Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix most urgent issues in 2023 #3184

Merged
merged 1 commit into from
Dec 21, 2023
Merged

Conversation

mgreter
Copy link
Contributor

@mgreter mgreter commented Dec 15, 2023

  • Fix recursion when resolving parents
  • Fix potential memory leak in sass_not
  • Fix potential NPE in selector list inspector

- Fix recursion when resolving parents
- Fix potential memory leak in `sass_not`
- Fix potential NPE in selector list inspector
@mgreter
Copy link
Contributor Author

mgreter commented Dec 15, 2023

FWIW sass-spec has diverted too much to still support LibSass CI/CD.
Tested via perl-libsass, and didn't see any regressions there.

@connorskees
Copy link

connorskees commented Dec 15, 2023

This is tangential, but if you're merging changes into libsass, is there any chance sass/sassc#268 could be merged? I'm not sure how one can build sassc in a script without this change applied.

@mgreter
Copy link
Contributor Author

mgreter commented Dec 15, 2023

This is tangential, but if you're merging changes into libsass, is there any chance sass/sassc#268 could be merged? I'm not sure how one can build sassc in a script without this change applied.

Check https://github.com/sass/libsass/blob/master/docs/build.md
E.g. SASS_LIBSASS_PATH=/foo/bar/libsass make ... (AFAIR).

Edit: by default sassc expects libsass in its parent directory, e.g

# ls libsass
./sass-spec
./sassc
...

@jubalh
Copy link

jubalh commented Dec 15, 2023

I ran these changed against POCs for: CVE-2022-43357, CVE-2022-43358 and CVE-2022-26592. All of these issues are fixed. Thanks @mgreter !

@mgreter mgreter merged commit 7037f03 into sass:master Dec 21, 2023
0 of 26 checks passed
@mgreter
Copy link
Contributor Author

mgreter commented Dec 22, 2023

FWIW Added MSI installers to the 3.6.6 release after some hasle; plugins still seem to work ;)

math{ sin42: sin(42); }

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants