This is a security improvement.
On Linux and Android, starting a process with Process.run, Process.runSync
or Process.start would first search the current directory before searching
PATH (Issue [37101][]). Operating systems other than Linux and Android
didn't have this behavior and aren't affected by this vulnerability.
Effectively this puts the current working directory in the front of PATH,
even if it wasn't in the PATH.
This change fixes that vulnerability and only searches the directories in
the PATH environment variable.
Fixes https://github.com/dart-lang/sdk/issues/37101
Change-Id: I05f3137753237f9b3ba4be4eba63ad07a75d865e
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/105582
Reviewed-by: William Hesse <whesse@google.com>
Closes#37153
Isolate.resolvePackageUri was the only API which had an implementation
across DDC and dart2js. The implementation in dart2js has been broken by
default since Dart 2.0.0 without a user implemented hook that is not
used on any public repo on github. Our current supported path for
invoking the compilers on projects disallows the import altogether on
the web and it is only usable with an older version of the
`build_web_compilers` package, or by invoking the compiler manually
outside of the build system. This CL does not break the ability to have
the import when invoking outside of the build system.
- Drop implementation for `Isolate.resolvePackageUri` from the dart2js
and DDC patch files.
- Drop all references to `defaultPackagesBase` since it is not used.
- Drop all tests under `isolate/browser` since we do not expect any
support on the web. Most of these tests would have already been
failing. Remove status file entries that refer to the deleted tests.
Change-Id: I4a19213b0946d835c00e9c107a714f3bc5672f86
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/105080
Reviewed-by: Sigmund Cherem <sigmund@google.com>
Commit-Queue: Nate Bosch <nbosch@google.com>
TransferableTypedData instances are one-use kind of thing: once receiver materializes it, it can't be used
again, once sender sends it out to an isolate, sender can't send it to different isolate.
Example of use:
sender isolate:
```
Future<TransferableTypedData> consolidateHttpClientResponseBytes(HttpClientResponse response) {
final completer = Completer<TransferableTypedData>();
final chunks = <Uint8List>[];
response.listen((List<int> chunk) {
chunks.add(chunk);
}, onDone: () {
completer.complete(TransferableTypedData.fromList(chunks));
});
return completer.future;
}
...
sendPort.send(await consolidateHttpClientResponseBytes(response));
```
receiver isolate:
```
RawReceivePort port = RawReceivePort((TransferableTypedData transferable) {
Uint8List content = transferable.materialize().asUint8List();
...
});
```
31959[tr] and 31960[tr] tests were inspired by dartbug.com/31959, dartbug.com/31960 that this CL attempts to address:
```
╰─➤ out/ReleaseX64/dart 31960.dart
sending...
163ms for round-trip
sending...
81ms for round-trip
sending...
20ms for round-trip
sending...
14ms for round-trip
sending...
20ms for round-trip
sending...
14ms for round-trip
```
(notice no "since last checking" pauses") vs
```
╰─➤ out/ReleaseX64/dart 31960.dart
sending...
154ms since last checkin
174ms for round-trip
sending...
68ms since last checkin
9ms since last checkin
171ms for round-trip
sending...
13ms since last checkin
108ms for round-trip
sending...
14ms since last checkin
108ms for round-trip
sending...
14ms since last checkin
107ms for round-trip
```
Change-Id: I0fcb5ce285394f498c3f1db4414204531f98199d
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/99623
Commit-Queue: Alexander Aprelev <aam@google.com>
Reviewed-by: Ryan Macnak <rmacnak@google.com>
Reviewed-by: Lasse R.H. Nielsen <lrn@google.com>
Reviewed-by: Martin Kustermann <kustermann@google.com>
Rename old "Pub client" headline for consistency with older entries
Add headline for linter in CHANGELOG.md
Change-Id: I118127a6aab564f5d498441f30957e8851e69d6c
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/103527
Reviewed-by: Sigurd Meldgaard <sigurdm@google.com>
Commit a9ad427 introduced a bug that assumed the cookie value was at least
one character, but the cookie value can also be empty.
RFC 6265 5.2 does not specify any special behavior for double quotes and as
such they should be considered part of the value. This change stops
stripping those double quotes and instead preserves them.
The io/http_cookie_test test was skipped because it was considered flaky.
