diff --git a/wordpress-5.4-config.patch b/wordpress-5.4-config.patch index 4f9440457a4e405bec31b77b3850756d0b0b4486..b0cc0feea58f66555d65c5a45d5f2d50cb7042e3 100644 --- a/wordpress-5.4-config.patch +++ b/wordpress-5.4-config.patch @@ -1,35 +1,85 @@ -diff -up wordpress/wp-config.php.rpm wordpress/wp-config.php ---- wordpress/wp-config.php.rpm 2020-10-20 15:05:26.351765085 +0200 -+++ wordpress/wp-config.php 2020-10-20 15:05:48.663684089 +0200 -@@ -66,6 +66,22 @@ define( 'NONCE_SALT', 'put your un - $table_prefix = 'wp_'; - - /** -+ * See http://make.wordpress.org/core/2013/10/25/the-definitive-guide-to-disabling-auto-updates-in-wordpress-3-7 -+ */ +From b0ef28c0c7cc1a1388f0a7355bdb449336027757 Mon Sep 17 00:00:00 2001 +From: root +Date: Wed, 13 Nov 2024 13:39:56 +0800 +Subject: [PATCH] wordpress-5.4-config + +--- + wp-config-sample.php | 18 +++++++++++- + .../0001-wordpress-5.4-no_swfupload.patch | 29 +++++++++++++++++++ + 2 files changed, 46 insertions(+), 1 deletion(-) + create mode 100644 wp-includes/0001-wordpress-5.4-no_swfupload.patch + +diff --git a/wp-config-sample.php b/wp-config-sample.php +index bdea5cd..a79433b 100644 +--- a/wp-config-sample.php ++++ b/wp-config-sample.php +@@ -67,6 +67,22 @@ define( 'NONCE_SALT', 'put your unique phrase here' ); + */ + $table_prefix = 'wp_'; + ++/** ++ * See http://make.wordpress.org/core/2013/10/25/the-definitive-guide-to-disabling-auto-updates-in-wordpress-3-7 ++ */ ++ ++/* Disable all file change, as RPM base installation are read-only */ ++define('DISALLOW_FILE_MODS', true); ++ ++/* Please ensure that this is either 'direct', 'ssh2', 'ftpext', 'ftpsockets' or false */ ++define('FS_METHOD', 'direct'); ++ ++/* Disable automatic updater, in case you want to allow ++ above FILE_MODS for plugins, themes, ... */ ++define('AUTOMATIC_UPDATER_DISABLED', true); ++ ++/* Core update is always disabled, WP_AUTO_UPDATE_CORE value is ignore */ ++ + /** + * For developers: WordPress debugging mode. + * +@@ -89,7 +105,7 @@ define( 'WP_DEBUG', false ); + + /** Absolute path to the WordPress directory. */ + if ( ! defined( 'ABSPATH' ) ) { +- define( 'ABSPATH', __DIR__ . '/' ); ++ define('ABSPATH', '/usr/share/wordpress'); + } + + /** Sets up WordPress vars and included files. */ +diff --git a/wp-includes/0001-wordpress-5.4-no_swfupload.patch b/wp-includes/0001-wordpress-5.4-no_swfupload.patch +new file mode 100644 +index 0000000..bca217e +--- /dev/null ++++ b/wp-includes/0001-wordpress-5.4-no_swfupload.patch +@@ -0,0 +1,29 @@ ++From ea33231da41b51404a6ab3151fbea6a06f49d25e Mon Sep 17 00:00:00 2001 ++From: root ++Date: Wed, 13 Nov 2024 13:28:29 +0800 ++Subject: [PATCH] wordpress-5.4-no_swfupload + -+/* Disable all file change, as RPM base installation are read-only */ -+define('DISALLOW_FILE_MODS', true); ++--- ++ wp-includes/script-loader.php | 6 ------ ++ 1 file changed, 6 deletions(-) + -+/* Please ensure that this is either 'direct', 'ssh2', 'ftpext', 'ftpsockets' or false */ -+define('FS_METHOD', 'direct'); ++diff --git a/wp-includes/script-loader.php b/wp-includes/script-loader.php ++index 715477a..161ccaa 100644 ++--- a/wp-includes/script-loader.php +++++ b/wp-includes/script-loader.php ++@@ -1021,12 +1021,6 @@ function wp_default_scripts( $scripts ) { ++ $scripts->add( 'wp-plupload', "/wp-includes/js/plupload/wp-plupload$suffix.js", array( 'plupload', 'jquery', 'json2', 'media-models' ), false, 1 ); ++ did_action( 'init' ) && $scripts->localize( 'wp-plupload', 'pluploadL10n', $uploader_l10n ); ++ ++- // Keep 'swfupload' for back-compat. ++- $scripts->add( 'swfupload', '/wp-includes/js/swfupload/swfupload.js', array(), '2201-20110113' ); ++- $scripts->add( 'swfupload-all', false, array( 'swfupload' ), '2201' ); ++- $scripts->add( 'swfupload-handlers', "/wp-includes/js/swfupload/handlers$suffix.js", array( 'swfupload-all', 'jquery' ), '2201-20110524' ); ++- did_action( 