Unverified Commit 90a553d6 authored by alexpott's avatar alexpott
Browse files

Issue #2992631 by dww, swatichouhan012, tedbow, jungle, xjm: Update report...

Issue #2992631 by dww, swatichouhan012, tedbow, jungle, xjm: Update report incorrectly recommends security releases for old minors when a security update is needed and a secure version of the old minor is also available

(cherry picked from commit e1b93214)
parent 4f2a4381
......@@ -709,9 +709,13 @@ public function securityUpdateAvailabilityProvider() {
'expected_update_message_type' => static::UPDATE_NONE,
'fixture' => 'sec.8.x-1.2_8.x-2.2',
],
'8.x-2.0, 8.x-1.2 8.x-2.2' => [
'module_patch_version' => '8.x-2.0',
'expected_security_releases' => ['8.x-2.2'],
'expected_update_message_type' => static::SECURITY_UPDATE_REQUIRED,
'fixture' => 'sec.8.x-1.2_8.x-2.2',
],
// @todo In https://www.drupal.org/node/2865920 add test cases:
// - 8.x-2.0 using fixture 'sec.8.x-1.2_8.x-2.2' to ensure that 8.x-2.2
// is the only security update.
// - 8.x-3.0-beta1 using fixture 'sec.8.x-1.2_8.x-2.2' to ensure that
// 8.x-2.2 is the only security update.
];
......
......@@ -355,6 +355,14 @@ public function securityUpdateAvailabilityProvider() {
'expected_update_message_type' => static::UPDATE_NONE,
'fixture' => 'sec.0.2-rc2',
],
// Ensure that 8.0.2 security release is not shown because it is earlier
// version than 1.0.
'1.0, 0.2 1.2' => [
'site_patch_version' => '1.0',
'expected_security_releases' => ['1.2', '2.0-rc2'],
'expected_update_message_type' => static::SECURITY_UPDATE_REQUIRED,
'fixture' => 'sec.0.2-rc2',
],
];
$pre_releases = [
'2.0-alpha1',
......@@ -365,24 +373,25 @@ public function securityUpdateAvailabilityProvider() {
'2.0-rc2',
];
// If the site is on an alpha/beta/RC of an upcoming minor and none of the
// alpha/beta/RC versions are marked insecure, no security update should be
// required.
foreach ($pre_releases as $pre_release) {
// If the site is on an alpha/beta/RC of an upcoming minor and none of the
// alpha/beta/RC versions are marked insecure, no security update should
// be required.
$test_cases["Pre-release:$pre_release, no security update"] = [
'site_patch_version' => $pre_release,
'expected_security_releases' => [],
'expected_update_message_type' => $pre_release === '2.0-rc2' ? static::UPDATE_NONE : static::UPDATE_AVAILABLE,
'fixture' => 'sec.0.2-rc2-b',
];
// If the site is on an alpha/beta/RC of an upcoming minor and there is
// an RC version with a security update, it should be recommended.
$test_cases["Pre-release:$pre_release, security update"] = [
'site_patch_version' => $pre_release,
'expected_security_releases' => $pre_release === '2.0-rc2' ? [] : ['2.0-rc2'],
'expected_update_message_type' => $pre_release === '2.0-rc2' ? static::UPDATE_NONE : static::SECURITY_UPDATE_REQUIRED,
'fixture' => 'sec.0.2-rc2',
];
}
// @todo In https://www.drupal.org/node/2865920 add test cases:
// - For all pre-releases for 8.2.0 except 8.2.0-rc2 using the
// 'sec.0.2-rc2' fixture to ensure that 8.2.0-rc2 is the only security
// update.
// - For 8.1.0 using fixture 'sec.0.2-rc2' to ensure that only security
// updates are 8.1.2 and 8.2.0-rc2.
return $test_cases;
}
......
......@@ -390,13 +390,14 @@ function update_calculate_project_update_status(&$project_data, $available) {
];
}
}
// Otherwise, ignore unpublished, insecure, or unsupported releases.
if ($release['status'] == 'unpublished' ||
!$is_in_supported_branch($release['version']) ||
(isset($release['terms']['Release type']) &&
(in_array('Insecure', $release['terms']['Release type']) ||
in_array('Unsupported', $release['terms']['Release type'])))) {
// Other than the currently installed release, ignore unpublished, insecure,
// or unsupported updates.
elseif ($release['status'] == 'unpublished' ||
!$is_in_supported_branch($release['version']) ||
(isset($release['terms']['Release type']) &&
(in_array('Insecure', $release['terms']['Release type']) ||
in_array('Unsupported', $release['terms']['Release type'])))
) {
continue;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment