From f62c808047484dfd0dda309889cfc940c866f73b Mon Sep 17 00:00:00 2001
From: Alex Pott <alex.a.pott@googlemail.com>
Date: Mon, 20 Apr 2020 00:25:26 +0100
Subject: [PATCH] Issue #2992631 by dww, swatichouhan012, tedbow, jungle, xjm:
Update report incorrectly recommends security releases for old minors when a
security update is needed and a secure version of the old minor is also
available
(cherry picked from commit e1b9321477126cea6d4af2f2b6c3eca506c6c2d0)
---
.../src/Functional/UpdateContribTest.php | 8 +++--
.../tests/src/Functional/UpdateCoreTest.php | 29 ++++++++++++-------
core/modules/update/update.compare.inc | 15 +++++-----
3 files changed, 33 insertions(+), 19 deletions(-)
diff --git a/core/modules/update/tests/src/Functional/UpdateContribTest.php b/core/modules/update/tests/src/Functional/UpdateContribTest.php
index a3125d0f4c6f..99c3621d8a9c 100644
--- a/core/modules/update/tests/src/Functional/UpdateContribTest.php
+++ b/core/modules/update/tests/src/Functional/UpdateContribTest.php
@@ -709,9 +709,13 @@ public function securityUpdateAvailabilityProvider() {
'expected_update_message_type' => static::UPDATE_NONE,
'fixture' => 'sec.8.x-1.2_8.x-2.2',
],
+ '8.x-2.0, 8.x-1.2 8.x-2.2' => [
+ 'module_patch_version' => '8.x-2.0',
+ 'expected_security_releases' => ['8.x-2.2'],
+ 'expected_update_message_type' => static::SECURITY_UPDATE_REQUIRED,
+ 'fixture' => 'sec.8.x-1.2_8.x-2.2',
+ ],
// @todo In https://www.drupal.org/node/2865920 add test cases:
- // - 8.x-2.0 using fixture 'sec.8.x-1.2_8.x-2.2' to ensure that 8.x-2.2
- // is the only security update.
// - 8.x-3.0-beta1 using fixture 'sec.8.x-1.2_8.x-2.2' to ensure that
// 8.x-2.2 is the only security update.
];
diff --git a/core/modules/update/tests/src/Functional/UpdateCoreTest.php b/core/modules/update/tests/src/Functional/UpdateCoreTest.php
index 253d888ab531..41eea608236d 100644
--- a/core/modules/update/tests/src/Functional/UpdateCoreTest.php
+++ b/core/modules/update/tests/src/Functional/UpdateCoreTest.php
@@ -355,6 +355,14 @@ public function securityUpdateAvailabilityProvider() {
'expected_update_message_type' => static::UPDATE_NONE,
'fixture' => 'sec.0.2-rc2',
],
+ // Ensure that 8.0.2 security release is not shown because it is earlier
+ // version than 1.0.
+ '1.0, 0.2 1.2' => [
+ 'site_patch_version' => '1.0',
+ 'expected_security_releases' => ['1.2', '2.0-rc2'],
+ 'expected_update_message_type' => static::SECURITY_UPDATE_REQUIRED,
+ 'fixture' => 'sec.0.2-rc2',
+ ],
];
$pre_releases = [
'2.0-alpha1',
@@ -365,24 +373,25 @@ public function securityUpdateAvailabilityProvider() {
'2.0-rc2',
];
- // If the site is on an alpha/beta/RC of an upcoming minor and none of the
- // alpha/beta/RC versions are marked insecure, no security update should be
- // required.
foreach ($pre_releases as $pre_release) {
+ // If the site is on an alpha/beta/RC of an upcoming minor and none of the
+ // alpha/beta/RC versions are marked insecure, no security update should
+ // be required.
$test_cases["Pre-release:$pre_release, no security update"] = [
'site_patch_version' => $pre_release,
'expected_security_releases' => [],
'expected_update_message_type' => $pre_release === '2.0-rc2' ? static::UPDATE_NONE : static::UPDATE_AVAILABLE,
'fixture' => 'sec.0.2-rc2-b',
];
+ // If the site is on an alpha/beta/RC of an upcoming minor and there is
+ // an RC version with a security update, it should be recommended.
+ $test_cases["Pre-release:$pre_release, security update"] = [
+ 'site_patch_version' => $pre_release,
+ 'expected_security_releases' => $pre_release === '2.0-rc2' ? [] : ['2.0-rc2'],
+ 'expected_update_message_type' => $pre_release === '2.0-rc2' ? static::UPDATE_NONE : static::SECURITY_UPDATE_REQUIRED,
+ 'fixture' => 'sec.0.2-rc2',
+ ];
}
-
- // @todo In https://www.drupal.org/node/2865920 add test cases:
- // - For all pre-releases for 8.2.0 except 8.2.0-rc2 using the
- // 'sec.0.2-rc2' fixture to ensure that 8.2.0-rc2 is the only security
- // update.
- // - For 8.1.0 using fixture 'sec.0.2-rc2' to ensure that only security
- // updates are 8.1.2 and 8.2.0-rc2.
return $test_cases;
}
diff --git a/core/modules/update/update.compare.inc b/core/modules/update/update.compare.inc
index 1eadbed71f31..fd72a7d174a1 100644
--- a/core/modules/update/update.compare.inc
+++ b/core/modules/update/update.compare.inc
@@ -390,13 +390,14 @@ function update_calculate_project_update_status(&$project_data, $available) {
];
}
}
-
- // Otherwise, ignore unpublished, insecure, or unsupported releases.
- if ($release['status'] == 'unpublished' ||
- !$is_in_supported_branch($release['version']) ||
- (isset($release['terms']['Release type']) &&
- (in_array('Insecure', $release['terms']['Release type']) ||
- in_array('Unsupported', $release['terms']['Release type'])))) {
+ // Other than the currently installed release, ignore unpublished, insecure,
+ // or unsupported updates.
+ elseif ($release['status'] == 'unpublished' ||
+ !$is_in_supported_branch($release['version']) ||
+ (isset($release['terms']['Release type']) &&
+ (in_array('Insecure', $release['terms']['Release type']) ||
+ in_array('Unsupported', $release['terms']['Release type'])))
+ ) {
continue;
}
--
GitLab