Subject: CVS commit: [pkgsrc-2021Q3] pkgsrc/lang
From: Thomas Merkel
Date: 2021-11-02 19:20:51
Message id: 20211102182051.65E7EFAEC@cvs.NetBSD.org

Log Message:
Pullup ticket #6527 - requested by taca
lang/php74: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.343
- lang/php74/distinfo                                           1.31

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Fri Oct 22 15:14:24 UTC 2021

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php74: distinfo

   Log Message:
   lang/php74: update to 7.4.25

   This is a security fix release.

   21 Oct 2021, PHP 7.4.25

   - DOM:
     . Fixed bug #81433 (DOMElement::setIdAttribute() called twice may remove ID).
       (Viktor Volkov)

   - FFI:
     . Fixed bug #79576 ("TYPE *" shows unhelpful message when type is not
       defined). (Dmitry)

   - Fileinfo:
     . Fixed bug #78987 (High memory usage during encoding detection). (Anatol)

   - Filter:
     . Fixed bug #61700 (FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing).
       (cmb, Nikita)

   - FPM:
     . Fixed bug #81026 (PHP-FPM oob R/W in root process leading to privilege
       escalation) (CVE-2021-21703). (Jakub Zelenka)

   - SPL:
     . Fixed bug #80663 (Recursive SplFixedArray::setSize() may cause double-free).
       (cmb, Nikita, Tyson Andre)

   - Streams:
     . Fixed bug #81475 (stream_isatty emits warning with attached stream wrapper).
       (cmb)

   - XML:
     . Fixed bug #70962 (XML_OPTION_SKIP_WHITE strips embedded whitespace).
       (Aliaksandr Bystry, cmb)

   - Zip:
     . Fixed bug #81490 (ZipArchive::extractTo() may leak memory). (cmb, Remi)
     . Fixed bug #77978 (Dirname ending in colon unzips to wrong dir). (cmb)

Files:
RevisionActionfile
1.28.2.1modifypkgsrc/lang/php74/distinfo