X-Git-Url: https://yaffs.net/gitweb/?a=blobdiff_plain;f=web%2Fcore%2Fmodules%2Fupdate%2Fupdate.module;h=2b9d651a7490ca67f9a8ccf30ae08c33d3f92e44;hb=refs%2Fheads%2Ft2;hp=32b5b8cc8779488712b4f4c41f0861d187ea5990;hpb=a2bd1bf0c2c1f1a17d188f4dc0726a45494cefae;p=yaffs-website diff --git a/web/core/modules/update/update.module b/web/core/modules/update/update.module index 32b5b8cc8..2b9d651a7 100644 --- a/web/core/modules/update/update.module +++ b/web/core/modules/update/update.module @@ -23,6 +23,8 @@ use Drupal\Core\Site\Settings; * * @deprecated in Drupal 8.3.x and will be removed before Drupal 9.0.0. * Use \Drupal\update\UpdateManagerInterface::NOT_SECURE instead. + * + * @see https://www.drupal.org/node/2831620 */ const UPDATE_NOT_SECURE = 1; @@ -31,6 +33,8 @@ const UPDATE_NOT_SECURE = 1; * * @deprecated in Drupal 8.3.x and will be removed before Drupal 9.0.0. * Use \Drupal\update\UpdateManagerInterface::REVOKED instead. + * + * @see https://www.drupal.org/node/2831620 */ const UPDATE_REVOKED = 2; @@ -39,6 +43,8 @@ const UPDATE_REVOKED = 2; * * @deprecated in Drupal 8.3.x and will be removed before Drupal 9.0.0. * Use \Drupal\update\UpdateManagerInterface::NOT_SUPPORTED instead. + * + * @see https://www.drupal.org/node/2831620 */ const UPDATE_NOT_SUPPORTED = 3; @@ -47,6 +53,8 @@ const UPDATE_NOT_SUPPORTED = 3; * * @deprecated in Drupal 8.3.x and will be removed before Drupal 9.0.0. * Use \Drupal\update\UpdateManagerInterface::NOT_CURRENT instead. + * + * @see https://www.drupal.org/node/2831620 */ const UPDATE_NOT_CURRENT = 4; @@ -55,6 +63,8 @@ const UPDATE_NOT_CURRENT = 4; * * @deprecated in Drupal 8.3.x and will be removed before Drupal 9.0.0. * Use \Drupal\update\UpdateManagerInterface::CURRENT instead. + * + * @see https://www.drupal.org/node/2831620 */ const UPDATE_CURRENT = 5; @@ -63,6 +73,8 @@ const UPDATE_CURRENT = 5; * * @deprecated in Drupal 8.3.x and will be removed before Drupal 9.0.0. * Use \Drupal\update\UpdateFetcherInterface::NOT_CHECKED instead. + * + * @see https://www.drupal.org/node/2831620 */ const UPDATE_NOT_CHECKED = -1; @@ -71,6 +83,8 @@ const UPDATE_NOT_CHECKED = -1; * * @deprecated in Drupal 8.3.x and will be removed before Drupal 9.0.0. * Use \Drupal\update\UpdateFetcherInterface::UNKNOWN instead. + * + * @see https://www.drupal.org/node/2831620 */ const UPDATE_UNKNOWN = -2; @@ -79,6 +93,8 @@ const UPDATE_UNKNOWN = -2; * * @deprecated in Drupal 8.3.x and will be removed before Drupal 9.0.0. * Use \Drupal\update\UpdateFetcherInterface::NOT_FETCHED instead. + * + * @see https://www.drupal.org/node/2831620 */ const UPDATE_NOT_FETCHED = -3; @@ -87,6 +103,8 @@ const UPDATE_NOT_FETCHED = -3; * * @deprecated in Drupal 8.3.x and will be removed before Drupal 9.0.0. * Use \Drupal\update\UpdateFetcherInterface::FETCH_PENDING instead. + * + * @see https://www.drupal.org/node/2831620 */ const UPDATE_FETCH_PENDING = -4; @@ -349,7 +367,7 @@ function update_get_available($refresh = FALSE) { foreach ($projects as $key => $project) { // If there's no data at all, we clearly need to fetch some. if (empty($available[$key])) { - //update_create_fetch_task($project); + // update_create_fetch_task($project); \Drupal::service('update.processor')->createFetchTask($project); $needs_refresh = TRUE; continue; @@ -386,9 +404,56 @@ function update_get_available($refresh = FALSE) { $available = \Drupal::keyValueExpirable('update_available_releases')->getAll(); } + // Check for security releases that are covered under the same security + // advisories as the site's current release, and override the update status + // data so that those releases are not flagged as needed security updates. + // Any security releases beyond those specific releases will still be shown + // as required security updates. + + // @todo This is a temporary fix to allow minor-version backports of security + // fixes to be shown as secure. It should not be included in the codebase of + // any release or branch other than such backports. Replace this with + // https://www.drupal.org/project/drupal/issues/2766491. + foreach (_update_equivalent_security_releases() as $equivalent_release) { + if (!empty($available['drupal']['releases'][$equivalent_release]['terms']['Release type'])) { + $security_release_key = array_search('Security update', $available['drupal']['releases'][$equivalent_release]['terms']['Release type']); + if ($security_release_key !== FALSE) { + unset($available['drupal']['releases'][$equivalent_release]['terms']['Release type'][$security_release_key]); + } + } + } return $available; } +/** + * Identifies equivalent security releases with a hardcoded list. + * + * Generally, only the latest minor version of Drupal 8 is supported. However, + * when security fixes are backported to an old branch, and the site owner + * updates to the release containing the backported fix, they should not + * see "Security update required!" again if the only other security releases + * are releases for the same advisories. + * + * @return string[] + * A list of security release numbers that are equivalent to this release + * (i.e. covered by the same advisory), for backported security fixes only. + * + * @todo This is a temporary fix to allow minor-version backports of security + * fixes to be shown as secure. It should not be included in the codebase of + * any release or branch other than such backports. Replace this with + * https://www.drupal.org/project/drupal/issues/2766491. + */ +function _update_equivalent_security_releases() { + switch (\Drupal::VERSION) { + case '8.4.5': + return ['8.5.0-rc1']; + case '8.4.6': + return ['8.5.1']; + } + + return []; +} + /** * Adds a task to the queue for fetching release history data for a project. *