dotnet · jkotalik · May 15, 2020 · Apr 2, 2020 · Apr 5, 2020 · Apr 5, 2020
diff --git a/eng/Baseline.Designer.props b/eng/Baseline.Designer.props
diff --git a/eng/Baseline.xml b/eng/Baseline.xml
@@ -4,86 +4,86 @@ This file contains a list of all the packages and their versions which were rele
 Update this list when preparing for a new patch.
 
 -->
-<Baseline Version="3.1.3">
+<Baseline Version="3.1.4">
   <Package Id="AspNetCoreRuntime.3.0.x64" Version="3.0.3" />
   <Package Id="AspNetCoreRuntime.3.0.x86" Version="3.0.3" />
-  <Package Id="dotnet-sql-cache" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.ApiAuthorization.IdentityServer" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.App.Runtime.win-x64" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.Authentication.AzureAD.UI" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.Authentication.AzureADB2C.UI" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.Authentication.Certificate" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.Authentication.Facebook" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.Authentication.Google" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.Authentication.JwtBearer" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.Authentication.MicrosoftAccount" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.Authentication.Negotiate" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.Authentication.Twitter" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.Authentication.WsFederation" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.Authorization" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.AzureAppServices.HostingStartup" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.AzureAppServices.SiteExtension" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.AzureAppServicesIntegration" Version="3.1.3" />
+  <Package Id="dotnet-sql-cache" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.ApiAuthorization.IdentityServer" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.App.Runtime.win-x64" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.Authentication.AzureAD.UI" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.Authentication.AzureADB2C.UI" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.Authentication.Certificate" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.Authentication.Facebook" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.Authentication.Google" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.Authentication.JwtBearer" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.Authentication.MicrosoftAccount" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.Authentication.Negotiate" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.Authentication.Twitter" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.Authentication.WsFederation" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.Authorization" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.AzureAppServices.HostingStartup" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.AzureAppServices.SiteExtension" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.AzureAppServicesIntegration" Version="3.1.4" />
   <Package Id="Microsoft.AspNetCore.Blazor" Version="3.2.0-preview1.20073.1" />
   <Package Id="Microsoft.AspNetCore.Blazor.Build" Version="3.2.0-preview1.20073.1" />
   <Package Id="Microsoft.AspNetCore.Blazor.DevServer" Version="3.2.0-preview1.20073.1" />
   <Package Id="Microsoft.AspNetCore.Blazor.HttpClient" Version="3.2.0-preview1.20073.1" />
   <Package Id="Microsoft.AspNetCore.Blazor.Server" Version="3.2.0-preview1.20073.1" />
   <Package Id="Microsoft.AspNetCore.Blazor.Templates" Version="3.2.0-preview1.20073.1" />
-  <Package Id="Microsoft.AspNetCore.Components" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.Components.Analyzers" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.Components.Authorization" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.Components.Forms" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.Components.Web" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.ConcurrencyLimiter" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.Connections.Abstractions" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.Cryptography.Internal" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.Cryptography.KeyDerivation" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.DataProtection" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.DataProtection.Abstractions" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.DataProtection.AzureKeyVault" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.DataProtection.AzureStorage" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.DataProtection.EntityFrameworkCore" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.DataProtection.Extensions" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.DataProtection.StackExchangeRedis" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.HeaderPropagation" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.Hosting.WindowsServices" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.Http.Connections.Client" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.Http.Connections.Common" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.Http.Features" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.Identity.Specification.Tests" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.Identity.UI" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.JsonPatch" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.Metadata" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.MiddlewareAnalysis" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.Mvc.NewtonsoftJson" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.Mvc.Testing" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.NodeServices" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.Owin" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.SignalR.Client" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.SignalR.Client.Core" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.SignalR.Common" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.SignalR.Protocols.Json" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.SignalR.Protocols.NewtonsoftJson" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.SignalR.Specification.Tests" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.SignalR.StackExchangeRedis" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.SpaServices" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.SpaServices.Extensions" Version="3.1.3" />
