Tags: klogeaage/runtime
Tags
[release/5.0-preview7] Disallow unrestricted polymorphic deserializat… …ion in DataSet (dotnet#39314) Fixes CVE-2020-1147 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1147 See also https://go.microsoft.com/fwlink/?linkid=2132227.
SafeProcessHandle.Unix: fix missing DangerousRelease (dotnet#37412) (d… …otnet#37446) Because the SafeProcessHandle was not owned, ReleaseHandle was not called, causing the wrapped SafeWaitHandle to never release its resources. Co-authored-by: Tom Deseyn <[email protected]>
Loosen property name collision detection involving hidden properties (d… …otnet#36936) (dotnet#37105) * Loosen property name collision detection involving hidden properties * Delay ignored prop cache creation; add more tests * Clarify comments
[release/5.0-preview4] Revert processing bundles in framework (dotnet… …#35679) This commit reverts: Revert "Single-File: Process bundles in the framework (dotnet#34274)" This reverts commit 78b303d. Revert "Single-File Bundler: Add a FileSize test (dotnet#35149)" This reverts commit 779588a. *Customer Scenario* Publishing apps as a self-contained single-file doesn't work as expected. * Publish needs to generate hostpolicy and hostfxr separate from the single file bundle * Cross-platform publishing is incorrect *Problem* Since Static-apphost is not yet ready, processing bundle content in hostpolicy means that hostpolicy and hostfxr DLLs need to be separate from the bundle. This causes self-contained single-file apps to not be a "single file" temporarily. The change also requires supporting changes from the SDK, to publish hostfxr and hostpolicy as separate files, and to invoke HostModel library with arguments that facilitate cross-platform publishing. *Solution* To solve these, problem, this change reverts: Revert "Single-File: Process bundles in the framework (dotnet#34274)" commit 78b303d. and a dependent test-only change: Revert "Single-File Bundler: Add a FileSize test (dotnet#35149)" commit 779588a. *Risk* Medium The change is contained to only host components: apphost, hostpolicy, and hostfxr. However, the change is big, and needs testing in runtime and SDK repos. *Testing* Manually tested the SDK by inserting apphost, hostfxr, hostpolicy, and hostmodel library from this build into the `dotnet/packs` preview-4 SDK from dotnet/sdk#11518 build. Verified that: * Singlefile apps can be published and run OK for { Windows, Linux, Osx } x {netcoreapp3.0, netcoreapp3.1, netcoreapp5.0} * Cross-targeting builds of single-file apps build and run OK (ex: built on Windos, run on Mac).
Fix WriteLargeJsonToStreamWithoutFlushing test (dotnet#34914)
Fix overaggressive CanBeMadeAtomic check for Set + Notone (dotnet#33409) We're erroneously converting a set loop to be atomic when it's followed by a notone where the notone's character is in the set. But if we for example have `[ab]*[^a]`, we can't make the loop atomic, because the `[ab]*` can actually give back something (a `b`) that the `[^a]` will match. The fix is simply to delete the erroneous, overaggressive checks.