git: 5d3208f82787 - 2023Q4 - net/xapsd: update to 836a75b / g20231019

From: Robert Clausecker <fuz_at_FreeBSD.org>
Date: Fri, 03 Nov 2023 21:24:37 UTC
The branch 2023Q4 has been updated by fuz:

URL: https://cgit.FreeBSD.org/ports/commit/?id=5d3208f8278772ccadef51c02a0f6cfb20bf1dfa

commit 5d3208f8278772ccadef51c02a0f6cfb20bf1dfa
Author:     Henry <PopularMoment@protonmail.com>
AuthorDate: 2023-10-31 02:28:50 +0000
Commit:     Robert Clausecker <fuz@FreeBSD.org>
CommitDate: 2023-11-03 21:20:02 +0000

    net/xapsd: update to 836a75b / g20231019
    
    - fixes CVE-2023-3978
    - works around https://github.com/freswa/dovecot-xaps-daemon/issues/24
    
    Changes: https://github.com/freswa/dovecot-xaps-daemon//compare/f6d5733..836a75b
    
    Reported by:    Ian McDowell <me@ianmcdowell.net>
    PR:             274639, 273817
    MFH:            2023Q4
    
    (cherry picked from commit 3b4e5933dedced9b3257ceca13c691243a63778e)
---
 net/xapsd/Makefile | 32 +++++++++++++++++++-------------
 net/xapsd/distinfo | 54 +++++++++++++++++++++++++++++++++---------------------
 2 files changed, 52 insertions(+), 34 deletions(-)

diff --git a/net/xapsd/Makefile b/net/xapsd/Makefile
index caab192fe0ac..4eaefaa42798 100644
--- a/net/xapsd/Makefile
+++ b/net/xapsd/Makefile
@@ -1,6 +1,5 @@
 PORTNAME=	xapsd
-DISTVERSION=	g20230329
-PORTREVISION=	2
+DISTVERSION=	g20231019
 CATEGORIES=	net
 
 MAINTAINER=	PopularMoment@protonmail.com
@@ -10,34 +9,41 @@ WWW=		https://github.com/freswa/dovecot-xaps-daemon
 LICENSE=	MIT
 LICENSE_FILE=	${WRKSRC}/LICENSE
 
-USES=		go:modules
+# must use 1.19 due to https://github.com/freswa/dovecot-xaps-daemon/issues/24
+USES=		go:1.19,modules
 USE_RC_SUBR=	xapsd
 USE_GITHUB=	yes
 GH_ACCOUNT=	freswa
 GH_PROJECT=	dovecot-xaps-daemon
-GH_TAGNAME=	f6d5733
+GH_TAGNAME=	836a75b
 