'init' ) && $scripts->localize( 'swfupload-handlers', 'swfuploadL10n', $uploader_l10n ); ++- ++ $scripts->add( 'comment-reply', "/wp-includes/js/comment-reply$suffix.js", array(), false, 1 ); ++ did_action( 'init' ) && $scripts->add_data( 'comment-reply', 'strategy', 'async' ); ++ ++-- ++2.27.0 + -+/* Disable automatic updater, in case you want to allow -+ above FILE_MODS for plugins, themes, ... */ -+define('AUTOMATIC_UPDATER_DISABLED', true); -+ -+/* Core update is always disabled, WP_AUTO_UPDATE_CORE value is ignore */ -+ -+/** - * For developers: WordPress debugging mode. - * - * Change this to true to enable the display of notices during development. -@@ -83,7 +99,7 @@ define( 'WP_DEBUG', false ); - - /** Absolute path to the WordPress directory. */ - if ( ! defined( 'ABSPATH' ) ) { -- define( 'ABSPATH', __DIR__ . '/' ); -+ define('ABSPATH', '/usr/share/wordpress'); - } - - /** Sets up WordPress vars and included files. */ +-- +2.27.0 + diff --git a/wordpress-5.4-no_swfupload.patch b/wordpress-5.4-no_swfupload.patch index 3683cb73f2a58421722c4305a4d3a730874b0309..bca217e228e0fc99f0eea5d5508aa7de7373a645 100644 --- a/wordpress-5.4-no_swfupload.patch +++ b/wordpress-5.4-no_swfupload.patch @@ -1,7 +1,17 @@ -diff -up wordpress/wp-includes/script-loader.php.old wordpress/wp-includes/script-loader.php ---- wordpress/wp-includes/script-loader.php.old 2020-03-25 16:34:50.606199762 +0100 -+++ wordpress/wp-includes/script-loader.php 2020-03-25 16:35:59.409883628 +0100 -@@ -892,12 +892,6 @@ function wp_default_scripts( $scripts ) +From ea33231da41b51404a6ab3151fbea6a06f49d25e Mon Sep 17 00:00:00 2001 +From: root +Date: Wed, 13 Nov 2024 13:28:29 +0800 +Subject: [PATCH] wordpress-5.4-no_swfupload + +--- + wp-includes/script-loader.php | 6 ------ + 1 file changed, 6 deletions(-) + +diff --git a/wp-includes/script-loader.php b/wp-includes/script-loader.php +index 715477a..161ccaa 100644 +--- a/wp-includes/script-loader.php ++++ b/wp-includes/script-loader.php +@@ -1021,12 +1021,6 @@ function wp_default_scripts( $scripts ) { $scripts->add( 'wp-plupload', "/wp-includes/js/plupload/wp-plupload$suffix.js", array( 'plupload', 'jquery', 'json2', 'media-models' ), false, 1 ); did_action( 'init' ) && $scripts->localize( 'wp-plupload', 'pluploadL10n', $uploader_l10n ); @@ -12,5 +22,8 @@ diff -up wordpress/wp-includes/script-loader.php.old wordpress/wp-includes/scrip - did_action( 'init' ) && $scripts->localize( 'swfupload-handlers', 'swfuploadL10n', $uploader_l10n ); - $scripts->add( 'comment-reply', "/wp-includes/js/comment-reply$suffix.js", array(), false, 1 ); + did_action( 'init' ) && $scripts->add_data( 'comment-reply', 'strategy', 'async' ); - $scripts->add( 'json2', "/wp-includes/js/json2$suffix.js", array(), '2015-05-03' ); +-- +2.27.0 + diff --git a/wordpress-6.2.4.tar.gz b/wordpress-6.6.1.tar.gz similarity index 70% rename from wordpress-6.2.4.tar.gz rename to wordpress-6.6.1.tar.gz index 5d75c838c09618ac71789439d424354cc004037d..e8040a0709399de72eaa429795647f7cd2ed0bb6 100644 Binary files a/wordpress-6.2.4.tar.gz and b/wordpress-6.6.1.tar.gz differ diff --git a/wordpress.spec b/wordpress.spec index 705b727f884e81164261b2e58f874aef729d20a7..b430ac2dc584aa503ef24ee0e7960e1c870fb6e3 100644 --- a/wordpress.spec +++ b/wordpress.spec @@ -4,7 +4,7 @@ %global wp_content %{_datadir}/wordpress/wp-content %global with_nginx 1 -%global upstream_version 6.2.4 +%global upstream_version 6.6.1 Summary: Blog tool and publishing platform URL: http://www.wordpress.org @@ -135,7 +135,7 @@ rm -rf wp-includes/sodium_compat %patch -P3 -p1 # Adjust mediaelement not to use its SWF %patch -P4 -p1 -%patch -P8 -p1 +#%patch -P8 -p1 # We patch .js files, so minify them php %{SOURCE5} \ @@ -254,6 +254,9 @@ end %doc readme.html %changelog +* Wed Nov 13 2024 yangxinyu - 6.6.1-1 +- New version 6.6.1 + * Mon May 06 2024 lidongyue - 6.2.4-1 - Fix CVE-2024-31210