273817 – net/xapsd: Fails to parse HTTP header and exits when using Go 1.20, should use 1.19

Bug 273817 - net/xapsd: Fails to parse HTTP header and exits when using Go 1.20, should use 1.19

Summary: net/xapsd: Fails to parse HTTP header and exits when using Go 1.20, should us...

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Robert Clausecker

URL:
Keywords:

Depends on:
Blocks:

Reported:	2023-09-15 10:35 UTC by Ian McDowell
Modified:	2023-11-03 21:35 UTC (History)
CC List:	2 users (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (PopularMoment)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ian McDowell 2023-09-15 10:35:41 UTC

This port relies on go:module, which is currently using Go version 1.20. When using that version of Go, the xapsd daemon is not able to request a certificate and exits with an error.

Go 1.20 broke parsing an HTTP header returned from the Apple server used for push certificates.

For details, see this issue in their project:
https://github.com/freswa/dovecot-xaps-daemon/issues/24

I was able to get the daemon working by setting the USES line in the Makefile to the following:
USES=           go:1.19,modules

Comment 1 Henry 2023-10-31 03:01:08 UTC

Thank you for reporting.

I've submitted an update in https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274823

Comment 2 Robert Clausecker freebsd_committer

2023-11-02 03:08:21 UTC

This will be addressed through the patch for bug #274823.

Comment 3 commit-hook freebsd_committer

2023-11-03 21:19:14 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=3b4e5933dedced9b3257ceca13c691243a63778e

commit 3b4e5933dedced9b3257ceca13c691243a63778e
Author:     Henry <PopularMoment@protonmail.com>
AuthorDate: 2023-10-31 02:28:50 +0000
Commit:     Robert Clausecker <fuz@FreeBSD.org>
CommitDate: 2023-11-03 21:16:21 +0000

    net/xapsd: update to 836a75b / g20231019

    - fixes CVE-2023-3978
    - works around https://github.com/freswa/dovecot-xaps-daemon/issues/24

    Changes: https://github.com/freswa/dovecot-xaps-daemon//compare/f6d5733..836a75b

    Reported by:    Ian McDowell <me@ianmcdowell.net>
    PR:             274639, 273817
    MFH:            2023Q4

 net/xapsd/Makefile | 32 +++++++++++++++++++-------------
 net/xapsd/distinfo | 54 +++++++++++++++++++++++++++++++++---------------------
 2 files changed, 52 insertions(+), 34 deletions(-)

Comment 4 commit-hook freebsd_committer

2023-11-03 21:25:33 UTC

A commit in branch 2023Q4 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=5d3208f8278772ccadef51c02a0f6cfb20bf1dfa

commit 5d3208f8278772ccadef51c02a0f6cfb20bf1dfa
Author:     Henry <PopularMoment@protonmail.com>
AuthorDate: 2023-10-31 02:28:50 +0000
Commit:     Robert Clausecker <fuz@FreeBSD.org>
CommitDate: 2023-11-03 21:20:02 +0000

    net/xapsd: update to 836a75b / g20231019

    - fixes CVE-2023-3978
    - works around https://github.com/freswa/dovecot-xaps-daemon/issues/24

    Changes: https://github.com/freswa/dovecot-xaps-daemon//compare/f6d5733..836a75b

    Reported by:    Ian McDowell <me@ianmcdowell.net>
    PR:             274639, 273817
    MFH:            2023Q4

    (cherry picked from commit 3b4e5933dedced9b3257ceca13c691243a63778e)

 net/xapsd/Makefile | 32 +++++++++++++++++++-------------
 net/xapsd/distinfo | 54 +++++++++++++++++++++++++++++++++---------------------
 2 files changed, 52 insertions(+), 34 deletions(-)