diff --git a/srcpkgs/libsass/patches/CVE-2018-11697.patch b/srcpkgs/libsass/patches/CVE-2018-11697.patch deleted file mode 100644 index 3b49deda310..00000000000 --- a/srcpkgs/libsass/patches/CVE-2018-11697.patch +++ /dev/null @@ -1,178 +0,0 @@ -From 02428e022a1804426fc7e06ff158f186a9f281ca Mon Sep 17 00:00:00 2001 -From: xzyfer -Date: Wed, 4 Jul 2018 21:45:59 +1000 -Subject: [PATCH] Fix possible out of band read in prelexer - -Fixes #2656 ---- - src/lexer.cpp | 13 ++++++++++++- - src/lexer.hpp | 14 +++++++------- - 2 files changed, 19 insertions(+), 8 deletions(-) - -diff --git a/src/lexer.cpp b/src/lexer.cpp -index be7f67713..5a5464cf8 100644 ---- a/src/lexer.cpp -+++ b/src/lexer.cpp -@@ -33,30 +33,35 @@ namespace Sass { - - bool is_alpha(const char& chr) - { -+ if (!chr) return false; - return unsigned(chr - 'A') <= 'Z' - 'A' || - unsigned(chr - 'a') <= 'z' - 'a'; - } - - bool is_space(const char& chr) - { -+ if (!chr) return false; - // adapted the technique from is_alpha - return chr == ' ' || unsigned(chr - '\t') <= '\r' - '\t'; - } - - bool is_digit(const char& chr) - { -+ if (!chr) return false; - // adapted the technique from is_alpha - return unsigned(chr - '0') <= '9' - '0'; - } - - bool is_number(const char& chr) - { -+ if (!chr) return false; - // adapted the technique from is_alpha - return is_digit(chr) || chr == '-' || chr == '+'; - } - - bool is_xdigit(const char& chr) - { -+ if (!chr) return false; - // adapted the technique from is_alpha - return unsigned(chr - '0') <= '9' - '0' || - unsigned(chr - 'a') <= 'f' - 'a' || -@@ -65,6 +70,7 @@ namespace Sass { - - bool is_punct(const char& chr) - { -+ if (!chr) return false; - // locale independent - return chr == '.'; - } -@@ -77,6 +83,7 @@ namespace Sass { - // check if char is outside ascii range - bool is_unicode(const char& chr) - { -+ if (!chr) return false; - // check for unicode range - return unsigned(chr) > 127; - } -@@ -85,6 +92,7 @@ namespace Sass { - // but with specific ranges (copied from Ruby Sass) - bool is_nonascii(const char& chr) - { -+ if (!chr) return false; - unsigned int cmp = unsigned(chr); - return ( - (cmp >= 128 && cmp <= 15572911) || -@@ -97,6 +105,7 @@ namespace Sass { - // valid in a uri (copied from Ruby Sass) - bool is_uri_character(const char& chr) - { -+ if (!chr) return false; - unsigned int cmp = unsigned(chr); - return (cmp > 41 && cmp < 127) || - cmp == ':' || cmp == '/'; -@@ -106,6 +115,7 @@ namespace Sass { - // valid for escaping (copied from Ruby Sass) - bool is_escapable_character(const char& chr) - { -+ if (!chr) return false; - unsigned int cmp = unsigned(chr); - return cmp > 31 && cmp < 127; - } -@@ -113,6 +123,7 @@ namespace Sass { - // Match word character (look ahead) - bool is_character(const char& chr) - { -+ if (!chr) return false; - // valid alpha, numeric or unicode char (plus hyphen) - return is_alnum(chr) || is_unicode(chr) || chr == '-'; - } -@@ -148,7 +159,7 @@ namespace Sass { - const char* any_char(const char* src) { return *src ? src + 1 : src; } - - // Match word boundary (zero-width lookahead). -- const char* word_boundary(const char* src) { return is_character(*src) || *src == '#' ? 0 : src; } -+ const char* word_boundary(const char* src) { return (*src && (is_character(*src) || *src == '#')) ? 0 : src; } - - // Match linefeed /(?:\n|\r\n?)