 GH_TUPLE=	freswa:go-plist:900e8a7d907d:freswa_go_plist/vendor/github.com/freswa/go-plist \
 		fsnotify:fsnotify:v1.6.0:fsnotify_fsnotify/vendor/github.com/fsnotify/fsnotify \
 		go-ini:ini:v1.67.0:go_ini_ini/vendor/gopkg.in/ini.v1 \
 		go-yaml:yaml:v3.0.1:go_yaml_yaml/vendor/gopkg.in/yaml.v3 \
 		golang-jwt:jwt:v4.5.0:golang_jwt_jwt_v4/vendor/github.com/golang-jwt/jwt/v4 \
-		golang:net:v0.7.0:golang_net/vendor/golang.org/x/net \
-		golang:sys:v0.5.0:golang_sys/vendor/golang.org/x/sys \
-		golang:text:v0.7.0:golang_text/vendor/golang.org/x/text \
+		golang:exp:7918f672742d:golang_exp/vendor/golang.org/x/exp \
+		golang:net:v0.17.0:golang_net/vendor/golang.org/x/net \
+		golang:sys:v0.13.0:golang_sys/vendor/golang.org/x/sys \
+		golang:text:v0.13.0:golang_text/vendor/golang.org/x/text \
 		hashicorp:hcl:v1.0.0:hashicorp_hcl/vendor/github.com/hashicorp/hcl \
 		julienschmidt:httprouter:v1.3.0:julienschmidt_httprouter/vendor/github.com/julienschmidt/httprouter \
 		magiconair:properties:v1.8.7:magiconair_properties/vendor/github.com/magiconair/properties \
 		mitchellh:mapstructure:v1.5.0:mitchellh_mapstructure/vendor/github.com/mitchellh/mapstructure \
-		pelletier:go-toml:v2.0.6:pelletier_go_toml_v2/vendor/github.com/pelletier/go-toml/v2 \
+		pelletier:go-toml:v2.1.0:pelletier_go_toml_v2/vendor/github.com/pelletier/go-toml/v2 \
+		sagikazarmark:locafero:v0.3.0:sagikazarmark_locafero/vendor/github.com/sagikazarmark/locafero \
+		sagikazarmark:slog-shim:v0.1.0:sagikazarmark_slog_shim/vendor/github.com/sagikazarmark/slog-shim \
 		sideshow:apns2:v0.23.0:sideshow_apns2/vendor/github.com/sideshow/apns2 \
-		sirupsen:logrus:v1.9.0:sirupsen_logrus/vendor/github.com/sirupsen/logrus \
-		spf13:afero:v1.9.3:spf13_afero/vendor/github.com/spf13/afero \
-		spf13:cast:v1.5.0:spf13_cast/vendor/github.com/spf13/cast \
+		sirupsen:logrus:v1.9.3:sirupsen_logrus/vendor/github.com/sirupsen/logrus \
+		sourcegraph:conc:v0.3.0:sourcegraph_conc/vendor/github.com/sourcegraph/conc \
+		spf13:afero:v1.10.0:spf13_afero/vendor/github.com/spf13/afero \
+		spf13:cast:v1.5.1:spf13_cast/vendor/github.com/spf13/cast \
 		spf13:jwalterweatherman:v1.1.0:spf13_jwalterweatherman/vendor/github.com/spf13/jwalterweatherman \
 		spf13:pflag:v1.0.5:spf13_pflag/vendor/github.com/spf13/pflag \
-		spf13:viper:v1.15.0:spf13_viper/vendor/github.com/spf13/viper \
-		subosito:gotenv:v1.4.2:subosito_gotenv/vendor/github.com/subosito/gotenv
+		spf13:viper:v1.17.0:spf13_viper/vendor/github.com/spf13/viper \
+		subosito:gotenv:v1.6.0:subosito_gotenv/vendor/github.com/subosito/gotenv \
+		uber-go:atomic:v1.11.0:uber_go_atomic/vendor/go.uber.org/atomic \
+		uber-go:multierr:v1.11.0:uber_go_multierr/vendor/go.uber.org/multierr
 
