net/xapsd: Update g20240326 => g20241228

- fixes CVE-2024-45338 and CVE-2024-51744
- requires at least go 1.23, so use latest stable
- adds sub folder support

Commit log:
https://github.com/freswa/dovecot-xaps-daemon/compare/1e589be...8cf4e49

PR:	285485

5 files changed, 152 insertions, 135 deletions

diff --git a/net/xapsd/Makefile b/net/xapsd/Makefile
index d48dbd68cea9..30ac9b4c6809 100644
--- a/net/xapsd/Makefile
+++ b/net/xapsd/Makefile
@@ -1,6 +1,5 @@
 PORTNAME=	xapsd
-DISTVERSION=	g20240326
-PORTREVISION=	7
+DISTVERSION=	g20241228
 CATEGORIES=	net
 
 MAINTAINER=	PopularMoment@protonmail.com
@@ -10,39 +9,37 @@ WWW=		https://github.com/freswa/dovecot-xaps-daemon
 LICENSE=	MIT
 LICENSE_FILE=	${WRKSRC}/LICENSE
 
-USES=		go:modules
+USES=		go:1.24,modules
 USE_RC_SUBR=	xapsd
 USE_GITHUB=	yes
 GH_ACCOUNT=	freswa
 GH_PROJECT=	dovecot-xaps-daemon
-GH_TAGNAME=	1e589be
+GH_TAGNAME=	8cf4e49
 
 GH_TUPLE=	freswa:go-plist:900e8a7d907d:freswa_go_plist/vendor/github.com/freswa/go-plist \
-		fsnotify:fsnotify:v1.6.0:fsnotify_fsnotify/vendor/github.com/fsnotify/fsnotify \
+		fsnotify:fsnotify:v1.8.0:fsnotify_fsnotify/vendor/github.com/fsnotify/fsnotify \
 		go-ini:ini:v1.67.0:go_ini_ini/vendor/gopkg.in/ini.v1 \
 		go-yaml:yaml:v3.0.1:go_yaml_yaml/vendor/gopkg.in/yaml.v3 \
-		golang-jwt:jwt:v4.5.0:golang_jwt_jwt_v4/vendor/github.com/golang-jwt/jwt/v4 \
-		golang:exp:7918f672742d:golang_exp/vendor/golang.org/x/exp \
-		golang:net:v0.17.0:golang_net/vendor/golang.org/x/net \
-		golang:sys:v0.13.0:golang_sys/vendor/golang.org/x/sys \
-		golang:text:v0.13.0:golang_text/vendor/golang.org/x/text \
+		golang-jwt:jwt:v4.5.1:golang_jwt_jwt_v4/vendor/github.com/golang-jwt/jwt/v4 \
+		golang:exp:b2144cdd0a67:golang_exp/vendor/golang.org/x/exp \
+		golang:net:v0.33.0:golang_net/vendor/golang.org/x/net \
+		golang:sys:v0.28.0:golang_sys/vendor/golang.org/x/sys \
+		golang:text:v0.21.0:golang_text/vendor/golang.org/x/text \
 		hashicorp:hcl:v1.0.0:hashicorp_hcl/vendor/github.com/hashicorp/hcl \
 		julienschmidt:httprouter:v1.3.0:julienschmidt_httprouter/vendor/github.com/julienschmidt/httprouter \
-		magiconair:properties:v1.8.7:magiconair_properties/vendor/github.com/magiconair/properties \
+		magiconair:properties:v1.8.9:magiconair_properties/vendor/github.com/magiconair/properties \
 		mitchellh:mapstructure:v1.5.0:mitchellh_mapstructure/vendor/github.com/mitchellh/mapstructure \
-		pelletier:go-toml:v2.1.0:pelletier_go_toml_v2/vendor/github.com/pelletier/go-toml/v2 \
-		sagikazarmark:locafero:v0.3.0:sagikazarmark_locafero/vendor/github.com/sagikazarmark/locafero \
+		pelletier:go-toml:v2.2.3:pelletier_go_toml_v2/vendor/github.com/pelletier/go-toml/v2 \
+		sagikazarmark:locafero:v0.6.0:sagikazarmark_locafero/vendor/github.com/sagikazarmark/locafero \
 		sagikazarmark:slog-shim:v0.1.0:sagikazarmark_slog_shim/vendor/github.com/sagikazarmark/slog-shim \
-		sideshow:apns2:v0.23.0:sideshow_apns2/vendor/github.com/sideshow/apns2 \
+		sideshow:apns2:v0.25.0:sideshow_apns2/vendor/github.com/sideshow/apns2 \
 		sirupsen:logrus:v1.9.3:sirupsen_logrus/vendor/github.com/sirupsen/logrus \
 		sourcegraph:conc:v0.3.0:sourcegraph_conc/vendor/github.com/sourcegraph/conc \
-		spf13:afero:v1.10.0:spf13_afero/vendor/github.com/spf13/afero \
-		spf13:cast:v1.5.1:spf13_cast/vendor/github.com/spf13/cast \
-		spf13:jwalterweatherman:v1.1.0:spf13_jwalterweatherman/vendor/github.com/spf13/jwalterweatherman \
+		spf13:afero:v1.11.0:spf13_afero/vendor/github.com/spf13/afero \
+		spf13:cast:v1.7.1:spf13_cast/vendor/github.com/spf13/cast \
 		spf13:pflag:v1.0.5:spf13_pflag/vendor/github.com/spf13/pflag \
-		spf13:viper:v1.17.0:spf13_viper/vendor/github.com/spf13/viper \
+		spf13:viper:v1.19.0:spf13_viper/vendor/github.com/spf13/viper \
 		subosito:gotenv:v1.6.0:subosito_gotenv/vendor/github.com/subosito/gotenv \
-		uber-go:atomic:v1.11.0:uber_go_atomic/vendor/go.uber.org/atomic \
 		uber-go:multierr:v1.11.0:uber_go_multierr/vendor/go.uber.org/multierr
 
 GO_TARGET=	./cmd/xapsd:${PREFIX}/sbin/xapsd
diff --git a/net/xapsd/distinfo b/net/xapsd/distinfo
index 741a85ef7df7..14c8c2a539b2 100644
--- a/net/xapsd/distinfo
+++ b/net/xapsd/distinfo
@@ -1,57 +1,53 @@
-TIMESTAMP = 1712416748
-SHA256 (freswa-dovecot-xaps-daemon-g20240326-1e589be_GH0.tar.gz) = 1e6c019df01f9c54e4499537678fbebf83270a39570c24677b41b93ed2022e17
-SIZE (freswa-dovecot-xaps-daemon-g20240326-1e589be_GH0.tar.gz) = 110569
+TIMESTAMP = 1741456749
+SHA256 (freswa-dovecot-xaps-daemon-g20241228-8cf4e49_GH0.tar.gz) = 85296246ef9729d3233dfbf69147ba085f815bccad58a0c1c8d783e42b8dbd77
+SIZE (freswa-dovecot-xaps-daemon-g20241228-8cf4e49_GH0.tar.gz) = 41256
 SHA256 (freswa-go-plist-900e8a7d907d_GH0.tar.gz) = 2b4a06b8805bc1436ab8f34d6fd140645a0a01ccaf9f4b3a7dc3e0e35f5a2e88
 SIZE (freswa-go-plist-900e8a7d907d_GH0.tar.gz) = 47675
-SHA256 (fsnotify-fsnotify-v1.6.0_GH0.tar.gz) = 583b2b399709d04807c5c3185e7d4dc0543d532af91fdeb85eeaf803a0b7703b
