Attachment #249762 for bug #278199

View | Details | Raw Unified | Return to bug 278199
Collapse All | Expand All




PORTNAME=	xapsd
DISTVERSION=	g20240326
PORTREVISION=	1
CATEGORIES=	net

MAINTAINER=	PopularMoment@protonmail.com

LICENSE=	MIT
LICENSE_FILE=	${WRKSRC}/LICENSE

USES=		go:modules
EXPIRATION_DATE=	2024-04-24

# must use 1.19 due to https://github.com/freswa/dovecot-xaps-daemon/issues/24
USES=		go:1.19,modules
USE_RC_SUBR=	xapsd
USE_GITHUB=	yes
GH_ACCOUNT=	freswa
GH_PROJECT=	dovecot-xaps-daemon
GH_TAGNAME=	1e589be

GH_TUPLE=	freswa:go-plist:900e8a7d907d:freswa_go_plist/vendor/github.com/freswa/go-plist \
		fsnotify:fsnotify:v1.6.0:fsnotify_fsnotify/vendor/github.com/fsnotify/fsnotify \

USERS=		${PORTNAME}
GROUPS=		${PORTNAME}

PORTSCOUT=	ignore:1

post-install:
		${MKDIR} ${STAGEDIR}${PREFIX}/etc/xapsd
		${INSTALL_DATA} ${WRKSRC}/configs/xapsd/xapsd.yaml ${STAGEDIR}${PREFIX}/etc/xapsd/xapsd.yaml.sample

Lines 1-6 Link Here

(-)b/net/xapsd/distinfo (-3 / +3 lines)
1	TIMESTAMP = 1698718840	1	TIMESTAMP = 1712416748
2	SHA256 (freswa-dovecot-xaps-daemon-g20231019-836a75b_GH0.tar.gz) = 806a6b32a7b872a140c68421719c93c65bc3205e6e86800dd36c2e5ade2954d0	2	SHA256 (freswa-dovecot-xaps-daemon-g20240326-1e589be_GH0.tar.gz) = 1e6c019df01f9c54e4499537678fbebf83270a39570c24677b41b93ed2022e17
3	SIZE (freswa-dovecot-xaps-daemon-g20231019-836a75b_GH0.tar.gz) = 109537	3	SIZE (freswa-dovecot-xaps-daemon-g20240326-1e589be_GH0.tar.gz) = 110569
4	SHA256 (freswa-go-plist-900e8a7d907d_GH0.tar.gz) = 2b4a06b8805bc1436ab8f34d6fd140645a0a01ccaf9f4b3a7dc3e0e35f5a2e88	4	SHA256 (freswa-go-plist-900e8a7d907d_GH0.tar.gz) = 2b4a06b8805bc1436ab8f34d6fd140645a0a01ccaf9f4b3a7dc3e0e35f5a2e88
5	SIZE (freswa-go-plist-900e8a7d907d_GH0.tar.gz) = 47675	5	SIZE (freswa-go-plist-900e8a7d907d_GH0.tar.gz) = 47675
6	SHA256 (fsnotify-fsnotify-v1.6.0_GH0.tar.gz) = 583b2b399709d04807c5c3185e7d4dc0543d532af91fdeb85eeaf803a0b7703b	6	SHA256 (fsnotify-fsnotify-v1.6.0_GH0.tar.gz) = 583b2b399709d04807c5c3185e7d4dc0543d532af91fdeb85eeaf803a0b7703b




From 1c52af3a7cc168cec089a810c32e861ab988840c Mon Sep 17 00:00:00 2001
From: Leon Klingele <git@leonklingele.de>
Date: Wed, 13 Mar 2024 22:12:25 +0100
Subject: [PATCH] fix(apple): ignore malformed HTTP headers

See also https://github.com/golang/go/issues/21290.

Fixes https://github.com/freswa/dovecot-xaps-daemon/issues/24.
---
 pkg/apple_xserver_certs/http.go | 51 ++++++++++++++++++++++++++++++---
 1 file changed, 47 insertions(+), 4 deletions(-)

diff --git a/pkg/apple_xserver_certs/http.go b/pkg/apple_xserver_certs/http.go
index d39a6fc..939fcf0 100644
--- a/pkg/apple_xserver_certs/http.go
+++ b/pkg/apple_xserver_certs/http.go
@@ -1,11 +1,16 @@
 package apple_xserver_certs
 
 import (
+	"bufio"
 	"bytes"
+	"context"
+	"crypto/tls"
 	"encoding/pem"
+	"io"
 	"io/ioutil"
 	"log"
 	"net/http"
+	"time"
 )
 
 func NewCerts(username string, passwordhash string) *Certificates {
@@ -50,7 +55,6 @@ func handleResponse(certs *Certificates, response []byte) *Certificates {
 }
 
 func sendRequest(reqBody []byte, newCerts bool) (respBody []byte) {
-	client := &http.Client{}
 	r := bytes.NewReader(reqBody)
 	url := "https://identity.apple.com/pushcert/caservice/renew"
 	if newCerts {
@@ -67,12 +71,51 @@ func sendRequest(reqBody []byte, newCerts bool) (respBody []byte) {
 	req.Header.Set("Accept", "*/*")
 	req.Header.Set("Accept-Language", "en-us")
 
