diff --git a/wordpress-5.1-tinymce_noflash.patch b/wordpress-5.1-tinymce_noflash.patch
index 0d0e79ce9421e482226d569d0b9dcec093c8d935..1dc45f92e2309234037fc3c5e2b6c7d123777871 100644
--- a/wordpress-5.1-tinymce_noflash.patch
+++ b/wordpress-5.1-tinymce_noflash.patch
@@ -1,7 +1,8 @@
-diff -up wordpress/wp-includes/js/tinymce/plugins/media/plugin.js.orig wordpress/wp-includes/js/tinymce/plugins/media/plugin.js
---- wordpress/wp-includes/js/tinymce/plugins/media/plugin.js.orig 2019-02-21 14:59:28.793415420 +0100
-+++ wordpress/wp-includes/js/tinymce/plugins/media/plugin.js 2019-02-21 15:00:14.319647286 +0100
-@@ -166,7 +166,6 @@ var media = (function () {
+diff --git a/wp-includes/js/tinymce/plugins/media/plugin.js b/wp-includes/js/tinymce/plugins/media/plugin.js
+index dffa0fe..53daa94 100644
+--- a/wp-includes/js/tinymce/plugins/media/plugin.js
++++ b/wp-includes/js/tinymce/plugins/media/plugin.js
+@@ -285,7 +285,6 @@ var media = (function () {
mp4: 'video/mp4',
webm: 'video/webm',
ogg: 'video/ogg',
@@ -9,7 +10,7 @@ diff -up wordpress/wp-includes/js/tinymce/plugins/media/plugin.js.orig wordpress
};
var fileEnd = url.toLowerCase().split('.').pop();
var mime = mimes[fileEnd];
-@@ -424,14 +423,6 @@ var media = (function () {
+@@ -537,14 +536,6 @@ var media = (function () {
var allowFullscreen = data.allowFullscreen ? ' allowFullscreen="1"' : '';
return '';
};
@@ -24,7 +25,7 @@ diff -up wordpress/wp-includes/js/tinymce/plugins/media/plugin.js.orig wordpress
var getAudioHtml = function (data, audioTemplateCallback) {
if (audioTemplateCallback) {
return audioTemplateCallback(data);
-@@ -494,8 +485,6 @@ var media = (function () {
+@@ -607,8 +598,6 @@ var media = (function () {
});
if (data.type === 'iframe') {
return getIframeHtml(data);
@@ -33,3 +34,6 @@ diff -up wordpress/wp-includes/js/tinymce/plugins/media/plugin.js.orig wordpress
} else if (data.source1mime.indexOf('audio') !== -1) {
return getAudioHtml(data, audioTemplateCallback);
} else if (data.type === 'script') {
+--
+2.41.0
+
diff --git a/wordpress-5.2-hello.patch b/wordpress-5.2-hello.patch
index 5ccc2f5ae6f99830cbbf216bd8e42e22032deaee..f3f17ec0d964780bdf804396fbebe3eddc583578 100644
--- a/wordpress-5.2-hello.patch
+++ b/wordpress-5.2-hello.patch
@@ -1,7 +1,8 @@
-diff -up wordpress/wp-content/plugins/hello.php.dolly wordpress/wp-content/plugins/hello.php
---- wordpress/wp-content/plugins/hello.php.dolly 2019-03-28 15:09:05.874797878 +0100
-+++ wordpress/wp-content/plugins/hello.php 2019-03-28 15:10:15.892164549 +0100
-@@ -6,41 +6,26 @@
+diff --git a/wp-content/plugins/hello.php b/wp-content/plugins/hello.php
+index ff55908..68129d6 100644
+--- a/wp-content/plugins/hello.php
++++ b/wp-content/plugins/hello.php
+@@ -6,42 +6,26 @@
/*
Plugin Name: Hello Dolly
Plugin URI: http://wordpress.org/plugins/hello-dolly/
@@ -41,8 +42,9 @@ diff -up wordpress/wp-content/plugins/hello.php.dolly wordpress/wp-content/plugi
-Dolly, never go away
-Promise, you'll never go away
-Dolly'll never go away again";
-+ // These are the lyrics to the Free Software Song
-+ $lyrics = "Join us now and share the software;
+-
++ // These are the lyrics to the Free Software Song
++ $lyrics = "Join us now and share the software;
+You'll be free, hackers, you'll be free.