-SIZE (fsnotify-fsnotify-v1.6.0_GH0.tar.gz) = 46044
+SHA256 (fsnotify-fsnotify-v1.8.0_GH0.tar.gz) = 3c4cbec6225307397717f18bb87ffc496e59d0f802a41fff572bf09e5dbf6e2b
+SIZE (fsnotify-fsnotify-v1.8.0_GH0.tar.gz) = 72325
 SHA256 (go-ini-ini-v1.67.0_GH0.tar.gz) = 06ba51234140118d1b6064f1817aa89cc971c6e7ce04cb9d286e6660d89296c8
 SIZE (go-ini-ini-v1.67.0_GH0.tar.gz) = 53531
 SHA256 (go-yaml-yaml-v3.0.1_GH0.tar.gz) = cf05411540d3e6ef8f1fd88434b34f94cedaceb540329031d80e23b74540c4e5
 SIZE (go-yaml-yaml-v3.0.1_GH0.tar.gz) = 91173
-SHA256 (golang-jwt-jwt-v4.5.0_GH0.tar.gz) = 00b1cc127cba09b4e4ea9efa5c0f18a36bb55e08b5eec0a222b8e1599a938077
-SIZE (golang-jwt-jwt-v4.5.0_GH0.tar.gz) = 53049
-SHA256 (golang-exp-7918f672742d_GH0.tar.gz) = b95b3ce3e29ce58fb69a562d1e0ad092086f5acbe8258e7288a313c9f354f9ed
-SIZE (golang-exp-7918f672742d_GH0.tar.gz) = 1634283
-SHA256 (golang-net-v0.17.0_GH0.tar.gz) = 8cbbc0df17599834c9f547d802045b279724a3931f3cdb92c02d141214fd80c4
-SIZE (golang-net-v0.17.0_GH0.tar.gz) = 1456230
-SHA256 (golang-sys-v0.13.0_GH0.tar.gz) = 8877d20a8f1b2533ddef00e65b6b3b9cebbcbffa319ed525df0bc229f583e2b6
-SIZE (golang-sys-v0.13.0_GH0.tar.gz) = 1442250
-SHA256 (golang-text-v0.13.0_GH0.tar.gz) = c6e22ff8280188539ba0a6c65cbc80cda877adcf5332651fa78044018c05d6af
-SIZE (golang-text-v0.13.0_GH0.tar.gz) = 8967009
+SHA256 (golang-jwt-jwt-v4.5.1_GH0.tar.gz) = 1bb5df28987139b800083b79fab18bb644f664da1aade0f9d36482c3bf04eccd
+SIZE (golang-jwt-jwt-v4.5.1_GH0.tar.gz) = 53181
+SHA256 (golang-exp-b2144cdd0a67_GH0.tar.gz) = 837709d8463fad36e00f30eafd6b6ab3f44c7e7926959cdafbc69fa4a2a9ffb7
+SIZE (golang-exp-b2144cdd0a67_GH0.tar.gz) = 1741596
+SHA256 (golang-net-v0.33.0_GH0.tar.gz) = 675e0ceaf54baf4f6e2a5152fe148906119c97e7b1d37d1c44ec2621faeab0e8
+SIZE (golang-net-v0.33.0_GH0.tar.gz) = 1466426
+SHA256 (golang-sys-v0.28.0_GH0.tar.gz) = 62726b1ccbb09c7e8de2215756a26012751bdded12b5bacc6de83296db694ebf
+SIZE (golang-sys-v0.28.0_GH0.tar.gz) = 1519898
+SHA256 (golang-text-v0.21.0_GH0.tar.gz) = d64dbf40a8ae06c4805895e48553ecdadaed07089d8ed2168a0d61551d17ff22
+SIZE (golang-text-v0.21.0_GH0.tar.gz) = 8964782
 SHA256 (hashicorp-hcl-v1.0.0_GH0.tar.gz) = 50632428210503070fd2fde748c88b7414bf84a6a0eadebf9d8e596a033bead2
 SIZE (hashicorp-hcl-v1.0.0_GH0.tar.gz) = 70658
 SHA256 (julienschmidt-httprouter-v1.3.0_GH0.tar.gz) = 2999dffc23f8ac3872ea37d108ddec0ba570d2780a42876300bdcdb0744908e2
 SIZE (julienschmidt-httprouter-v1.3.0_GH0.tar.gz) = 23889
