---
- branch: MAIN
  date: Fri Oct 22 15:14:24 UTC 2021
  files:
  - new: '1.343'
    old: '1.342'
    path: pkgsrc/lang/php/phpversion.mk
    pathrev: pkgsrc/lang/php/phpversion.mk@1.343
    type: modified
  - new: '1.31'
    old: '1.30'
    path: pkgsrc/lang/php74/distinfo
    pathrev: pkgsrc/lang/php74/distinfo@1.31
    type: modified
  id: 20211022T151424Z.eb58a184113dab7d9f9a55fdc5bf9bf6257791ad
  log: |
    lang/php74: update to 7.4.25

    This is a security fix release.

    21 Oct 2021, PHP 7.4.25

    - DOM:
      . Fixed bug #81433 (DOMElement::setIdAttribute() called twice may remove ID).
        (Viktor Volkov)

    - FFI:
      . Fixed bug #79576 ("TYPE *" shows unhelpful message when type is not
        defined). (Dmitry)

    - Fileinfo:
      . Fixed bug #78987 (High memory usage during encoding detection). (Anatol)

    - Filter:
      . Fixed bug #61700 (FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing).
        (cmb, Nikita)

    - FPM:
      . Fixed bug #81026 (PHP-FPM oob R/W in root process leading to privilege
        escalation) (CVE-2021-21703). (Jakub Zelenka)

    - SPL:
      . Fixed bug #80663 (Recursive SplFixedArray::setSize() may cause double-free).
        (cmb, Nikita, Tyson Andre)

    - Streams:
      . Fixed bug #81475 (stream_isatty emits warning with attached stream wrapper).
        (cmb)

    - XML:
      . Fixed bug #70962 (XML_OPTION_SKIP_WHITE strips embedded whitespace).
        (Aliaksandr Bystry, cmb)

    - Zip:
      . Fixed bug #81490 (ZipArchive::extractTo() may leak memory). (cmb, Remi)
      . Fixed bug #77978 (Dirname ending in colon unzips to wrong dir). (cmb)
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/lang'
  unixtime: '1634915664'
  user: taca