diff --git a/core/modules/update/tests/src/Functional/UpdateContribTest.php b/core/modules/update/tests/src/Functional/UpdateContribTest.php index c2325376da..2a0d36d602 100644 --- a/core/modules/update/tests/src/Functional/UpdateContribTest.php +++ b/core/modules/update/tests/src/Functional/UpdateContribTest.php @@ -548,6 +548,14 @@ public function securityUpdateAvailabilityProvider() { 'update_available' => TRUE, 'fixture' => 'sec.8.x-2.2_1.x_secure', ], + // On latest security release for module major release 1. + // Security release also available for next major. + '8.x-1.2, 8.x-1.2 8.x-2.2' => [ + 'module_patch_version' => '8.x-1.2', + 'expected_security_release' => [], + 'update_available' => FALSE, + 'fixture' => 'sec.8.x-1.2_8.x-2.2', + ], // @todo In https://www.drupal.org/node/2865920 add test cases: // - 8.x-2.0 using fixture 'sec.8.x-1.2_8.x-2.2' to ensure that 8.x-2.2 // is the only security update. diff --git a/core/modules/update/tests/src/Functional/UpdateCoreTest.php b/core/modules/update/tests/src/Functional/UpdateCoreTest.php index dc7da67380..63545ea2af 100644 --- a/core/modules/update/tests/src/Functional/UpdateCoreTest.php +++ b/core/modules/update/tests/src/Functional/UpdateCoreTest.php @@ -242,6 +242,15 @@ public function securityUpdateAvailabilityProvider() { 'update_available' => FALSE, 'fixture' => 'sec.0.2', ], + // Site on latest security release available for site minor release 0. + // Minor release 1 also has a security release, and the current release + // is marked as insecure. + '0.2, 0.2' => [ + 'site_patch_version' => '0.2', + 'expected_security_release' => ['1.2', '2.0-rc2'], + 'update_available' => FALSE, + 'fixture' => 'sec.0.2-rc2', + ], // Two security releases available for site minor release 0. // 0.1 security release marked as insecure. // No releases for next minor. @@ -273,10 +282,7 @@ public function securityUpdateAvailabilityProvider() { 'site_patch_version' => '1.2', 'expected_security_releases' => [], 'update_available' => FALSE, - // @todo Change to use fixture 'sec.0.2-rc2' in - // https://www.drupal.org/node/2804155. Currently this case would fail - // because 8.2.0-rc2 would be the recommend security release. - 'fixture' => 'sec.0.2-rc2-b', + 'fixture' => 'sec.0.2-rc2', ], // No security release available for site minor release 0. // Security release available for next minor. @@ -286,6 +292,20 @@ public function securityUpdateAvailabilityProvider() { 'update_available' => FALSE, 'fixture' => 'sec.1.2_insecure', ], + // All releases for minor 0 are secure. + // Security release available for next minor. + '0.0, 1.2, secure' => [ + 'site_patch_version' => '0.0', + 'expected_security_release' => ['1.2'], + 'update_available' => FALSE, + 'fixture' => 'sec.1.2', + ], + '0.2, 1.2, secure' => [ + 'site_patch_version' => '0.2', + 'expected_security_release' => ['1.2'], + 'update_available' => FALSE, + 'fixture' => 'sec.1.2', + ], // Site on 2.0-rc2 which is a security release. '2.0-rc2, 0.2 1.2' => [ 'site_patch_version' => '2.0-rc2', diff --git a/core/modules/update/update.compare.inc b/core/modules/update/update.compare.inc index 2ba5fdce75..dd658120ef 100644 --- a/core/modules/update/update.compare.inc +++ b/core/modules/update/update.compare.inc @@ -425,15 +425,6 @@ function update_calculate_project_update_status(&$project_data, $available) { $project_data['recommended'] = $project_data['latest_version']; } - // - // Check to see if we need an update or not. - // - - if (!empty($project_data['security updates'])) { - // If we found security updates, that always trumps any other status. - $project_data['status'] = UPDATE_NOT_SECURE; - } - if (isset($project_data['status'])) { // If we already know the status, we're done. return; diff --git a/core/modules/update/update.module b/core/modules/update/update.module index cf1dc6b75b..b7b827623d 100644 --- a/core/modules/update/update.module +++ b/core/modules/update/update.module @@ -405,24 +405,6 @@ function update_get_available($refresh = FALSE) { $available = \Drupal::keyValueExpirable('update_available_releases')->getAll(); } - // Check for security releases that are covered under the same security - // advisories as the site's current release, and override the update status - // data so that those releases are not flagged as needed security updates. - // Any security releases beyond those specific releases will still be shown - // as required security updates. - - // @todo This is a temporary fix to allow minor-version backports of security - // fixes to be shown as secure. It should not be included in the codebase of - // any release or branch other than such backports. Replace this with - // https://www.drupal.org/project/drupal/issues/2804155. - foreach (_update_equivalent_security_releases() as $equivalent_release) { - if (!empty($available['drupal']['releases'][$equivalent_release]['terms']['Release type'])) { - $security_release_key = array_search('Security update', $available['drupal']['releases'][$equivalent_release]['terms']['Release type']); - if ($security_release_key !== FALSE) { - unset($available['drupal']['releases'][$equivalent_release]['terms']['Release type'][$security_release_key]); - } - } - } return $available; } @@ -439,11 +421,13 @@ function update_get_available($refresh = FALSE) { * A list of security release numbers that are equivalent to this release * (i.e. covered by the same advisory), for backported security fixes only. * - * @todo This is a temporary fix to allow minor-version backports of security - * fixes to be shown as secure. Replace this with - * https://www.drupal.org/project/drupal/issues/2766491. + * @internal + * + * @deprecated in Drupal 8.6.0 and will be removed before Drupal 9.0.0. This was + * a temporary internal fix and no replacement is needed. */ function _update_equivalent_security_releases() { + trigger_error('This internal function was a temporary fix and will be removed before 9.0.0. Use the \'Internal\' release type tag in update XML provided by drupal.org to determine if releases are insecure.', E_USER_DEPRECATED); switch (\Drupal::VERSION) { case '8.3.8': return ['8.4.5', '8.5.0-rc1'];