-SHA256 (magiconair-properties-v1.8.7_GH0.tar.gz) = 09e950df1970975400edc7f6c2f9e3edace4e1ea49f823006387d130fb0f4f03
-SIZE (magiconair-properties-v1.8.7_GH0.tar.gz) = 31425
+SHA256 (magiconair-properties-v1.8.9_GH0.tar.gz) = 259f5a9eea40458a1096f7c51121178823e912af07c1ca620d115905db5c4f26
+SIZE (magiconair-properties-v1.8.9_GH0.tar.gz) = 28416
 SHA256 (mitchellh-mapstructure-v1.5.0_GH0.tar.gz) = 81106cbac93000812c194b4a2069dd32913ec18819b1e99e8436595ce4939413
 SIZE (mitchellh-mapstructure-v1.5.0_GH0.tar.gz) = 30123
-SHA256 (pelletier-go-toml-v2.1.0_GH0.tar.gz) = ee61dae04dfb61262f2ab5c1b55dabaec8acb74f9513e4729b72511479eb9fd1
-SIZE (pelletier-go-toml-v2.1.0_GH0.tar.gz) = 899401
-SHA256 (sagikazarmark-locafero-v0.3.0_GH0.tar.gz) = babb395f253048afda2bd17a91750cf7f2dcb28c1d870f10a01d6d37531d2eeb
-SIZE (sagikazarmark-locafero-v0.3.0_GH0.tar.gz) = 23726
+SHA256 (pelletier-go-toml-v2.2.3_GH0.tar.gz) = 3a5dfdc1e543efd6032813cb27a5b06d66bbefbbcc88bb664f69d605725c42af
+SIZE (pelletier-go-toml-v2.2.3_GH0.tar.gz) = 909237
+SHA256 (sagikazarmark-locafero-v0.6.0_GH0.tar.gz) = 2a1ba4cb44d1858b77fb750f6f72f1b3b3d013ef8731644bdc0a6fdc9e3f28be
+SIZE (sagikazarmark-locafero-v0.6.0_GH0.tar.gz) = 11140
 SHA256 (sagikazarmark-slog-shim-v0.1.0_GH0.tar.gz) = a594ec7e138265768a5c23f8ab460724d8215db45dc1bddde4743bca3373803d
 SIZE (sagikazarmark-slog-shim-v0.1.0_GH0.tar.gz) = 10872
-SHA256 (sideshow-apns2-v0.23.0_GH0.tar.gz) = 5ad9b2fb211ac9ae9040e09ba5b3b2c74189826e778f874b99aeb174ad22a1ea
-SIZE (sideshow-apns2-v0.23.0_GH0.tar.gz) = 1264203
+SHA256 (sideshow-apns2-v0.25.0_GH0.tar.gz) = c269325d9f5d34fd394aecee79d48e1726ce9ddf899f22a20b4362616f388e84
+SIZE (sideshow-apns2-v0.25.0_GH0.tar.gz) = 1264207
 SHA256 (sirupsen-logrus-v1.9.3_GH0.tar.gz) = cfa48a647a28c1f12fb6a9b672bc4d88b6407ff05aedcf23ce939d342646acce
 SIZE (sirupsen-logrus-v1.9.3_GH0.tar.gz) = 50320
 SHA256 (sourcegraph-conc-v0.3.0_GH0.tar.gz) = c20a36ef6e8cd4721b8824d3e0a590d78f56ce72ace53ec7fdd2f7a978e9240f
 SIZE (sourcegraph-conc-v0.3.0_GH0.tar.gz) = 23021
-SHA256 (spf13-afero-v1.10.0_GH0.tar.gz) = 4a35513ee4da7c1e38d0abd67fe541c15abe21b45e521498060c565d88213950
-SIZE (spf13-afero-v1.10.0_GH0.tar.gz) = 94857
-SHA256 (spf13-cast-v1.5.1_GH0.tar.gz) = 445aa5b0e61b67ccd0d14fe38cd473d73775f1bec4b58fe83b16e3b0cab08a9a
-SIZE (spf13-cast-v1.5.1_GH0.tar.gz) = 15524
-SHA256 (spf13-jwalterweatherman-v1.1.0_GH0.tar.gz) = 4fd850a792c5738954c4801cf549d8d0bf53edd17139cd39d179aa5abf7ec68d
-SIZE (spf13-jwalterweatherman-v1.1.0_GH0.tar.gz) = 6871
+SHA256 (spf13-afero-v1.11.0_GH0.tar.gz) = f83f67c4a03d8bba2b7fe1a496e848b2b1b7d97d0b951d85d2b401e7488a4ed4
+SIZE (spf13-afero-v1.11.0_GH0.tar.gz) = 89257
+SHA256 (spf13-cast-v1.7.1_GH0.tar.gz) = 582dcd8edee06058dde613d3e9cea2c721a26e8afa7aa782d7d24075798579f3
+SIZE (spf13-cast-v1.7.1_GH0.tar.gz) = 15743
 SHA256 (spf13-pflag-v1.0.5_GH0.tar.gz) = 9a2cae1f8e8ab0d2cc8ebe468e871af28d9ac0962cf0520999e3ba85f0c7b808
 SIZE (spf13-pflag-v1.0.5_GH0.tar.gz) = 50796
-SHA256 (spf13-viper-v1.17.0_GH0.tar.gz) = 7f5476e4333a29e6fd5d277f5f9c7c5e234e802419059c6d6b088108e7627358
-SIZE (spf13-viper-v1.17.0_GH0.tar.gz) = 127661
+SHA256 (spf13-viper-v1.19.0_GH0.tar.gz) = bd754a586de7b8f6e54037b715765833f8120cb8bdbb4240a69c6537a0ccdfd5
+SIZE (spf13-viper-v1.19.0_GH0.tar.gz) = 119990
 SHA256 (subosito-gotenv-v1.6.0_GH0.tar.gz) = 51a5a8e36f30ddd97866779e93c4e93b0d4958a60fabd1d17fc2226bfe7823db
 SIZE (subosito-gotenv-v1.6.0_GH0.tar.gz) = 11470
-SHA256 (uber-go-atomic-v1.11.0_GH0.tar.gz) = cfe258c20d71ac4dbf0f716a23ed00c332b7f281180651e2a67ad40a8b0772cc
-SIZE (uber-go-atomic-v1.11.0_GH0.tar.gz) = 24299
 SHA256 (uber-go-multierr-v1.11.0_GH0.tar.gz) = 8aa599cf7de733306cf8770f854f8a38e6c819b1ae4296f15e44b1e7c6698f34
 SIZE (uber-go-multierr-v1.11.0_GH0.tar.gz) = 16900
diff --git a/net/xapsd/files/patch-internal_apns.go b/net/xapsd/files/patch-internal_apns.go
new file mode 100644
index 000000000000..ff3b78d16cda
--- /dev/null
+++ b/net/xapsd/files/patch-internal_apns.go
@@ -0,0 +1,63 @@
+--- internal/apns.go.orig	2024-03-26 13:15:17 UTC
++++ internal/apns.go
+@@ -1,18 +1,21 @@
+ package internal
+ 
+ import (
++	"crypto/md5"
+ 	"crypto/tls"
+ 	"crypto/x509"
++	"encoding/hex"
+ 	"errors"
++	"net/http"
++	"sync"
++	"time"
++
+ 	"github.com/freswa/dovecot-xaps-daemon/internal/config"
+ 	"github.com/freswa/dovecot-xaps-daemon/internal/database"
+ 	"github.com/freswa/dovecot-xaps-daemon/pkg/apple_xserver_certs"
+ 	"github.com/sideshow/apns2"
+ 	log "github.com/sirupsen/logrus"
+ 	"golang.org/x/net/http2"
+-	"net/http"
+-	"sync"
+-	"time"
+ )
+ 
+ const (
+@@ -135,11 +138,11 @@ func (apns *Apns) checkDelayed() {
+ 	}
+ 	apns.mapMutex.Unlock()
+ 	for _, reg := range sendNow {
+-		apns.SendNotification(reg, false)
++		apns.SendNotification(reg, false, "")
+ 	}
+ }
+ 
+-func (apns *Apns) SendNotification(registration database.Registration, delayed bool) {
++func (apns *Apns) SendNotification(registration database.Registration, delayed bool, mailbox string) {
+ 	apns.mapMutex.Lock()