-	resp, err := client.Do(req)
+	req.Close = true
+
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	defer cancel()
+
+	conn, err := new(tls.Dialer).DialContext(
+		ctx,
+		"tcp",
+		req.URL.Host+":443",
+	)
 	if err != nil {
-		log.Fatalln(err)
+		log.Fatalln(err) // TODO: Handle error properly
+	}
+	defer func() {
+		_ = conn.Close() //nolint:errcheck,gosec // Ignored on purpose
+	}()
+
+	if err := req.Write(conn); err != nil {
+		log.Fatalln(err) // TODO: Handle error properly
+	}
+
+	buf, err := io.ReadAll(io.LimitReader(conn, 1<<10))
+	if err != nil {
+		log.Fatalln(err) // TODO: Handle error properly
+	}
+
+	const (
+		cr = "\r"
+		nl = "\n"
+	)
+	for _, ign := range []string{
+		"1;: mode=block",
+		"max-age=31536000;: includeSubdomains",
+	} {
+		buf = bytes.Replace(buf, []byte(nl+ign+cr+nl), []byte(nl), 1)
+	}
+
+	resp, err := http.ReadResponse(bufio.NewReader(bytes.NewReader(buf)), req)
+	if err != nil {
+		log.Fatalln(err) // TODO: Handle error properly
 	}
+	defer func() {
+		_ = resp.Body.Close() //nolint:errcheck,gosec // Ignored on purpose
+	}()
 
-	defer resp.Body.Close()
 	respBody, err = ioutil.ReadAll(resp.Body)
 	if err != nil {
 		log.Fatalln(err)
-- 
2.34.1


Return to bug 278199

Lines 1-6 Link Here

(-)b/net/xapsd/Makefile (-8 / +5 lines)
1	PORTNAME= xapsd	1	PORTNAME= xapsd
2	DISTVERSION= g20231019	2	DISTVERSION= g20240326
3	PORTREVISION= 1
4	CATEGORIES= net	3	CATEGORIES= net
5		4
6	MAINTAINER= PopularMoment@protonmail.com	5	MAINTAINER= PopularMoment@protonmail.com
Lines 10-25 WWW= https://github.com/freswa/dovecot-xaps-daemon Link Here
10	LICENSE= MIT	9	LICENSE= MIT
11	LICENSE_FILE= ${WRKSRC}/LICENSE	10	LICENSE_FILE= ${WRKSRC}/LICENSE
12		11
13	DEPRECATED= Requires deprecated lang/go19	12	USES= go:modules
14	EXPIRATION_DATE= 2024-04-24
15
16	# must use 1.19 due to https://github.com/freswa/dovecot-xaps-daemon/issues/24
17	USES= go:1.19,modules
18	USE_RC_SUBR= xapsd	13	USE_RC_SUBR= xapsd
19	USE_GITHUB= yes	14	USE_GITHUB= yes
20	GH_ACCOUNT= freswa	15	GH_ACCOUNT= freswa
21	GH_PROJECT= dovecot-xaps-daemon	16	GH_PROJECT= dovecot-xaps-daemon
22	GH_TAGNAME= 836a75b	17	GH_TAGNAME= 1e589be
23		18
24	GH_TUPLE= freswa:go-plist:900e8a7d907d:freswa_go_plist/vendor/github.com/freswa/go-plist \	19	GH_TUPLE= freswa:go-plist:900e8a7d907d:freswa_go_plist/vendor/github.com/freswa/go-plist \
25	fsnotify:fsnotify:v1.6.0:fsnotify_fsnotify/vendor/github.com/fsnotify/fsnotify \	20	fsnotify:fsnotify:v1.6.0:fsnotify_fsnotify/vendor/github.com/fsnotify/fsnotify \
Lines 54-59 GO_TARGET= ./cmd/xapsd:${PREFIX}/sbin/xapsd Link Here
54	USERS= ${PORTNAME}	49	USERS= ${PORTNAME}
55	GROUPS= ${PORTNAME}	50	GROUPS= ${PORTNAME}
56		51
		52	PORTSCOUT= ignore:1
		53
57	post-install:	54	post-install:
58	${MKDIR} ${STAGEDIR}${PREFIX}/etc/xapsd	55	${MKDIR} ${STAGEDIR}${PREFIX}/etc/xapsd
59	${INSTALL_DATA} ${WRKSRC}/configs/xapsd/xapsd.yaml ${STAGEDIR}${PREFIX}/etc/xapsd/xapsd.yaml.sample	56	${INSTALL_DATA} ${WRKSRC}/configs/xapsd/xapsd.yaml ${STAGEDIR}${PREFIX}/etc/xapsd/xapsd.yaml.sample