-  <Package Id="Microsoft.AspNetCore.TestHost" Version="3.1.3" />
-  <Package Id="Microsoft.dotnet-openapi" Version="3.1.3" />
-  <Package Id="Microsoft.DotNet.Web.Client.ItemTemplates" Version="3.1.3" />
-  <Package Id="Microsoft.DotNet.Web.ItemTemplates" Version="3.1.3" />
-  <Package Id="Microsoft.DotNet.Web.ProjectTemplates.3.1" Version="3.1.3" />
-  <Package Id="Microsoft.DotNet.Web.Spa.ProjectTemplates.3.1" Version="3.1.3" />
-  <Package Id="Microsoft.Extensions.ApiDescription.Client" Version="3.1.3" />
-  <Package Id="Microsoft.Extensions.ApiDescription.Server" Version="3.1.3" />
-  <Package Id="Microsoft.Extensions.Diagnostics.HealthChecks.EntityFrameworkCore" Version="3.1.3" />
-  <Package Id="Microsoft.Extensions.Identity.Core" Version="3.1.3" />
-  <Package Id="Microsoft.Extensions.Identity.Stores" Version="3.1.3" />
+  <Package Id="Microsoft.AspNetCore.Components" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.Components.Analyzers" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.Components.Authorization" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.Components.Forms" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.Components.Web" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.ConcurrencyLimiter" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.Connections.Abstractions" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.Cryptography.Internal" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.Cryptography.KeyDerivation" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.DataProtection" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.DataProtection.Abstractions" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.DataProtection.AzureKeyVault" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.DataProtection.AzureStorage" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.DataProtection.EntityFrameworkCore" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.DataProtection.Extensions" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.DataProtection.StackExchangeRedis" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.HeaderPropagation" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.Hosting.WindowsServices" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.Http.Connections.Client" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.Http.Connections.Common" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.Http.Features" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.Identity.Specification.Tests" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.Identity.UI" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.JsonPatch" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.Metadata" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.MiddlewareAnalysis" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.Mvc.NewtonsoftJson" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.Mvc.Testing" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.NodeServices" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.Owin" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.SignalR.Client" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.SignalR.Client.Core" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.SignalR.Common" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.SignalR.Protocols.Json" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.SignalR.Protocols.NewtonsoftJson" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.SignalR.Specification.Tests" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.SignalR.StackExchangeRedis" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.SpaServices" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.SpaServices.Extensions" Version="3.1.4" />
+  <Package Id="Microsoft.AspNetCore.TestHost" Version="3.1.4" />
+  <Package Id="Microsoft.dotnet-openapi" Version="3.1.4" />
+  <Package Id="Microsoft.DotNet.Web.Client.ItemTemplates" Version="3.1.4" />
+  <Package Id="Microsoft.DotNet.Web.ItemTemplates" Version="3.1.4" />
+  <Package Id="Microsoft.DotNet.Web.ProjectTemplates.3.1" Version="3.1.4" />
+  <Package Id="Microsoft.DotNet.Web.Spa.ProjectTemplates.3.1" Version="3.1.4" />
+  <Package Id="Microsoft.Extensions.ApiDescription.Client" Version="3.1.4" />
+  <Package Id="Microsoft.Extensions.ApiDescription.Server" Version="3.1.4" />
+  <Package Id="Microsoft.Extensions.Diagnostics.HealthChecks.EntityFrameworkCore" Version="3.1.4" />
+  <Package Id="Microsoft.Extensions.Identity.Core" Version="3.1.4" />
+  <Package Id="Microsoft.Extensions.Identity.Stores" Version="3.1.4" />
 </Baseline>
diff --git a/eng/targets/ResolveReferences.targets b/eng/targets/ResolveReferences.targets
@@ -132,7 +132,9 @@
     This target resolves remaining Referene items to Packages, if possible. If not, they are left as Reference items fo the SDK to resolve.
     This executes on NuGet restore and during DesignTimeBuild. It should not run in the outer, cross-targeting build.
    -->
-  <Target Name="ResolveCustomReferences" BeforeTargets="CollectPackageReferences;ResolveAssemblyReferencesDesignTime;ResolveAssemblyReferences" Condition=" '$(TargetFramework)' != '' AND '$(EnableCustomReferenceResolution)' == 'true' ">
+  <Target Name="ResolveCustomReferences"
+      BeforeTargets="CheckForImplicitPackageReferenceOverrides;CollectPackageReferences;ResolvePackageAssets"
+      Condition=" '$(TargetFramework)' != '' AND '$(EnableCustomReferenceResolution)' == 'true' ">
     <ItemGroup>
       <!-- Ensure only content asset are consumed from .Sources packages -->
       <Reference>

diff --git a/src/Http/Routing/src/Matching/DfaMatcherBuilder.cs b/src/Http/Routing/src/Matching/DfaMatcherBuilder.cs
@@ -41,6 +41,15 @@ public DfaMatcherBuilder(
             _parameterPolicyFactory = parameterPolicyFactory;
             _selector = selector;
 