+ 	if delayed {
+ 		apns.delayedApns[registration] = time.Now()
+@@ -149,6 +152,7 @@ func (apns *Apns) SendNotification(registration databa
+ 		delete(apns.delayedApns, registration)
+ 		apns.mapMutex.Unlock()
+ 	}
++
+ 	log.Debugln("Sending notification to", registration.AccountId, "/", registration.DeviceToken)
+ 
+ 	notification := &apns2.Notification{}
+@@ -156,6 +160,13 @@ func (apns *Apns) SendNotification(registration databa
+ 	notification.Topic = apns.Topic
+ 	composedPayload := []byte(`{"aps":{`)
+ 	composedPayload = append(composedPayload, []byte(`"account-id":"`+registration.AccountId+`"`)...)
++
++	if mailbox != "" {
++		hash := md5.Sum([]byte(mailbox))
++		mailbox_hash := hex.EncodeToString(hash[:])
++		composedPayload = append(composedPayload, []byte(`, "m":"`+mailbox_hash+`"`)...)
++	}
++
+ 	composedPayload = append(composedPayload, []byte(`}}`)...)
+ 	notification.Payload = composedPayload
+ 	notification.Expiration = time.Now().Add(24 * time.Hour)
diff --git a/net/xapsd/files/patch-internal_socket.go b/net/xapsd/files/patch-internal_socket.go
new file mode 100644
index 000000000000..77652634e99b
--- /dev/null
+++ b/net/xapsd/files/patch-internal_socket.go
@@ -0,0 +1,44 @@
+--- internal/socket.go.orig	2024-03-26 13:15:17 UTC
++++ internal/socket.go
+@@ -2,12 +2,13 @@ package internal
+ 
+ import (
+ 	"encoding/json"
++	"net/http"
++	"strings"
++
+ 	"github.com/freswa/dovecot-xaps-daemon/internal/config"
+ 	"github.com/freswa/dovecot-xaps-daemon/internal/database"
+ 	"github.com/julienschmidt/httprouter"
+ 	log "github.com/sirupsen/logrus"
+-	"net/http"
+-	"strings"
+ )
+ 
+ type httpHandler struct {
+@@ -147,11 +148,11 @@ func (httpHandler *httpHandler) handleNotify(writer ht
+ 	}
+ 
+ 	// we don't know how to handle other mailboxes other than INBOX, so ignore them
+-	if notify.Mailbox != "INBOX" {
+-		log.Debugln("Ignoring non INBOX event for:", notify.Mailbox)
+-		writer.WriteHeader(http.StatusOK)
+-		return
+-	}
++	//if notify.Mailbox != "INBOX" {
++	//	log.Debugln("Ignoring non INBOX event for:", notify.Mailbox)
++	//	writer.WriteHeader(http.StatusOK)
++	//	return
++	//}
+ 
+ 	// Find all the devices registered for this mailbox event
+ 	registrations, err := httpHandler.db.FindRegistrations(notify.Username, notify.Mailbox)
+@@ -179,7 +180,7 @@ func (httpHandler *httpHandler) handleNotify(writer ht
+ 	// Send a notification to all registered devices. We ignore failures
+ 	// because there is not a lot we can do.