/ - const char* re_linebreak(const char* src) -diff --git a/src/lexer.hpp b/src/lexer.hpp -index 5838c291c..16627d796 100644 ---- a/src/lexer.hpp -+++ b/src/lexer.hpp -@@ -90,7 +90,7 @@ namespace Sass { - // Regex equivalent: /(?:x)/ - template - const char* exactly(const char* src) { -- return *src == chr ? src + 1 : 0; -+ return (*src && *src == chr) ? src + 1 : 0; - } - - // Match the full string literal. -@@ -99,10 +99,9 @@ namespace Sass { - const char* exactly(const char* src) { - if (str == NULL) return 0; - const char* pre = str; -- if (src == NULL) return 0; - // there is a small chance that the search string - // is longer than the rest of the string to look at -- while (*pre && *src == *pre) { -+ while (*src && *pre && *src == *pre) { - ++src, ++pre; - } - // did the matcher finish? -@@ -115,7 +114,7 @@ namespace Sass { - // only define lower case alpha chars - template - const char* insensitive(const char* src) { -- return *src == chr || *src+32 == chr ? src + 1 : 0; -+ return (*src && (*src == chr || *src+32 == chr)) ? src + 1 : 0; - } - - // Match the full string literal. -@@ -128,7 +127,7 @@ namespace Sass { - if (src == NULL) return 0; - // there is a small chance that the search string - // is longer than the rest of the string to look at -- while (*pre && (*src == *pre || *src+32 == *pre)) { -+ while (*src && *pre && (*src == *pre || *src+32 == *pre)) { - ++src, ++pre; - } - // did the matcher finish? -@@ -139,6 +138,7 @@ namespace Sass { - // Regex equivalent: /[axy]/ - template - const char* class_char(const char* src) { -+ if (src == NULL) return 0; - const char* cc = char_class; - while (*cc && *src != *cc) ++cc; - return *cc ? src + 1 : 0; -@@ -157,7 +157,7 @@ namespace Sass { - // Regex equivalent: /[^axy]/ - template - const char* neg_class_char(const char* src) { -- if (*src == 0) return 0; -+ if (src == NULL) return 0; - const char* cc = neg_char_class; - while (*cc && *src != *cc) ++cc; - return *cc ? 0 : src + 1; -@@ -261,7 +261,7 @@ namespace Sass { - // Regex equivalent: /(?:$mx)*?(?=$delim)\b/ - template - const char* non_greedy(const char* src) { -- while (!delim(src)) { -+ while (*src && !delim(src)) { - const char* p = mx(src); - if (p == src) return 0; - if (p == 0) return 0; - diff --git a/srcpkgs/libsass/patches/CVE-2018-11698.patch b/srcpkgs/libsass/patches/CVE-2018-11698.patch deleted file mode 100644 index 0d00a9c2d9a..00000000000 --- a/srcpkgs/libsass/patches/CVE-2018-11698.patch +++ /dev/null @@ -1,28 +0,0 @@ -From d4448c9379c72815b9ed5339dd3b07628eb944fd Mon Sep 17 00:00:00 2001 -From: xzyfer -Date: Thu, 21 Jun 2018 22:19:06 +1000 -Subject: [PATCH] Fix invalid utf-8 error reporting - -Fixes #2662 ---- - src/sass_context.cpp | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/src/sass_context.cpp b/src/sass_context.cpp -index 7a0a49ce1..642f435ee 100644 ---- a/src/sass_context.cpp -+++ b/src/sass_context.cpp -@@ -81,7 +81,12 @@ namespace Sass { - while (line_end && *line_end && *line_end != '\n') { - if (*line_end == '\n') break; - if (*line_end == '\r') break; -+ const char* before = line_end; - utf8::unchecked::next(line_end); -+ if (!utf8::is_valid(line_beg, line_end)) { -+ line_end = before; -+ break; -+ } - } - if (line_end && *line_end != 0) ++ line_end; - size_t line_len = line_end - line_beg; - diff --git a/srcpkgs/libsass/template b/srcpkgs/libsass/template index 50edaa8e2b5..48eed40c511 100644 --- a/srcpkgs/libsass/template +++ b/srcpkgs/libsass/template @@ -1,8 +1,7 @@ # Template file for 'libsass' pkgname=libsass -version=3.5.5 +version=3.6.0 revision=1 -patch_args="-Np1" build_style=gnu-configure hostmakedepends="automake libtool" short_desc="C implementation of Sass CSS preprocessor" @@ -10,7 +9,7 @@ maintainer="Gerardo Di Iorio " license="MIT" homepage="http://www.sass-lang.com/libsass" distfiles="https://github.com/sass/${pkgname}/archive/${version}.tar.gz" -checksum=487ca58f1dfdc4055079af04f0ad120747385d3b3926b1c8f46e4b00540fdb70 +checksum=b4b962a30bcd99adf0162a8eac7e1be94612b1c19912237f53d9a2c11d375169 pre_configure() { NOCONFIGURE=1 autoreconf -fi