [isSyntacticClass]": " -");
 +    std::cerr << (selector->has_real_parent_ref(nullptr) ? " [real parent]" : " -");
     std::cerr << std::endl;
     debug_ast(selector->argument(), ind + " <= ", env);
     debug_ast(selector->selector(), ind + " || ", env);
 diff --git a/src/fn_miscs.cpp b/src/fn_miscs.cpp
 index 38e8d2a8..d5e28ca6 100644
 --- a/src/fn_miscs.cpp
 +++ b/src/fn_miscs.cpp
@@ -160,10 +160,14 @@ namespace Sass {
       ExpressionObj cond = ARG("$condition", Expression)->perform(&expand.eval);
       bool is_true = !cond->is_false();
       ExpressionObj res = ARG(is_true ? "$if-true" : "$if-false", Expression);
 -      ValueObj qwe = Cast<Value>(res->perform(&expand.eval));
 -      // res = res->perform(&expand.eval.val_eval);
 -      qwe->set_delayed(false); // clone?
 -      return qwe.detach();
 +      ExpressionObj rv = res->perform(&expand.eval);
 +      ValueObj value = Cast<Value>(rv);
 +      if (value != nullptr) {
 +        value->set_delayed(false);
 +        return value.detach();
 +      }
 +      rv->set_delayed(false);
 +      return nullptr;
     }
     //////////////////////////
 diff --git a/src/inspect.cpp b/src/inspect.cpp
 index 4d079bed..bdc73cda 100644
 --- a/src/inspect.cpp
 +++ b/src/inspect.cpp
@@ -463,6 +463,7 @@ namespace Sass {
       { sep[0] = i % 2 ? ':' : ','; }
       ExpressionObj list_item = list->at(i);
       if (output_style() != TO_SASS) {
 +        if (list_item == nullptr) continue;
         if (list_item->is_invisible()) {
           // this fixes an issue with "" in a list
           if (!Cast<String_Constant>(list_item)) {
@@ -1088,7 +1089,7 @@ namespace Sass {
   void Inspect::operator()(CompoundSelector* sel)
   {
 -    if (sel->hasRealParent()) {
 +    if (sel->hasRealParent() /* || sel->has_real_parent_ref() */) {
       append_string("&");
     }
     for (auto& item : sel->elements()) {
 -- 
 2.33.0
--- a/libsass.spec
+++ b/libsass.spec
@ -1,68 +0,0 @@
 Name:           libsass
 Version:        3.6.5
 Release:        2
 Summary:        A Sass CSS precompiler which is ported for C/C++
 License:        MIT
 URL:            http://sass-lang.com/libsass
 Source0:        https://github.com/sass/libsass/archive/%{version}.tar.gz
 Patch0001:	backport-CVE-2022-26592-CVE-2022-43358-CVE-2022-43357.patch
 BuildRequires:  automake autoconf libtool pkgconfig gcc-c++
 %description
 Libsass is a Sass CSS precompiler which is ported for C/C++. This version is
 more efficient and portable than the original Ruby version. Keeping light and
 sample is its degisn philosophy which makes it more easier to be built and integrated
 with a immense amount of platforms and languages. Installation of saccs is needed
 if you want to run is directly as libsass is just a library.
 %package        devel
 Summary:        Library and header files for libsass
 Requires:       libsass = %{version}-%{release}
 %description    devel
 The libsass-devel package contains libraries and header files for
 developing applications using libsass.
 %prep
 %autosetup -p1
 export LIBSASS_VERSION=%{version}
 autoreconf --force --install
 %build
 %configure --disable-static
 %make_build
 %install
 %make_install
 %delete_la
 %post -p /sbin/ldconfig
 %postun -p /sbin/ldconfig
 %files
 %license LICENSE
 %doc Readme.md SECURITY.md
 %{_libdir}/*.so.*
 %files          devel
 %{_includedir}/*
 %{_libdir}/*.so
 %{_libdir}/pkgconfig/*.pc
 %changelog
 * Tue Dec 26 2023 liningjie <liningjie@xfusion.com> - 3.6.5-2
 - Fix CVE-2022-26592 CVE-2022-43358 CVE-2022-43357
 * Fri Jul 07 2023 wangkai <13474090681@163.com> - 3.6.5-1
 - Update to 3.6.5
 * Mon Dec 7 2020 wutao <wutao61@huawei.com> - 3.6.4-1
 - update to 3.6.4 to fix use of unintialized problem
 * Tue Dec 31 2019 lihao <lihao129@huawei.com> - 3.5.4-4
 - Package Init
--- a/libsass.yaml
+++ b/libsass.yaml
@ -1,4 +0,0 @@
 version_control: github
 src_repo:  sass/libsass
 tag_prefix: ^
 seperator: .