Bug 240328
| Summary: | mail/squirrelmail: session_set_cookie_params() (version 1.4.23 [SVN]) | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Aleks <Z462vasa> | ||||
| Component: | Individual Port(s) | Assignee: | Kurt Jaeger <pi> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | CC: | pi, w.schwarzenfeld | ||||
| Priority: | --- | Keywords: | patch, patch-ready | ||||
| Version: | Latest | Flags: | pi:
maintainer-feedback+
|
||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
|
Description
Aleks
2019-09-04 11:30:12 UTC
Warning: session_set_cookie_params(): Cannot change session cookie parameters when session is active in /usr/local/www/squirrelmail/functions/global.php on line 476 Warning: session_set_cookie_params(): Cannot change session cookie parameters when session is active in /usr/local/www/squirrelmail/functions/global.php on line 476 Warning: session_set_cookie_params(): Cannot change session cookie parameters when session is active in /usr/local/www/squirrelmail/functions/global.php on line 476 Warning: session_set_cookie_params(): Cannot change session cookie parameters when session is active in /usr/local/www/squirrelmail/functions/global.php on line 476 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/squirrelmail/functions/global.php:476) in /usr/local/www/squirrelmail/functions/i18n.php on line 470 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/squirrelmail/functions/global.php:476) in /usr/local/www/squirrelmail/functions/global.php on line 569 Warning: session_regenerate_id(): Cannot regenerate session id - headers already sent in /usr/local/www/squirrelmail/src/redirect.php on line 86 Warning: session_set_cookie_params(): Cannot change session cookie parameters when session is active in /usr/local/www/squirrelmail/functions/global.php on line 476 Warning: session_set_cookie_params(): Cannot change session cookie parameters when session is active in /usr/local/www/squirrelmail/functions/global.php on line 476 Warning: session_set_cookie_params(): Cannot change session cookie parameters when session is active in /usr/local/www/squirrelmail/functions/global.php on line 476 Warning: session_set_cookie_params(): Cannot change session cookie parameters when session is active in /usr/local/www/squirrelmail/functions/global.php on line 476 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/squirrelmail/functions/global.php:476) in /usr/local/www/squirrelmail/functions/global.php on line 569 Warning: session_set_cookie_params(): Cannot change session cookie parameters when session is active in /usr/local/www/squirrelmail/functions/global.php on line 476 Warning: session_set_cookie_params(): Cannot change session cookie parameters when session is active in /usr/local/www/squirrelmail/functions/global.php on line 476 Warning: session_set_cookie_params(): Cannot change session cookie parameters when session is active in /usr/local/www/squirrelmail/functions/global.php on line 476 Warning: session_set_cookie_params(): Cannot change session cookie parameters when session is active in /usr/local/www/squirrelmail/functions/global.php on line 476 Warning: session_set_cookie_params(): Cannot change session cookie parameters when session is active in /usr/local/www/squirrelmail/functions/global.php on line 476 Warning: session_set_cookie_params(): Cannot change session cookie parameters when session is active in /usr/local/www/squirrelmail/functions/global.php on line 476 Warning: session_set_cookie_params(): Cannot change session cookie parameters when session is active in /usr/local/www/squirrelmail/functions/global.php on line 476 Warning: session_set_cookie_params(): Cannot change session cookie parameters when session is active in /usr/local/www/squirrelmail/functions/global.php on line 476 Warning: session_set_cookie_params(): Cannot change session cookie parameters when session is active in /usr/local/www/squirrelmail/functions/global.php on line 476 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/squirrelmail/functions/global.php:476) in /usr/local/www/squirrelmail/src/redirect.php on line 194 php -v
PHP 7.2.21 (cli) (built: Aug 8 2019 01:31:12) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
with Zend OPcache v7.2.21, Copyright (c) 1999-2018, by Zend Technologies
Segmentation fault
php -m [PHP Modules] Core ctype curl date dom filter gettext hash iconv imap intl json libxml mbstring mysqli mysqlnd openssl pcre PDO pdo_mysql pdo_sqlite Phar posix Reflection session SimpleXML soap SPL sqlite3 standard tokenizer xml xmlreader xmlwriter Zend OPcache zip zlib [Zend Modules] Zend OPcache Created attachment 207185 [details] Update to 20190904 Changelog based on svn log -r 'HEAD:{20180405}' https://svn.code.sf.net/p/squirrelmail/code/branches/SM-1_4-STABLE/squirrelmail Fix broken anchor links Document CVE-2019-12970 fix Add handling for RCDATA and RAWTEXT elements in HTML sanitizer (CVE-2019-12970) PHP7.2 fix (#2848) Some browswers were not putting cursor at beginning of message body after focus Don't wrap headers right after the name (configurable) Allow some plugins to run "normal" code that happens to switch text domain Correct mistaken use of rfc822_header->date field that was being treated as a date string when it is only ever a timestamp Last change needs to be made across all attachment common hooks Fix view links for messages with same subject Fix PHP7 warning (#2847) Add IMAP ID command (RFC2971), sent after every login - use by setting $imap_id_command_args in config/config_local.php (see notes in functions/imap_general.php for more details) Layout fixes for saved search and search history Updated SVG handling, closing several related vulnerabilities reported in #2831 and CVE-2018-14950, CVE-2018-14951, CVE-2018-14952, CVE-2018-14953, CVE-2018-14954, CVE-2018-14955 Add new options for SVG handling and broken base64-encoded messages Disable SVG display be default Updated SVG handling, gracefully fix broken base64-encoded messages, also close XSS reported in #2831 and CVE-2018-14950, CVE-2018-14951, CVE-2018-14952, CVE-2018-14953, CVE-2018-14954, CVE-2018-14955 When message being replied to has no Reply-To header, we use the From header to fill in the reply To address, so we have to account for that situation when building the Cc header Happy New Year Allow unsent compose sessions to stay around, but remove them after successful send Minor cleanup Make globalized hook return values unique - prevents clashes between hooks and offers plugins more power to control each hook put an ID on move button PAGE_NAME needed in more scripts Alter hook types "do_hook_function" and "concat_hook_function" such that the ultimate hook return value (in its current state, as computed (or not) by the plugins that have executed previously) is both globalized and passed as an additional argument to each plugin. This allows plugins to cooperate better and not overwrite each others return values. Make sure link tags are proper XHTML Note favicon addition Add favicon and ability for admins to use their own by setting $head_tag_extra in config_local.php (see documented comments in, for example, src/webmail.php) Add view_header_bottom hook Add generic bottom hook for miscellaneous option pages removing pointless show_more=0 removing pointless show_more=0 Need to load the default - user may never have changed their sent folder settings! Fix broken mailto links created by some (Microsoft?) clients Add better spam header handling; also cache raw headers Change anti-CSRF security token lifetime to be session-based Add session-based security token functionality (enabled by default) Unify DEVEL and STABLE Fix PHP notice. Thanks to Hanno Böck Minor fix for plugin usage Allow more advanced element focusing Also needed IMAP TLS update Better handling for empty identities Update use_smtp_tls setting to reflect availability of STARTTLS Allow plugins better control of sqfixidentities Bug fixes for reordering and better sanity checks Allow users who cannot edit their email address but who have multiple identities to edit all their identities Could you please test this patch? Or temporarily use the svn version (http://squirrelmail.org/download.php)? If it works well I think it's done. If not should backport the changes from development version. (Now I don't have time to check it). Thanks for your report! ???? version 1.4.23 [SVN] (In reply to Aleks from comment #6) Yes. "Stable version snapshots (1.4.23-svn)" I have such a version ((( (In reply to Aleks from comment #8) Please check the date! http://squirrelmail.org/download.php squirrelmail-20190905_0200-SVN.stable.tar.bz2 Its date is 2019-09-05 (today). Tomorrow will 2019-09-06 but it will same because it is created automatically every day. (In reply to Aleks from comment #10) It's 20180404 - more than one year old version. svn checkout https://svn.code.sf.net/p/squirrelmail/code/branches/SM-1_4-STABLE/squirrelmail what version will it be ???? svn checkout http://squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fsnapshots.squirrelmail.org%2Fsquirrelmail-20190909_0200-SVN.stable.tar.gz svn: E170013: Unable to connect to a repository at URL 'http://squirrelmail.org/countdl.php%3Ffileurl=http:/snapshots.squirrelmail.org/squirrelmail-20190909_0200-SVN.stable.tar.gz' svn: E175003: The server at 'http://squirrelmail.org/countdl.php%3Ffileurl=http:/snapshots.squirrelmail.org/squirrelmail-20190909_0200-SVN.stable.tar.gz' does not support the HTTP/DAV protocol The patch works well, warning messages gone. @Aleks please add "patch" and "patch-ready" keywords to this report (you're the reporter so only you can do it). works. But putting not from ports. Inconveniently. A commit references this bug: Author: pi Date: Fri Jan 31 17:49:45 UTC 2020 New revision: 524736 URL: https://svnweb.freebsd.org/changeset/ports/524736 Log: mail/squirrelmail: upgrade 20180404 -> 20190904 - now works with php7 PR: 240328 Submitted by: Zsolt Udvari <uzsolt@uzsolt.hu> (maintainer) Reported by: Aleks <Z462vasa@mail.lviv.ua> Changes: head/mail/squirrelmail/Makefile head/mail/squirrelmail/distinfo Committed, thanks! |