+            if (AppContext.TryGetSwitch("Microsoft.AspNetCore.Routing.UseCorrectCatchAllBehavior", out var enabled))
+            {
+                UseCorrectCatchAllBehavior = enabled;
+            }
+            else
+            {
+                UseCorrectCatchAllBehavior = false; // default to bugged behavior
+            }
+
             var (nodeBuilderPolicies, endpointComparerPolicies, endpointSelectorPolicies) = ExtractPolicies(policies.OrderBy(p => p.Order));
             _endpointSelectorPolicies = endpointSelectorPolicies;
             _nodeBuilders = nodeBuilderPolicies;
@@ -56,13 +65,25 @@ public DfaMatcherBuilder(
         // Used in tests
         internal EndpointComparer Comparer => _comparer;
 
+        // Used in tests
+        internal bool UseCorrectCatchAllBehavior { get; set; }
+
         public override void AddEndpoint(RouteEndpoint endpoint)
         {
             _endpoints.Add(endpoint);
         }
 
         public DfaNode BuildDfaTree(bool includeLabel = false)
         {
+            if (!UseCorrectCatchAllBehavior)
+            {
+                // In 3.0 we did a global sort of the endpoints up front. This was a bug, because we actually want
+                // do do the sort at each level of the tree based on precedence.
+                //
+                // _useLegacy30Behavior enables opt-out via an AppContext switch.
+                _endpoints.Sort(_comparer);
+            }
+
             // Since we're doing a BFS we will process each 'level' of the tree in stages
             // this list will hold the set of items we need to process at the current
             // stage.
@@ -116,8 +137,13 @@ public DfaNode BuildDfaTree(bool includeLabel = false)
                     nextWork = previousWork;
                 }
 
-                // See comments on precedenceDigitComparer
-                work.Sort(0, workCount, precedenceDigitComparer);
+                if (UseCorrectCatchAllBehavior)
+                {
+                    // The fix for the 3.0 sorting behavior bug.
+
+                    // See comments on precedenceDigitComparer
+                    work.Sort(0, workCount, precedenceDigitComparer);
+                }
 
                 for (var i = 0; i < workCount; i++)
                 {
@@ -460,7 +486,10 @@ private int AddNode(
                 candidates,
                 endpointSelectorPolicies?.ToArray() ?? Array.Empty<IEndpointSelectorPolicy>(),
                 JumpTableBuilder.Build(currentDefaultDestination, currentExitDestination, pathEntries),
-                BuildPolicy(currentExitDestination, node.NodeBuilder, policyEntries));
+                // Use the final exit destination when building the policy state.
+                // We don't want to use either of the current destinations because they refer routing states,
+                // and a policy state should never transition back to a routing state.
+                BuildPolicy(exitDestination, node.NodeBuilder, policyEntries));
 
             return currentStateIndex;
 

diff --git a/src/Http/Routing/test/UnitTests/GlobalSuppressions.cs b/src/Http/Routing/test/UnitTests/GlobalSuppressions.cs
@@ -0,0 +1,11 @@
+// This file is used by Code Analysis to maintain SuppressMessage
+// attributes that are applied to this project.
+// Project-level suppressions either have no target or are given
+// a specific target and scoped to a namespace, type, member, etc.
+
+[assembly: System.Diagnostics.CodeAnalysis.SuppressMessage(
+    "Build",
+    "xUnit1013:Public method 'Quirks_CatchAllParameter' on test class 'FullFeaturedMatcherConformanceTest' should be marked as a Theory.",
+    Justification = "This is a bug in the xUnit analyzer. This method is already marked as a theory.",
+    Scope = "member",
+    Target = "~M:Microsoft.AspNetCore.Routing.Matching.FullFeaturedMatcherConformanceTest.Quirks_CatchAllParameter(System.String,System.String,System.String[],System.String[])~System.Threading.Tasks.Task")]