+Hoarders may get piles of money,
+That is true, hackers, that is true.
@@ -54,6 +56,9 @@ diff -up wordpress/wp-content/plugins/hello.php.dolly wordpress/wp-content/plugi
+Ever more, hackers, ever more.
+Join us now and share the software;
+You'll be free, hackers, you'll be free.";
-
// Here we split it into lines.
$lyrics = explode( "\n", $lyrics );
+
+--
+2.41.0
+
diff --git a/wordpress-5.4-config.patch b/wordpress-5.4-config.patch
index 4f9440457a4e405bec31b77b3850756d0b0b4486..32bf4c7ff33dcdaf7654b342fb61c15e55856aa6 100644
--- a/wordpress-5.4-config.patch
+++ b/wordpress-5.4-config.patch
@@ -1,12 +1,14 @@
-diff -up wordpress/wp-config.php.rpm wordpress/wp-config.php
---- wordpress/wp-config.php.rpm 2020-10-20 15:05:26.351765085 +0200
-+++ wordpress/wp-config.php 2020-10-20 15:05:48.663684089 +0200
-@@ -66,6 +66,22 @@ define( 'NONCE_SALT', 'put your un
+diff --git a/wp-config.php b/wp-config.php
+index dc5a976..feb6a3b 100644
+--- a/wp-config.php
++++ b/wp-config.php
+@@ -67,6 +67,22 @@ define( 'NONCE_SALT', 'put your unique phrase here' );
+ */
$table_prefix = 'wp_';
- /**
++/**
+ * See http://make.wordpress.org/core/2013/10/25/the-definitive-guide-to-disabling-auto-updates-in-wordpress-3-7
-+ */
++*/
+
+/* Disable all file change, as RPM base installation are read-only */
+define('DISALLOW_FILE_MODS', true);
@@ -15,16 +17,15 @@ diff -up wordpress/wp-config.php.rpm wordpress/wp-config.php
+define('FS_METHOD', 'direct');
+
+/* Disable automatic updater, in case you want to allow
-+ above FILE_MODS for plugins, themes, ... */
++above FILE_MODS for plugins, themes, ... */
+define('AUTOMATIC_UPDATER_DISABLED', true);
+
+/* Core update is always disabled, WP_AUTO_UPDATE_CORE value is ignore */
+
-+/**
+ /**
* For developers: WordPress debugging mode.
*
- * Change this to true to enable the display of notices during development.