 GO_TARGET=	./cmd/xapsd:${PREFIX}/sbin/xapsd
 
diff --git a/net/xapsd/distinfo b/net/xapsd/distinfo
index 42d0ec85e76f..220616037c02 100644
--- a/net/xapsd/distinfo
+++ b/net/xapsd/distinfo
@@ -1,6 +1,6 @@
-TIMESTAMP = 1681425213
-SHA256 (freswa-dovecot-xaps-daemon-g20230329-f6d5733_GH0.tar.gz) = b90d3c8c0930cddc69f3e73eec85fba2bcdbb63fd6f6f7d2f4d44be9686674c7
-SIZE (freswa-dovecot-xaps-daemon-g20230329-f6d5733_GH0.tar.gz) = 81459
+TIMESTAMP = 1698718840
+SHA256 (freswa-dovecot-xaps-daemon-g20231019-836a75b_GH0.tar.gz) = 806a6b32a7b872a140c68421719c93c65bc3205e6e86800dd36c2e5ade2954d0
+SIZE (freswa-dovecot-xaps-daemon-g20231019-836a75b_GH0.tar.gz) = 109537
 SHA256 (freswa-go-plist-900e8a7d907d_GH0.tar.gz) = 2b4a06b8805bc1436ab8f34d6fd140645a0a01ccaf9f4b3a7dc3e0e35f5a2e88
 SIZE (freswa-go-plist-900e8a7d907d_GH0.tar.gz) = 47675
 SHA256 (fsnotify-fsnotify-v1.6.0_GH0.tar.gz) = 583b2b399709d04807c5c3185e7d4dc0543d532af91fdeb85eeaf803a0b7703b
@@ -11,12 +11,14 @@ SHA256 (go-yaml-yaml-v3.0.1_GH0.tar.gz) = cf05411540d3e6ef8f1fd88434b34f94cedace
 SIZE (go-yaml-yaml-v3.0.1_GH0.tar.gz) = 91173
 SHA256 (golang-jwt-jwt-v4.5.0_GH0.tar.gz) = 00b1cc127cba09b4e4ea9efa5c0f18a36bb55e08b5eec0a222b8e1599a938077
 SIZE (golang-jwt-jwt-v4.5.0_GH0.tar.gz) = 53049
-SHA256 (golang-net-v0.7.0_GH0.tar.gz) = 4949a0dbdd3c200c8681c18bebd65c8e8b620470189361dac05c89c714d9a59b
-SIZE (golang-net-v0.7.0_GH0.tar.gz) = 1241017
-SHA256 (golang-sys-v0.5.0_GH0.tar.gz) = 810c8f1b7704674971ab6b2b614aba20a5a1765018fd2c639f528dbbcbf88b1f
-SIZE (golang-sys-v0.5.0_GH0.tar.gz) = 1429723
-SHA256 (golang-text-v0.7.0_GH0.tar.gz) = a37dfe82c39f84c57a083da9725dd1bdae59cff6a5cbca3ae4443e446b4a70b8
-SIZE (golang-text-v0.7.0_GH0.tar.gz) = 8361947
+SHA256 (golang-exp-7918f672742d_GH0.tar.gz) = b95b3ce3e29ce58fb69a562d1e0ad092086f5acbe8258e7288a313c9f354f9ed
+SIZE (golang-exp-7918f672742d_GH0.tar.gz) = 1634283
+SHA256 (golang-net-v0.17.0_GH0.tar.gz) = 8cbbc0df17599834c9f547d802045b279724a3931f3cdb92c02d141214fd80c4
+SIZE (golang-net-v0.17.0_GH0.tar.gz) = 1456230
+SHA256 (golang-sys-v0.13.0_GH0.tar.gz) = 8877d20a8f1b2533ddef00e65b6b3b9cebbcbffa319ed525df0bc229f583e2b6
+SIZE (golang-sys-v0.13.0_GH0.tar.gz) = 1442250
+SHA256 (golang-text-v0.13.0_GH0.tar.gz) = c6e22ff8280188539ba0a6c65cbc80cda877adcf5332651fa78044018c05d6af
+SIZE (golang-text-v0.13.0_GH0.tar.gz) = 8967009
 SHA256 (hashicorp-hcl-v1.0.0_GH0.tar.gz) = 50632428210503070fd2fde748c88b7414bf84a6a0eadebf9d8e596a033bead2
 SIZE (hashicorp-hcl-v1.0.0_GH0.tar.gz) = 70658
 SHA256 (julienschmidt-httprouter-v1.3.0_GH0.tar.gz) = 2999dffc23f8ac3872ea37d108ddec0ba570d2780a42876300bdcdb0744908e2
@@ -25,21 +27,31 @@ SHA256 (magiconair-properties-v1.8.7_GH0.tar.gz) = 09e950df1970975400edc7f6c2f9e
 SIZE (magiconair-properties-v1.8.7_GH0.tar.gz) = 31425
 SHA256 (mitchellh-mapstructure-v1.5.0_GH0.tar.gz) = 81106cbac93000812c194b4a2069dd32913ec18819b1e99e8436595ce4939413
 SIZE (mitchellh-mapstructure-v1.5.0_GH0.tar.gz) = 30123
-SHA256 (pelletier-go-toml-v2.0.6_GH0.tar.gz) = 90c77524503d123f3a6b64b7dce02d7d94769bd9e05e024b622f63533b00dc5f
