File rspamd.changes of Package rspamd
-------------------------------------------------------------------
Tue Nov 16 08:36:50 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_rspamd.service.patch
-------------------------------------------------------------------
Wed Nov 3 13:39:29 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
- Update to 3.1
- [Feature] Add junk_threshold for autolearn
- [Feature] Add neural test command
- [Feature] Antivirus: Allow to set fake eicar patterns for
testing AV engines
- [Feature] Lua_cdb: Add cdb building interface
- [Feature] Ratelimit: Add per bucket configurations
- [Feature] S3: Allow to store structured data in messagepack
- [Fix] Add concept of uncancellable events to prevent
use-after-free
- [Fix] Add temporary guard to prevent linked list exploitation
- [Fix] Allow spaces in DKIM key records
- [Fix] Another rework of the ucl hashing
- [Fix] Another try to fix references safety
- [Fix] Another try to fix rspamd_text passing in the selectors
- [Fix] Avoid copy for received structure as it has raw C
pointers
- [Fix] Avoid dangling reference
- [Fix] Correctly check numeric URLs in URL DNS lists
- [Fix] Delete the correct pointer type
- [Fix] Dmarc: Always lowercase domain
- [Fix] Fix compilation of the hyperscan databases with errors
- [Fix] Fix hash table lookup
- [Fix] Fix http message flag shift
- [Fix] Fix parsing of the from_hostname when it is an IP address
- [Fix] Fix parsing of the unquoted attributes in HTML
- [Fix] Fix passing of rspamd_text in selectors pipelines
- [Fix] Fix rubbish QP sequences decoding
- [Fix] Fix some complicated case with the closing tags parsing
- [Fix] Fix the case when l tag is too small
- [Fix] Html: Fix the case where only bgcolor is explicitly set
- [Fix] Libucl: Fix deletion from ucl objects
- [Fix] Namespace and add metadata for OpenMetrics, fix
interleaving
- [Fix] Plug memory leak in http settings reload
- [Fix] Preserve SPF top record in the mempool variable
- [Fix] Remove aarch64 GC64 workaround
- [Fix] Remove bogus G_LIKELY
- [Fix] Spf: Do not parse non TXT DNS replies as TXT replies
- [Fix] Try to use on_connect/on_disconnect callbacks to handle
internal Redis failures
- [Fix] buffer overflow in rspamc counters
- [Fix] fix static building
- [Fix] lua_scanners - message_min_words logic
- [Fix] src/lua/lua_mimepart.c: fix null dereference
- [Project] Add constant iterators
- [Project] Add helper library to handle mime strings in a more
safe matter
- [Project] Add preliminary support of CDB bayes dump
- [Project] Add trim operations
- [Project] Allow mempool allocated mime strings
- [Project] Cdb: Finish backend implementation
- [Project] Cdb: Fix configuration load
- [Project] Cdb: Use shared data between cdb statfiles
- [Project] Cdb: continue statistics backend implementation
- [Project] Finish received headers rework part
- [Project] Move C++ specific declarations to C++ header
- [Project] Rework received headers parsing to C++
- [Project] Start using of the new received structure
- [Project] Start work on cdb backend
- [Rework] Further rework of the redis pool
- [Rework] Redis_pool: fix issues found
- [Rework] Rework learn and add classify condition
- [Rework] Save invisible content to a separate buffer
- [Rework] Start rewriting of the redis pool logic
- [Rules] Improve zero font rule
Full Changelog: https://github.com/rspamd/rspamd/compare/3.0...3.1
- drop patches included in this update:
https://github.com/onqtam/doctest/commit/099d5414e97244ec44cf46b14cd176b3a3dc52e3.patch
https://github.com/rspamd/rspamd/commit/cdedeb9f4.patch
https://github.com/rspamd/rspamd/commit/309bb213cf.patch
-------------------------------------------------------------------
Thu Sep 30 17:58:39 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
- backported https://github.com/onqtam/doctest/commit/099d5414e97244ec44cf46b14cd176b3a3dc52e3.patch
slighty modified to match rspamd
-------------------------------------------------------------------
Fri Sep 17 22:31:22 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
- backport https://github.com/rspamd/rspamd/commit/cdedeb9f4.patch
improve lua 5.4 support
-------------------------------------------------------------------
Fri Sep 17 21:18:15 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
- switch to autosetup, all target distros are new enough
-------------------------------------------------------------------
Fri Sep 17 21:17:54 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
- backport https://github.com/rspamd/rspamd/commit/309bb213cf.patch
to actually make it use system fmt
-------------------------------------------------------------------
Fri Sep 17 20:42:24 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
- force gcc 9 all distros before Tumbleweed:
leap default compiler is gcc7 which is not enough anymore
-------------------------------------------------------------------
Fri Sep 17 20:30:05 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
- use system libfmt and libzstd instead of building the intree copy
-------------------------------------------------------------------
Thu Aug 19 23:06:34 UTC 2021 - Michael Ströder <michael@stroeder.com>
- removed obsolete rspamd-add-lua-5.4.patch
- update to 3.0
* [Conf] Align ARC scores with DKIM scores
* [CritFix] Neural: Fix sorting application
* [Feature] Add a simple dumper for bayes tokens
* [Feature] Add lua_maps.fill_config_maps function
* [Feature] Add preliminary exporter to AWS S3
* [Feature] Add preliminary restore bayes support
* [Feature] Add race condition protection against hs_helper restarts
* [Feature] Add rspamd_utf8_strcmp utility
* [Feature] Add zstd streaming API
* [Feature] Allow to log severity level explicitly
* [Feature] Allow to save and show attachment name when inserting AV scan results
* [Feature] Allow to sort urls for Lua
* [Feature] Allow to specify different timeouts/retransmits for fuzzy rules
* [Feature] Aws_s3: Allow to compress data stored
* [Feature] CMakeLists.txt: Change check and run-test to use rspamd-test-cxx * fixes #3807
* [Feature] Dmarc_report: allow sending reports in batches
* [Feature] Fuzzy_check: Allow to disable subject when making short text hash
* [Feature] Lua_cryptobox: Add keyed ssl hash functions via HMAC
* [Feature] Lua_task: Add get_urls_filtered method
* [Feature] Make monitored checks less frequent
* [Feature] Milter_headers: Add x-rspamd-pre-result header
* [Feature] Neural: Allow to balance FP/FN for the network
* [Feature] Ppopagate monitored errors from rbl module
* [Feature] Pyzor calculate score dynamically Count - WL-Count of default_score in percent
* [Feature] Rbl: Distinguish flattened and non-flattened selectors in RBL requests
* [Feature] Re-add pyzor support
* [Feature] Settings: add ip_map check and rework structure slightly
* [Feature] Spamassassin: Allow to set the default priority for SA scores
* [Feature] Strip smtp comments from message id
* [Feature] add SYSTEM_ZSTD cmake option To use the system zstd instead on the bundled version
* [Feature] external_relay plugin
* [Feature] rspamadm clickhouse neural_train subcommand
* [Fix] #3400 milter_headers: fix inverted logic for extended_headers_rcpt
* [Fix] ASN: fix _FAIL symbol for when main symbol is disabled
* [Fix] Add a special logic for text part with no text extraction
* [Fix] Add diacritics flag for several eu languages
* [Fix] Another FSM fix to accomodate possibility of multiple consequent ?