This change dusts it off and tests the new behavior.
This change adds the exact offsets and source to the FormatExceptions to
help the caller understand why a malformed cookie was rejected.
Fixes https://github.com/dart-lang/sdk/issues/33327
Fixes https://github.com/dart-lang/sdk/issues/35804
Change-Id: I3479ba48be5763c485bd3ca5b5d2d86d283df971
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/91221
Commit-Queue: Jonas Termansen <sortie@google.com>
Reviewed-by: Zach Anderson <zra@google.com>
Reviewed-by: William Hesse <whesse@google.com>
This work pulls in v8 support for these features with
appropriate changes for Dart and closes
https://github.com/dart-lang/sdk/issues/34935.
This adds support for the following features:
* Interpreting patterns as Unicode patterns instead of
BMP patterns
* the dotAll flag (`/s`) for changing the behavior
of '.' to also match line terminators
* Escapes for character classes described by Unicode
property groups (e.g., \p{Greek} to match all Greek
characters, or \P{Greek} for all non-Greek characters).
The following TC39 proposals describe some of the added features:
* https://github.com/tc39/proposal-regexp-dotall-flag
* https://github.com/tc39/proposal-regexp-unicode-property-escapes
These additional changes are included:
* Extends named capture group names to include the full
range of identifier characters supported by ECMAScript,
not just ASCII.
* Changing the RegExp interface to return RegExpMatch
objects, not Match objects, so that downcasting is
not necessary to use named capture groups from Dart
**Note**: The changes to the RegExp interface are a
breaking change for implementers of the RegExp interface.
Current users of the RegExp interface (i.e., code using Dart
RegExp objects) will not be affected.
Change-Id: Ie62e6082a0e2fedc1680ef2576ce0c6db80fc19a
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/100641
Reviewed-by: Martin Kustermann <kustermann@google.com>
Commit-Queue: Stevie Strickland <sstrickl@google.com>
This reverts commit 5ebb640a67.
Reason for revert: <INSERT REASONING HERE>
Original change's description:
> [vm] Finish adding support for ECMAScript 2018 features.
>
> This work pulls in v8 support for these features with
> appropriate changes for Dart and closes
> https://github.com/dart-lang/sdk/issues/34935.
>
> This adds support for the following features:
>
> * Interpreting patterns as Unicode patterns instead of
> BMP patterns
> * the dotAll flag (`/s`) for changing the behavior
> of '.' to also match line terminators
> * Escapes for character classes described by Unicode
> property groups (e.g., \p{Greek} to match all Greek
> characters, or \P{Greek} for all non-Greek characters).
>
> The following TC39 proposals describe some of the added features:
>
> * https://github.com/tc39/proposal-regexp-dotall-flag
> * https://github.com/tc39/proposal-regexp-unicode-property-escapes
>
> These additional changes are included:
>
> * Extends named capture group names to include the full
> range of identifier characters supported by ECMAScript,
> not just ASCII.
> * Changing the RegExp interface to return RegExpMatch
> objects, not Match objects, so that downcasting is
> not necessary to use named capture groups from Dart
>
> **Note**: The changes to the RegExp interface are a
> breaking change for implementers of the RegExp interface.
> Current users of the RegExp interface (i.e., code using Dart
> RegExp objects) will not be affected.
>
> Change-Id: I0709ed0a8d5db36680e32bbad585594857b9ace4
> Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/95651
> Commit-Queue: Stevie Strickland <sstrickl@google.com>
> Reviewed-by: Johnni Winther <johnniwinther@google.com>
> Reviewed-by: Lasse R.H. Nielsen <lrn@google.com>
> Reviewed-by: Martin Kustermann <kustermann@google.com>
TBR=lrn@google.com,kustermann@google.com,jmesserly@google.com,johnniwinther@google.com,sstrickl@google.com
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: I1eda0fee4fd9e94df095944049833a67b07277e2
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/100560
Reviewed-by: Keerti Parthasarathy <keertip@google.com>
Reviewed-by: Martin Kustermann <kustermann@google.com>
Commit-Queue: Keerti Parthasarathy <keertip@google.com>
This work pulls in v8 support for these features with
appropriate changes for Dart and closes
https://github.com/dart-lang/sdk/issues/34935.