-@@ -83,7 +99,7 @@ define( 'WP_DEBUG', false );
+@@ -89,7 +105,7 @@ define( 'WP_DEBUG', false );
/** Absolute path to the WordPress directory. */
if ( ! defined( 'ABSPATH' ) ) {
@@ -33,3 +34,6 @@ diff -up wordpress/wp-config.php.rpm wordpress/wp-config.php
}
/** Sets up WordPress vars and included files. */
+--
+2.41.0
+
diff --git a/wordpress-5.4-no_swfupload.patch b/wordpress-5.4-no_swfupload.patch
index 3683cb73f2a58421722c4305a4d3a730874b0309..47dbdb07435de25083b283f544a2eaf38c32e32a 100644
--- a/wordpress-5.4-no_swfupload.patch
+++ b/wordpress-5.4-no_swfupload.patch
@@ -1,7 +1,8 @@
-diff -up wordpress/wp-includes/script-loader.php.old wordpress/wp-includes/script-loader.php
---- wordpress/wp-includes/script-loader.php.old 2020-03-25 16:34:50.606199762 +0100
-+++ wordpress/wp-includes/script-loader.php 2020-03-25 16:35:59.409883628 +0100
-@@ -892,12 +892,6 @@ function wp_default_scripts( $scripts )
+diff --git a/wp-includes/script-loader.php b/wp-includes/script-loader.php
+index 032a2f2..15183d4 100644
+--- a/wp-includes/script-loader.php
++++ b/wp-includes/script-loader.php
+@@ -1023,12 +1023,6 @@ function wp_default_scripts( $scripts ) {
$scripts->add( 'wp-plupload', "/wp-includes/js/plupload/wp-plupload$suffix.js", array( 'plupload', 'jquery', 'json2', 'media-models' ), false, 1 );
did_action( 'init' ) && $scripts->localize( 'wp-plupload', 'pluploadL10n', $uploader_l10n );
@@ -12,5 +13,8 @@ diff -up wordpress/wp-includes/script-loader.php.old wordpress/wp-includes/scrip
- did_action( 'init' ) && $scripts->localize( 'swfupload-handlers', 'swfuploadL10n', $uploader_l10n );
-
$scripts->add( 'comment-reply', "/wp-includes/js/comment-reply$suffix.js", array(), false, 1 );
+ did_action( 'init' ) && $scripts->add_data( 'comment-reply', 'strategy', 'async' );
- $scripts->add( 'json2', "/wp-includes/js/json2$suffix.js", array(), '2015-05-03' );
+--
+2.41.0
+
diff --git a/wordpress-5.6-mediaelement_no_swf.patch b/wordpress-5.6-mediaelement_no_swf.patch
index 4ee0eec3c66eb681f110d59d76d01166ca7a68c0..1db525dfdcc59949367b7ad0472d8c5e44409365 100644
--- a/wordpress-5.6-mediaelement_no_swf.patch
+++ b/wordpress-5.6-mediaelement_no_swf.patch
@@ -1,15 +1,17 @@
-diff -up wordpress/wp-includes/js/mediaelement/mediaelement-and-player.js.no wordpress/wp-includes/js/mediaelement/mediaelement-and-player.js
---- wordpress/wp-includes/js/mediaelement/mediaelement-and-player.js.no 2020-09-29 17:53:06.000000000 +0200
-+++ wordpress/wp-includes/js/mediaelement/mediaelement-and-player.js 2020-12-09 09:44:27.954254919 +0100
-@@ -6135,6 +6135,7 @@ if (hasFlash) {
+diff --git a/wp-includes/js/mediaelement/mediaelement-and-player.js b/wp-includes/js/mediaelement/mediaelement-and-player.js
+index 26b951e..ef8a3c5 100644
+--- a/wp-includes/js/mediaelement/mediaelement-and-player.js
++++ b/wp-includes/js/mediaelement/mediaelement-and-player.js
+@@ -6144,7 +6144,7 @@ if (hasFlash) {
+ return null;
}
});
-
+-
+/* swf files removed from RPM
var FlashMediaElementVideoRenderer = {
name: 'flash_video',
options: {
-@@ -6219,6 +6220,7 @@ if (hasFlash) {
+@@ -6229,6 +6229,7 @@ if (hasFlash) {
create: FlashMediaElementRenderer.create
};