+ 	for _, registration := range registrations {
+-		httpHandler.apns.SendNotification(registration, !isMessageNew)
++		httpHandler.apns.SendNotification(registration, !isMessageNew, notify.Mailbox)
+ 	}
+ 
+ 	writer.WriteHeader(http.StatusOK)
diff --git a/net/xapsd/files/patch-pkg_apple__xserver__certs_http.go b/net/xapsd/files/patch-pkg_apple__xserver__certs_http.go
deleted file mode 100644
index cc029df6316f..000000000000
--- a/net/xapsd/files/patch-pkg_apple__xserver__certs_http.go
+++ /dev/null
@@ -1,83 +0,0 @@
---- pkg/apple_xserver_certs/http.go.orig	2024-03-26 13:15:17 UTC
-+++ pkg/apple_xserver_certs/http.go
-@@ -1,11 +1,17 @@
- package apple_xserver_certs
- 
- import (
-+	"bufio"
- 	"bytes"
-+	"context"
-+	"crypto/tls"
- 	"encoding/pem"
-+	"io"
- 	"io/ioutil"
- 	"log"
-+	"math"
- 	"net/http"
-+	"time"
- )
- 
- func NewCerts(username string, passwordhash string) *Certificates {
-@@ -50,7 +56,6 @@ func handleResponse(certs *Certificates, response []by
- }
- 
- func sendRequest(reqBody []byte, newCerts bool) (respBody []byte) {
--	client := &http.Client{}
- 	r := bytes.NewReader(reqBody)
- 	url := "https://identity.apple.com/pushcert/caservice/renew"
- 	if newCerts {
-@@ -67,12 +72,51 @@ func sendRequest(reqBody []byte, newCerts bool) (respB
- 	req.Header.Set("Accept", "*/*")
- 	req.Header.Set("Accept-Language", "en-us")
- 
--	resp, err := client.Do(req)
-+	req.Close = true
-+
-+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
-+	defer cancel()
-+
-+	conn, err := new(tls.Dialer).DialContext(
-+		ctx,
-+		"tcp",
-+		req.URL.Host+":443",
-+	)
- 	if err != nil {
--		log.Fatalln(err)
-+		log.Fatalln(err) // TODO: Handle error properly
- 	}
-+	defer func() {
-+		_ = conn.Close() //nolint:errcheck,gosec // Ignored on purpose
-+	}()
- 
--	defer resp.Body.Close()
-+	if err := req.Write(conn); err != nil {
-+		log.Fatalln(err) // TODO: Handle error properly
-+	}
-+
-+	buf, err := io.ReadAll(io.LimitReader(conn, math.MaxInt64))
-+	if err != nil {
-+		log.Fatalln(err) // TODO: Handle error properly
-+	}
-+
-+	const (
-+		cr = "\r"
-+		nl = "\n"
-+	)
-+	for _, ign := range []string{
-+		"1;: mode=block",
-+		"max-age=31536000;: includeSubdomains",
-+	} {
-+		buf = bytes.Replace(buf, []byte(nl+ign+cr+nl), []byte(nl), 1)
-+	}
-+
-+	resp, err := http.ReadResponse(bufio.NewReader(bytes.NewReader(buf)), req)
-+	if err != nil {
-+		log.Fatalln(err) // TODO: Handle error properly
-+	}
-+	defer func() {
-+		_ = resp.Body.Close() //nolint:errcheck,gosec // Ignored on purpose
-+	}()
-+
- 	respBody, err = ioutil.ReadAll(resp.Body)
- 	if err != nil {
- 		log.Fatalln(err)