-SIZE (pelletier-go-toml-v2.0.6_GH0.tar.gz) = 891667
+SHA256 (pelletier-go-toml-v2.1.0_GH0.tar.gz) = ee61dae04dfb61262f2ab5c1b55dabaec8acb74f9513e4729b72511479eb9fd1
+SIZE (pelletier-go-toml-v2.1.0_GH0.tar.gz) = 899401
+SHA256 (sagikazarmark-locafero-v0.3.0_GH0.tar.gz) = babb395f253048afda2bd17a91750cf7f2dcb28c1d870f10a01d6d37531d2eeb
+SIZE (sagikazarmark-locafero-v0.3.0_GH0.tar.gz) = 23726
+SHA256 (sagikazarmark-slog-shim-v0.1.0_GH0.tar.gz) = a594ec7e138265768a5c23f8ab460724d8215db45dc1bddde4743bca3373803d
+SIZE (sagikazarmark-slog-shim-v0.1.0_GH0.tar.gz) = 10872
 SHA256 (sideshow-apns2-v0.23.0_GH0.tar.gz) = 5ad9b2fb211ac9ae9040e09ba5b3b2c74189826e778f874b99aeb174ad22a1ea
 SIZE (sideshow-apns2-v0.23.0_GH0.tar.gz) = 1264203
-SHA256 (sirupsen-logrus-v1.9.0_GH0.tar.gz) = 12446ed9eb96573c2aae4df2db81900a65bfd21d2ce92efde7201614e42134f7
-SIZE (sirupsen-logrus-v1.9.0_GH0.tar.gz) = 49098
-SHA256 (spf13-afero-v1.9.3_GH0.tar.gz) = 3674636a77f5c7c50de561e2b0e9237b3c7fee902ee66cea4adfb5a83da44891
-SIZE (spf13-afero-v1.9.3_GH0.tar.gz) = 93759
-SHA256 (spf13-cast-v1.5.0_GH0.tar.gz) = b5bf72b468a9a9a0509b7d87c984a9b2e653c9b87e9842da385f81c43bd05b9a
-SIZE (spf13-cast-v1.5.0_GH0.tar.gz) = 15287
+SHA256 (sirupsen-logrus-v1.9.3_GH0.tar.gz) = cfa48a647a28c1f12fb6a9b672bc4d88b6407ff05aedcf23ce939d342646acce
+SIZE (sirupsen-logrus-v1.9.3_GH0.tar.gz) = 50320
+SHA256 (sourcegraph-conc-v0.3.0_GH0.tar.gz) = c20a36ef6e8cd4721b8824d3e0a590d78f56ce72ace53ec7fdd2f7a978e9240f
+SIZE (sourcegraph-conc-v0.3.0_GH0.tar.gz) = 23021
+SHA256 (spf13-afero-v1.10.0_GH0.tar.gz) = 4a35513ee4da7c1e38d0abd67fe541c15abe21b45e521498060c565d88213950
+SIZE (spf13-afero-v1.10.0_GH0.tar.gz) = 94857
+SHA256 (spf13-cast-v1.5.1_GH0.tar.gz) = 445aa5b0e61b67ccd0d14fe38cd473d73775f1bec4b58fe83b16e3b0cab08a9a
+SIZE (spf13-cast-v1.5.1_GH0.tar.gz) = 15524
 SHA256 (spf13-jwalterweatherman-v1.1.0_GH0.tar.gz) = 4fd850a792c5738954c4801cf549d8d0bf53edd17139cd39d179aa5abf7ec68d
 SIZE (spf13-jwalterweatherman-v1.1.0_GH0.tar.gz) = 6871
 SHA256 (spf13-pflag-v1.0.5_GH0.tar.gz) = 9a2cae1f8e8ab0d2cc8ebe468e871af28d9ac0962cf0520999e3ba85f0c7b808
 SIZE (spf13-pflag-v1.0.5_GH0.tar.gz) = 50796
-SHA256 (spf13-viper-v1.15.0_GH0.tar.gz) = bda7c50e3619ac0524425cfd1b797a1c260fd860147eddeea138437d95d83add
-SIZE (spf13-viper-v1.15.0_GH0.tar.gz) = 131720
-SHA256 (subosito-gotenv-v1.4.2_GH0.tar.gz) = b7bafced91bfb64f2f80a78b7c343f0a16099aa0a4049ea6e4d0fa5d62be1741
-SIZE (subosito-gotenv-v1.4.2_GH0.tar.gz) = 10641
+SHA256 (spf13-viper-v1.17.0_GH0.tar.gz) = 7f5476e4333a29e6fd5d277f5f9c7c5e234e802419059c6d6b088108e7627358
+SIZE (spf13-viper-v1.17.0_GH0.tar.gz) = 127661
+SHA256 (subosito-gotenv-v1.6.0_GH0.tar.gz) = 51a5a8e36f30ddd97866779e93c4e93b0d4958a60fabd1d17fc2226bfe7823db
+SIZE (subosito-gotenv-v1.6.0_GH0.tar.gz) = 11470
+SHA256 (uber-go-atomic-v1.11.0_GH0.tar.gz) = cfe258c20d71ac4dbf0f716a23ed00c332b7f281180651e2a67ad40a8b0772cc
+SIZE (uber-go-atomic-v1.11.0_GH0.tar.gz) = 24299
+SHA256 (uber-go-multierr-v1.11.0_GH0.tar.gz) = 8aa599cf7de733306cf8770f854f8a38e6c819b1ae4296f15e44b1e7c6698f34
+SIZE (uber-go-multierr-v1.11.0_GH0.tar.gz) = 16900