Make WordPress Core

Opened 3 months ago

Closed 3 months ago

Last modified 2 months ago

#61665 closed task (blessed) (fixed)

Update the `$_old_files` array for 6.6

Reported by: dd32's profile dd32 Owned by: hellofromtonya's profile hellofromTonya
Milestone: 6.6.1 Priority: normal
Severity: normal Version: 6.6
Component: Upgrade/Install Keywords: has-patch dev-reviewed commit fixed-major
Focuses: Cc:

Description

It doesn't appear that the $_old_files array was updated prior to the 6.6 release.

The following files need to be added:

$ svn diff --summarize https://core.svn.wordpress.org/tags/6.5 https://core.svn.wordpress.org/tags/6.6 | grep '^D'
D       https://core.svn.wordpress.org/tags/6.5/wp-includes/blocks/block/editor.css
D       https://core.svn.wordpress.org/tags/6.5/wp-includes/blocks/block/editor.min.css
D       https://core.svn.wordpress.org/tags/6.5/wp-includes/blocks/block/editor-rtl.css
D       https://core.svn.wordpress.org/tags/6.5/wp-includes/blocks/block/editor-rtl.min.css

See https://make.wordpress.org/core/handbook/about/release-cycle/releasing-major-versions/#dry-run

Change History (21)

#1 @dd32
3 months ago

Just noting, that has caused a number of "security plugins" to throw warnings about the WordPress installation having extra unexpected files.

#2 @audrasjb
3 months ago

  • Keywords needs-patch added
  • Owner set to audrasjb
  • Status changed from new to assigned

Erf. When preparing the Dry Run we saw those files with @davidbaumwald and @hellofromTonya but assumed they were false positive. Sorry everyone about that.
https://wordpress.slack.com/archives/C06U06K50Q5/p1720968264541949

#3 @hellofromTonya
3 months ago

Are these actually old files? Or are they artifacts causing false flags?

Copying parts of the slack discussion about these particular files:

@davidbaumwald observed these files keep getting reported for "a few majors":

^D produce a few false positives that have existed for a while now, and ^A reports things that do not exist in the array previously.
...
They've been there for a few majors now

and was working with systems to help identify why:

I reached out to systems to see if there's some sort of artifact in core.svn.wordpress.org

Hey @davidbaumwald, any feedback from the systems team?

#4 @hellofromTonya
3 months ago

Are these actually old files? Or are they artifacts causing false flags?

I compared 6.4.5, 6.5.5, and 6.6.0 to find out.

The files:

'wp-includes/blocks/block/editor.css',
'wp-includes/blocks/block/editor.min.css',
'wp-includes/blocks/block/editor-rtl.css',
'wp-includes/blocks/block/editor-rtl.min.css',

How:

  1. Downloaded each version from the release archives.
  2. Unzipped each, renaming the directory to append its version.
  3. Navigated to wp-includes/blocks/block/ directory in each version to check if the files were there or not.

Results:

  • 6.4.5 ✅ yes these files are present.
  • 6.5.5 ✅ yes these files are present.
  • 6.6.0 ❌ no these files are not present.

Interesting. So they were removed in the 6.6 cycle.

#5 @davidbaumwald
3 months ago

I understand now. These are built files, and only exist after a build, which core.svn.wordpress.org seems to be referencing the build repo(currently at rev 58145).

The $_old_files should include them. This is on me for conflating two different issues in the past.

Going to get this committed to trunk now.

This ticket was mentioned in PR #7049 on WordPress/wordpress-develop by @hellofromTonya.


3 months ago
#6

  • Keywords has-patch added; needs-patch removed

Adds the following files to the $_old_files array for 6.6:

$ svn diff --summarize https://core.svn.wordpress.org/tags/6.5 https://core.svn.wordpress.org/tags/6.6 | grep '^D'
D       https://core.svn.wordpress.org/tags/6.5/wp-includes/blocks/block/editor.css
D       https://core.svn.wordpress.org/tags/6.5/wp-includes/blocks/block/editor.min.css
D       https://core.svn.wordpress.org/tags/6.5/wp-includes/blocks/block/editor-rtl.css
D       https://core.svn.wordpress.org/tags/6.5/wp-includes/blocks/block/editor-rtl.min.css

Originally flagged as false positives, these specific files did exist in 6.4.5 and 6.5.5, but no longer exist in 6.6.

Trac ticket: https://core.trac.wordpress.org/ticket/61665

This ticket was mentioned in PR #7050 on WordPress/wordpress-develop by @davidbaumwald.


3 months ago
#7

Missed during the Dry Run(by me).

#8 @davidbaumwald
3 months ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In 58744:

Upgrade/Install: Update the $_old_files array for 6.6.

Props dd32, audrasjb, hellofromTonya.
Fixes #61665.

@hellofromTonya commented on PR #7049:


3 months ago
#9

Closing in favor of patch with same changes that was committed in https://core.trac.wordpress.org/changeset/58744.

#10 @davidbaumwald
3 months ago

  • Keywords dev-feedback added
  • Resolution fixed deleted
  • Status changed from closed to reopened

Reopening for backport to the 6.6 branch.

#11 @hellofromTonya
3 months ago

  • Keywords dev-reviewed commit added; dev-feedback removed

[58744] LGTM for backport to the 6.6-branch.

#12 @joedolson
3 months ago

#61678 was marked as a duplicate.

This ticket was mentioned in Slack in #core by hellofromtonya. View the logs.


3 months ago

#14 @hellofromTonya
3 months ago

  • Owner changed from audrasjb to hellofromTonya
  • Status changed from reopened to reviewing

backporting now.

#15 @hellofromTonya
3 months ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In 58746:

Upgrade/Install: Update the $_old_files array for 6.6.

Reviewed by hellofromTonya.
Merges [58744] to the 6.6 branch.

Props dd32, audrasjb, hellofromTonya.
Fixes #61665.

#16 @hellofromTonya
3 months ago

Manually added @jpnl to the commit props, i.e. who reported the same issue in #61678.

This ticket was mentioned in Slack in #core by costdev. View the logs.


3 months ago

#18 @generosus
3 months ago

Hey Guys!

Thanks for jumping on this so quickly.

Are you going to release a WP patch (say, V 6.6.1) to close this finding?

Cheers!

Last edited 3 months ago by generosus (previous) (diff)

#19 @jorbin
3 months ago

@generosus RC1 for 6.6.1 was made available yesterday and assuming there are no issues, it is planned to be released on 23 July

#20 @generosus
3 months ago

@jorbin Perfect. Thank you!

#21 @hellofromTonya
2 months ago

  • Keywords fixed-major added
Note: See TracTickets for help on using tickets.