Added Link Here

(-)b/net/xapsd/files/0001-fix-apple-ignore-malformed-HTTP-headers.patch (-1 / +99 lines)
0	-	1	From 1c52af3a7cc168cec089a810c32e861ab988840c Mon Sep 17 00:00:00 2001
		2	From: Leon Klingele <git@leonklingele.de>
		3	Date: Wed, 13 Mar 2024 22:12:25 +0100
		4	Subject: [PATCH] fix(apple): ignore malformed HTTP headers
		5
		6	See also https://github.com/golang/go/issues/21290.
		7
		8	Fixes https://github.com/freswa/dovecot-xaps-daemon/issues/24.
		9	---
		10	pkg/apple_xserver_certs/http.go \| 51 ++++++++++++++++++++++++++++++---
		11	1 file changed, 47 insertions(+), 4 deletions(-)
		12
		13	diff --git a/pkg/apple_xserver_certs/http.go b/pkg/apple_xserver_certs/http.go
		14	index d39a6fc..939fcf0 100644
		15	--- a/pkg/apple_xserver_certs/http.go
		16	+++ b/pkg/apple_xserver_certs/http.go
		17	@@ -1,11 +1,16 @@
		18	package apple_xserver_certs
		19
		20	import (
		21	+ "bufio"
		22	"bytes"
		23	+ "context"
		24	+ "crypto/tls"
		25	"encoding/pem"
		26	+ "io"
		27	"io/ioutil"
		28	"log"
		29	"net/http"
		30	+ "time"
		31	)
		32
		33	func NewCerts(username string, passwordhash string) *Certificates {
		34	@@ -50,7 +55,6 @@ func handleResponse(certs Certificates, response []byte) Certificates {
		35	}
		36
		37	func sendRequest(reqBody []byte, newCerts bool) (respBody []byte) {
		38	- client := &http.Client{}
		39	r := bytes.NewReader(reqBody)
		40	url := "https://identity.apple.com/pushcert/caservice/renew"
		41	if newCerts {
		42	@@ -67,12 +71,51 @@ func sendRequest(reqBody []byte, newCerts bool) (respBody []byte) {
		43	req.Header.Set("Accept", "/")
		44	req.Header.Set("Accept-Language", "en-us")
		45
		46	- resp, err := client.Do(req)
		47	+ req.Close = true
		48	+
		49	+ ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
		50	+ defer cancel()
		51	+
		52	+ conn, err := new(tls.Dialer).DialContext(
		53	+ ctx,
		54	+ "tcp",
		55	+ req.URL.Host+":443",
		56	+ )
		57	if err != nil {
		58	- log.Fatalln(err)
		59	+ log.Fatalln(err) // TODO: Handle error properly
		60	+ }
		61	+ defer func() {
		62	+ _ = conn.Close() //nolint:errcheck,gosec // Ignored on purpose
		63	+ }()
		64	+
		65	+ if err := req.Write(conn); err != nil {
66	+ log.Fatalln(err) // TODO: Handle error properly
67	+ }
68	+
69	+ buf, err := io.ReadAll(io.LimitReader(conn, 1<<10))
70	+ if err != nil {
71	+ log.Fatalln(err) // TODO: Handle error properly
72	+ }
73	+
74	+ const (
75	+ cr = "\r"
76	+ nl = "\n"
77	+ )
78	+ for _, ign := range []string{
79	+ "1;: mode=block",
80	+ "max-age=31536000;: includeSubdomains",
81	+ } {
82	+ buf = bytes.Replace(buf, []byte(nl+ign+cr+nl), []byte(nl), 1)
83	+ }
84	+
85	+ resp, err := http.ReadResponse(bufio.NewReader(bytes.NewReader(buf)), req)
86	+ if err != nil {
87	+ log.Fatalln(err) // TODO: Handle error properly
88	}
89	+ defer func() {
90	+ _ = resp.Body.Close() //nolint:errcheck,gosec // Ignored on purpose
91	+ }()
92
93	- defer resp.Body.Close()
94	respBody, err = ioutil.ReadAll(resp.Body)
95	if err != nil {
96	log.Fatalln(err)
97	--
98	2.34.1
99