_renderer.renderer.add(FlashMediaElementAudioOggRenderer);
@@ -17,9 +19,10 @@ diff -up wordpress/wp-includes/js/mediaelement/mediaelement-and-player.js.no wor
}
},{"2":2,"25":25,"27":27,"28":28,"3":3,"5":5,"7":7,"8":8}],21:[function(_dereq_,module,exports){
-diff -up wordpress/wp-includes/js/mediaelement/mediaelement.js.no wordpress/wp-includes/js/mediaelement/mediaelement.js
---- wordpress/wp-includes/js/mediaelement/mediaelement.js.no 2020-09-29 17:53:06.000000000 +0200
-+++ wordpress/wp-includes/js/mediaelement/mediaelement.js 2020-12-09 09:44:38.532227178 +0100
+diff --git a/wp-includes/js/mediaelement/mediaelement.js b/wp-includes/js/mediaelement/mediaelement.js
+index 40e3414..713b738 100644
+--- a/wp-includes/js/mediaelement/mediaelement.js
++++ b/wp-includes/js/mediaelement/mediaelement.js
@@ -1842,6 +1842,7 @@ if (hasFlash) {
}
});
@@ -36,3 +39,6 @@ diff -up wordpress/wp-includes/js/mediaelement/mediaelement.js.no wordpress/wp-i
}
},{"16":16,"18":18,"19":19,"2":2,"3":3,"5":5,"7":7,"8":8}],12:[function(_dereq_,module,exports){
+--
+2.41.0
+
diff --git a/wordpress-5.8-noupdate.patch b/wordpress-5.8-noupdate.patch
index 39dbb9201e965b29631961948cff81e92c790d84..38ed0f6201b6ef6cb2cb6c3f091924c077f4e00a 100644
--- a/wordpress-5.8-noupdate.patch
+++ b/wordpress-5.8-noupdate.patch
@@ -1,7 +1,8 @@
-diff -up wordpress/wp-admin/includes/admin-filters.php.noupdate wordpress/wp-admin/includes/admin-filters.php
---- wordpress/wp-admin/includes/admin-filters.php.noupdate 2021-07-21 13:55:03.381224813 +0200
-+++ wordpress/wp-admin/includes/admin-filters.php 2021-07-21 13:55:11.920208285 +0200
-@@ -113,7 +113,6 @@ add_action( 'personal_options_update', '
+diff --git a/wp-admin/includes/admin-filters.php b/wp-admin/includes/admin-filters.php
+index b5adb94..c3e6d8d 100644
+--- a/wp-admin/includes/admin-filters.php
++++ b/wp-admin/includes/admin-filters.php
+@@ -131,7 +131,6 @@ add_action( 'personal_options_update', 'send_confirmation_on_profile_email' );
add_action( 'load-plugins.php', 'wp_plugin_update_rows', 20 ); // After wp_update_plugins() is called.
add_action( 'load-themes.php', 'wp_theme_update_rows', 20 ); // After wp_update_themes() is called.
@@ -9,10 +10,11 @@ diff -up wordpress/wp-admin/includes/admin-filters.php.noupdate wordpress/wp-adm
add_action( 'admin_notices', 'deactivated_plugins_notice', 5 );
add_action( 'admin_notices', 'paused_plugins_notice', 5 );
add_action( 'admin_notices', 'paused_themes_notice', 5 );
-diff -up wordpress/wp-admin/includes/class-core-upgrader.php.noupdate wordpress/wp-admin/includes/class-core-upgrader.php
---- wordpress/wp-admin/includes/class-core-upgrader.php.noupdate 2021-06-19 23:37:57.000000000 +0200
-+++ wordpress/wp-admin/includes/class-core-upgrader.php 2021-07-21 13:55:03.381224813 +0200
-@@ -271,6 +271,9 @@ class Core_Upgrader extends WP_Upgrader
+diff --git a/wp-admin/includes/class-core-upgrader.php b/wp-admin/includes/class-core-upgrader.php
+index 165e1f7..0ac02ec 100644
+--- a/wp-admin/includes/class-core-upgrader.php
++++ b/wp-admin/includes/class-core-upgrader.php
+@@ -273,6 +273,9 @@ class Core_Upgrader extends WP_Upgrader {
* @return bool True if we should update to the offered version, otherwise false.