This adds support for the following features:
* Interpreting patterns as Unicode patterns instead of
BMP patterns
* the dotAll flag (`/s`) for changing the behavior
of '.' to also match line terminators
* Escapes for character classes described by Unicode
property groups (e.g., \p{Greek} to match all Greek
characters, or \P{Greek} for all non-Greek characters).
The following TC39 proposals describe some of the added features:
* https://github.com/tc39/proposal-regexp-dotall-flag
* https://github.com/tc39/proposal-regexp-unicode-property-escapes
These additional changes are included:
* Extends named capture group names to include the full
range of identifier characters supported by ECMAScript,
not just ASCII.
* Changing the RegExp interface to return RegExpMatch
objects, not Match objects, so that downcasting is
not necessary to use named capture groups from Dart
**Note**: The changes to the RegExp interface are a
breaking change for implementers of the RegExp interface.
Current users of the RegExp interface (i.e., code using Dart
RegExp objects) will not be affected.
Change-Id: I0709ed0a8d5db36680e32bbad585594857b9ace4
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/95651
Commit-Queue: Stevie Strickland <sstrickl@google.com>
Reviewed-by: Johnni Winther <johnniwinther@google.com>
Reviewed-by: Lasse R.H. Nielsen <lrn@google.com>
Reviewed-by: Martin Kustermann <kustermann@google.com>
I added an intro to the UI as code stuff and then merged all of the
changes from the previous dev releases.
Change-Id: I0726268adcf5838a24dfee1cacd13e730b004090
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/99736
Commit-Queue: Bob Nystrom <rnystrom@google.com>
Reviewed-by: Vijay Menon <vsm@google.com>
Reviewed-by: Alexander Thomas <athom@google.com>
Previously, a valid web socket connection would use the following URI:
`ws://127.0.0.1/ws`
Now, by default, the VM service requires a connection to be made with a
URI similar to the following:
`ws://127.0.0.1:8181/Ug_U0QVsqFs=/ws`
where `Ug_U0QVsqFs` is an authentication code generated and shared by the
service.
This behavior can be disabled with the `--disable-service-auth-codes`
flag.
Change-Id: I288aac58e3ba9d35dca8071f3f7e7a073896c271
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/98433
Commit-Queue: Ben Konyi <bkonyi@google.com>
Reviewed-by: Siva Annamalai <asiva@google.com>
Change-Id: I82036fa3babc65ffa96f56309b073dd72f07c6f6
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/98695
Commit-Queue: Kevin Moore <kevmoo@google.com>
Reviewed-by: Kevin Moore <kevmoo@google.com>
Change-Id: I417833ed52b3eb843cd6cdf9e255b0905368234a
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/98540
Auto-Submit: Kevin Moore <kevmoo@google.com>
Reviewed-by: Phil Quitslund <pquitslund@google.com>
Change-Id: I2d89f85878d7ed676f70dda8e63eb24b45b0c418
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/98442
Commit-Queue: Alexander Thomas <athom@google.com>
Reviewed-by: Alexander Thomas <athom@google.com>
This reverts commit 611a53ee5e.
Reason for revert: Depends on changes not in the dev branch, will have to retry next week.
Original change's description:
> Update dart_style to 1.2.5.
>
> Change-Id: I8e4949da4fb4c67ee81553ffc9af4609c2e8b83a
> Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/98281
> Commit-Queue: Alexander Thomas <athom@google.com>
> Reviewed-by: Kevin Moore <kevmoo@google.com>
TBR=kevmoo@google.com,rnystrom@google.com,athom@google.com
Change-Id: Ic749658f82bdebfc930d81847e1efcfc45bacc48
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/98342
Reviewed-by: Alexander Thomas <athom@google.com>
Commit-Queue: Alexander Thomas <athom@google.com>
Change-Id: I8e4949da4fb4c67ee81553ffc9af4609c2e8b83a
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/98281
Commit-Queue: Alexander Thomas <athom@google.com>
Reviewed-by: Kevin Moore <kevmoo@google.com>
1. Remove support for the following flags '-c', '--checked' and '--enable-checked-mode'
2. Cleanup some of the tests and test scripts where these options were being passed.
https://github.com/dart-lang/sdk/issues/34660
Change-Id: I4d8aa0d14bd054cfba08d78a411a0df4fc829df1
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/97550
Commit-Queue: Siva Annamalai <asiva@google.com>
Reviewed-by: Ryan Macnak <rmacnak@google.com>
See https://github.com/tc39/proposal-regexp-named-groups
for a high-level description of the feature and examples. This is one of the
features requested in https://github.com/dart-lang/sdk/issues/34935.
