Recommended update for libsass

Announcement ID:	SUSE-RU-2023:2101-1
Rating:	moderate
References:	bsc#1201074 bsc#1210890
Affected Products:	openSUSE Leap 15.4 SUSE Linux Enterprise Desktop 15 SP4 SUSE Linux Enterprise High Performance Computing 15 SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Real Time 15 SP4 SUSE Linux Enterprise Server 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 SUSE Package Hub 15 15-SP4

An update that has two fixes can now be installed.

Description:

libsass has received update for:

• Update libsass to fix Greybird Geeko theme build failures (bsc#1201074)

Update version to 3.6.5 (bsc#1201074):

• Fix extend edge case going endlessly
• Fix source-maps and how we count unicode characters
• Fix seed generator if std::random_device fails
• Fix url() containing exclamation mark causing an error
• Fix Offset initialization when end was not given
• Fix obvious backporting error in pseudo extend
• Fix obvious identical subexpressions in op_color_number
• Fix edge case regarding unit-less number equality as object keys
• Revert compound re-ordering for non extended selectors
• Prevent compiler warning about unnecessary copy

Update to v3.6.4:

• Fix parenthesization for selector schema and real parents
• Add deprecation warning for global variable creation
• Ensure correct output order of compound selectors
• Handle loaded source code as shared objects
• New custom memory allocator - disabled for now
• Add back C-API getters for plugin paths
• Fix abspath handling on windows without directory
• Fix various edge case crashes
• Fix segfault on directive ruleset
• Fix heap-buffer-overflow in lexer
• Fix stack-overflow in parser
• Fix memory leak in parser
• Fix memory leak in evaluation
• Fix memory handling edge case
• Fix some null pointer access crashes
• Preparations for ongoing refactoring

Update to v3.6.3:

• Fix compound extend warning
• Fix extend being stuck in endless loop
• Fix various edge-case segfault crashes
• Extend error_src lifetime on c-api context
• Fix memory leak in permutation function
• Preserve indentation in nested mode

Update to v3.6.2:

• Improve pseudo selector handling
• Code improvements
• Fix various functions arguments
• Fix "call" for $function
• Check weight argument on invert call
• Improve makefile to use dylib extension on MacOS
• Fix bug in scale-color with positive saturation
• Minor API documentation improvements
• Fix selector isInvisible logic
• Fix evaluation of unary expressions in loops
• Fix attribute selector equality with modifiers

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• openSUSE Leap 15.4
  zypper in -t patch openSUSE-SLE-15.4-2023-2101=1
• SUSE Package Hub 15 15-SP4
  zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2101=1

Package List:

• openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
  • libsass-3_6_5-1-debuginfo-3.6.5-150200.4.5.1
  • libsass-3_6_5-1-3.6.5-150200.4.5.1
  • libsass-debugsource-3.6.5-150200.4.5.1
  • libsass-devel-3.6.5-150200.4.5.1
• SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64)
  • libsass-3_6_5-1-debuginfo-3.6.5-150200.4.5.1
  • libsass-3_6_5-1-3.6.5-150200.4.5.1
  • libsass-debugsource-3.6.5-150200.4.5.1
  • libsass-devel-3.6.5-150200.4.5.1

References:

• https://bugzilla.suse.com/show_bug.cgi?id=1201074
• https://bugzilla.suse.com/show_bug.cgi?id=1210890