*/
public static function should_update_to_version( $offered_ver ) {
@@ -22,34 +24,39 @@ diff -up wordpress/wp-admin/includes/class-core-upgrader.php.noupdate wordpress/
require ABSPATH . WPINC . '/version.php'; // $wp_version; // x.y.z
$current_branch = implode( '.', array_slice( preg_split( '/[.-]/', $wp_version ), 0, 2 ) ); // x.y
-diff -up wordpress/wp-admin/includes/class-wp-automatic-updater.php.noupdate wordpress/wp-admin/includes/class-wp-automatic-updater.php
---- wordpress/wp-admin/includes/class-wp-automatic-updater.php.noupdate 2021-04-16 14:01:15.000000000 +0200
-+++ wordpress/wp-admin/includes/class-wp-automatic-updater.php 2021-07-21 13:55:03.381224813 +0200
-@@ -38,7 +38,7 @@ class WP_Automatic_Updater {
+diff --git a/wp-admin/includes/class-wp-automatic-updater.php b/wp-admin/includes/class-wp-automatic-updater.php
+index bb8cb40..be5ad19 100644
+--- a/wp-admin/includes/class-wp-automatic-updater.php
++++ b/wp-admin/includes/class-wp-automatic-updater.php
+@@ -41,8 +41,7 @@ class WP_Automatic_Updater {
}
// More fine grained control can be done through the WP_AUTO_UPDATE_CORE constant and filters.
- $disabled = defined( 'AUTOMATIC_UPDATER_DISABLED' ) && AUTOMATIC_UPDATER_DISABLED;
-+ $disabled = !defined( 'AUTOMATIC_UPDATER_DISABLED' ) || AUTOMATIC_UPDATER_DISABLED;
-
+-
++ $disabled = !defined( 'AUTOMATIC_UPDATER_DISABLED' ) || AUTOMATIC_UPDATER_DISABLED;
/**
* Filters whether to entirely disable background updates.
-diff -up wordpress/wp-admin/includes/file.php.noupdate wordpress/wp-admin/includes/file.php
---- wordpress/wp-admin/includes/file.php.noupdate 2021-05-24 21:24:57.000000000 +0200
-+++ wordpress/wp-admin/includes/file.php 2021-07-21 13:55:03.381224813 +0200
-@@ -1992,7 +1992,7 @@ function WP_Filesystem( $args = false, $
+ *
+diff --git a/wp-admin/includes/file.php b/wp-admin/includes/file.php
+index 5832569..8081d33 100644
+--- a/wp-admin/includes/file.php
++++ b/wp-admin/includes/file.php
+@@ -2266,8 +2266,7 @@ function WP_Filesystem( $args = false, $context = false, $allow_relaxed_file_own
*/
function get_filesystem_method( $args = array(), $context = '', $allow_relaxed_file_ownership = false ) {
// Please ensure that this is either 'direct', 'ssh2', 'ftpext', or 'ftpsockets'.
- $method = defined( 'FS_METHOD' ) ? FS_METHOD : false;
-+ $method = defined( 'FS_METHOD' ) ? FS_METHOD : 'direct';
-
+-
++ $method = defined( 'FS_METHOD' ) ? FS_METHOD : 'direct';
if ( ! $context ) {
$context = WP_CONTENT_DIR;
-diff -up wordpress/wp-admin/includes/update.php.noupdate wordpress/wp-admin/includes/update.php
---- wordpress/wp-admin/includes/update.php.noupdate 2021-05-17 19:04:01.000000000 +0200
-+++ wordpress/wp-admin/includes/update.php 2021-07-21 13:55:03.381224813 +0200
-@@ -341,12 +341,7 @@ function update_right_now_message() {
+ }
+diff --git a/wp-admin/includes/update.php b/wp-admin/includes/update.php
+index ba27ddd..a6ed4e9 100644
+--- a/wp-admin/includes/update.php
++++ b/wp-admin/includes/update.php
+@@ -370,12 +370,7 @@ function update_right_now_message() {
$cur = get_preferred_from_update_core();
if ( isset( $cur->response ) && 'upgrade' === $cur->response ) {
@@ -63,22 +70,24 @@ diff -up wordpress/wp-admin/includes/update.php.noupdate wordpress/wp-admin/incl
}
}
-diff -up wordpress/wp-includes/load.php.noupdate wordpress/wp-includes/load.php
---- wordpress/wp-includes/load.php.noupdate 2021-06-23 21:05:57.000000000 +0200
-+++ wordpress/wp-includes/load.php 2021-07-21 13:55:03.381224813 +0200
-@@ -1579,7 +1579,7 @@ function wp_is_file_mod_allowed( $contex
+diff --git a/wp-includes/load.php b/wp-includes/load.php
+index b7bde14..90250f4 100644
+--- a/wp-includes/load.php
++++ b/wp-includes/load.php
+@@ -1784,7 +1784,7 @@ function wp_is_file_mod_allowed( $context ) {
* @param bool $file_mod_allowed Whether file modifications are allowed.