This is a partial implementation because while there is a way to retrieve
groups via Dart by name, it requires casting the returned Match to the
new RegExpMatch interface to avoid changing the RegExp interface.
Changing the RegExp interface will happen in a future update, since there
are other planned changes to the RegExp interface coming soon and that way
we only change it once. See https://github.com/dart-lang/sdk/issues/36171
for more details on the planned changes.
Also, since only BMP regular expressions are supported, not full
Unicode ones (i.e., those with the /u flag in ECMAscript), \k<NAME>
will only be parsed as a named back reference if there are named
captures in the string. Otherwise, the \k will be parsed as the identity
escape for backwards compatibility. The new tests illustrate this
difference.
Change-Id: Ieeb0374813db78924c9aa8ac3e652dfb6d4a5934
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/95461
Commit-Queue: Stevie Strickland <sstrickl@google.com>
Reviewed-by: Lasse R.H. Nielsen <lrn@google.com>
Reviewed-by: Martin Kustermann <kustermann@google.com>
Reviewed-by: Jenny Messerly <jmesserly@google.com>
Reviewed-by: Johnni Winther <johnniwinther@google.com>
Change-Id: Iafc99d75bcfeaa5a236bdff7808bace1b153445e
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/96945
Auto-Submit: Stevie Strickland <sstrickl@google.com>
Reviewed-by: Kevin Moore <kevmoo@google.com>
Commit-Queue: Kevin Moore <kevmoo@google.com>
New in this update:
```
git log --oneline --no-decorate 9f00679ef47bc79cadc18e143720ade6c06c0100..980fc947db32bca6ae7d07fbb4ad0fcdba0050ec
980fc947 Add support for global activating package from a custom pub URL (#2041)
605cafb1 "features" is not a completely implemented or documented – hide flags (#2045)
73b66cd3 Merge pull request #2035 from sigurdm/logout_command
2b03587d dartfmt again
ea805dfb Fix help-expectation
6f759c1f gitfmt
90079421 deps: move package_resolver to a dev dependency
297f017a enable and fix a number of lints
f70ee39b Update to latest dependencies, require dart 2.1, fix lints
3446fb0d Add logout command
283471e7 Merge pull request #2016 from RedBrogdon/changelog
4c00f413 Update/add www.dartlang.org URLs (#2021)
f7b147f9 Correcting nerfed changelog test.
b9308223 Edited warning messages, addressed review issues.
9e9c8ed7 Fixed race conditions in test case. (#2020)
ec972168 Removed references to gitsubmodules (#2019)
ac8ad792 Copyright dates.
f9d35d34 Formatted via dartfmt.
a3351369 Adding ChangelogValidator to the list of validators.
a826b121 Adds changelog validator and its tests.
2233e3d5 Update the required pkg:http (#1996)
75d8453a Update all of the obvious dependencies
d07dafa5 Fix unnecessary `this` lints
43a91d12 Update to latest build_runner (#1966)
b3a2cfb7 Add check for a scheme on PUB_HOSTED_URL (#1972)
6626bda3 Update tests for SDK constraint validation (#1968)
```
Change-Id: Ib7c5ec86e5a6d67094b8e70a32ff41efe571c074
Reviewed-on: https://dart-review.googlesource.com/c/94380
Commit-Queue: Sigurd Meldgaard <sigurdm@google.com>
Reviewed-by: Jonas Jensen <jonasfj@google.com>
We continue to accept `--dump-info`, but now also accept `--dump-info=binary` so
we can use the new cheaper encoding.
Change-Id: I971cb9a3634ae1a333cfee14b2927c0e25000a01
Reviewed-on: https://dart-review.googlesource.com/c/93823
Reviewed-by: Stephen Adams <sra@google.com>
Commit-Queue: Sigmund Cherem <sigmund@google.com>