* @param string $context The usage context.
*/
- return apply_filters( 'file_mod_allowed', ! defined( 'DISALLOW_FILE_MODS' ) || ! DISALLOW_FILE_MODS, $context );
-+ return apply_filters( 'file_mod_allowed', defined( 'DISALLOW_FILE_MODS' ) && ! DISALLOW_FILE_MODS, $context );
++ return apply_filters( 'file_mod_allowed', defined( 'DISALLOW_FILE_MODS' ) && ! DISALLOW_FILE_MODS, $context );
}
/**
-diff -up wordpress/wp-includes/update.php.noupdate wordpress/wp-includes/update.php
---- wordpress/wp-includes/update.php.noupdate 2021-05-17 19:04:01.000000000 +0200
-+++ wordpress/wp-includes/update.php 2021-07-21 13:55:03.381224813 +0200
-@@ -926,10 +926,6 @@ function _maybe_update_themes() {
+diff --git a/wp-includes/update.php b/wp-includes/update.php
+index e2ac6b8..30af645 100644
+--- a/wp-includes/update.php
++++ b/wp-includes/update.php
+@@ -1049,10 +1049,6 @@ function _maybe_update_themes() {
* @since 3.1.0
*/
function wp_schedule_update_checks() {
@@ -89,3 +98,6 @@ diff -up wordpress/wp-includes/update.php.noupdate wordpress/wp-includes/update.
if ( ! wp_next_scheduled( 'wp_update_plugins' ) && ! wp_installing() ) {
wp_schedule_event( time(), 'twicedaily', 'wp_update_plugins' );
}
+--
+2.41.0
+
diff --git a/wordpress-6.2.5.tar.gz b/wordpress-6.5.5.tar.gz
similarity index 70%
rename from wordpress-6.2.5.tar.gz
rename to wordpress-6.5.5.tar.gz
index 81c69f85c1f6b191213663b730de8f3e313440f6..91889d442ea3984b20bd8a791b5d7c2216a9c33a 100644
Binary files a/wordpress-6.2.5.tar.gz and b/wordpress-6.5.5.tar.gz differ
diff --git a/wordpress.spec b/wordpress.spec
index ffcfedc44dd6e232ec852833d3bf83fae0ef123e..35b96b106053ddd113f5bd40a0bbe15617561286 100644
--- a/wordpress.spec
+++ b/wordpress.spec
@@ -4,7 +4,7 @@
%global wp_content %{_datadir}/wordpress/wp-content
%global with_nginx 1
-%global upstream_version 6.2.5
+%global upstream_version 6.5.5
Summary: Blog tool and publishing platform
URL: http://www.wordpress.org
@@ -251,6 +251,10 @@ end
%doc readme.html
%changelog
+* Fri Apr 18 2025 wh02252983 - 6.5.5-1
+- update to 6.5.5
+- fix CVE-2024-32111
+
* Tue Nov 12 2024 Kaiqiang Wang - 6.2.5-1
- update to 6.2.5
- fix CVE-2024-4439