* [Fix] Avoid curse of dynamic array referencing
* [Fix] Avoid reinitialising neural settings
* [Fix] Check remain before processing TXT records
* [Fix] Enable error multiplier on http errors
* [Fix] Finally rework parsing entities logic
* [Fix] Fix '==' parsing in the content type attributes parser
* [Fix] Fix IPv6 expansion for SPF macros
* [Fix] Fix Mozilla Message-ID detection
* [Fix] Fix an edge case in BITCOIN_ADDR rule
* [Fix] Fix brain-damaged behaviour when http request has a custom Host header
* [Fix] Fix check of limits in email address parsing
* [Fix] Fix copy&paste error and rework
* [Fix] Fix expressions logic for and/or and float values
* [Fix] Fix fuzzy retransmits
* [Fix] Fix http maps with no or invalid expires data
* [Fix] Fix last quote character parsing in the content-type state machine
* [Fix] Fix normalisation flags propagation
* [Fix] Fix overflow when appending many broken tags
* [Fix] Fix parsing of rfc2047 tokens with '?' inside
* [Fix] Fix phishing flag set
* [Fix] Fix rfc2047 embedded into rfc2231 pieces in special headers
* [Fix] Fix round-robin rotation
* [Fix] Fix searching for symbols
* [Fix] Fix storing of the regexps inside variant
* [Fix] Fix tokenization near exceptions
* [Fix] Fix visibility calculations
* [Fix] Html: Attach inline tags to the structure
* [Fix] Html: Do not treat empty tags as block tags
* [Fix] Ical: Do not extract urls from all flags using merely specific ones
* [Fix] Initialise symcache even if it cannot be loaded properly
* [Fix] Lua_fuzzy: Remove text parts check when checking image dimensions
* [Fix] Lua_maps: Fix adjustments for the map type in the complex map definitions
* [Fix] Lua_task: Fix deleted symbols in has_symbol/get_symbol
* [Fix] Move metric and symcache link from validation to the init stage
* [Fix] Oletools: Another try to fix table sorting
* [Fix] One more default behaviour fix
* [Fix] Phishing: Rework urls processing
* [Fix] RBL: was missing some config schema
* [Fix] Replies: Fix 'Reply-To' handling in task:get_reply_sender
* [Fix] Rework metrics handling
* [Fix] Save symcache on exit
* [Fix] Selectors: Filter nil elements in lists
* [Fix] Selectors: Properly fix implicit tostring for nils
* [Fix] Try to fix some broken code in DMARC reporting plugin
* [Fix] Urls: Fix processing of html urls when it comes to the flags
* [Fix] Use proper buffer length
* [Fix] Various visibility fixes
* [Fix]: ASN: dns cb func should also return in case of an error
* [Project] Add a simple css rule definition
* [Project] Add css style skeleton
* [Project] Add css syntax (adopted from ebnf)
* [Project] Add css_selectors
* [Project] Add doctest unit testing library
* [Project] Add expected library
* [Project] Add fmt library for simple string ops
* [Project] Add fu2 library to better functions abstractions
* [Project] Add hashing method
* [Project] Add parsers skeleton
* [Project] Add preliminary support of vcard parser
* [Project] Add process exceptions for invisible text
* [Project] Add some methods for css parser
* [Project] Allow static libstdc++
* [Project] Another whitespace hack
* [Project] CSS: Various fixes in the declarations and values parsing
* [Project] Cpp: Add robin-hood hash map library
* [Project] Css: Add AST debug
* [Project] Css: Add colors conversion functions
* [Project] Css: Add dimensions handling
* [Project] Css: Add display value support
* [Project] Css: Add frozen library from https://github.com/serge-sans-paille/frozen/
* [Project] Css: Add opacity support
* [Project] Css: Add parser helpers to simplify debugging
* [Project] Css: Add preliminary stylesheet support
* [Project] Css: Add rules processing functions and tests
* [Project] Css: Add simple selectors unit tests
* [Project] Css: Add some c++ unit tests
* [Project] Css: Add some debug methods
* [Project] Css: Add some debug statements for the css parser
* [Project] Css: Add some logical skeleton for declarations parser
* [Project] Css: Add url/function tokens
* [Project] Css: Allow at rules parsing
* [Project] Css: Declarations parsing logic skeleton
* [Project] Css: Enable conditional css parsing support from the HTML parser
* [Project] Css: Finish generic lexer cases
* [Project] Css: Fix HSL conversion
* [Project] Css: Fix minus parsing
* [Project] Css: Fix parser consumers nesting
* [Project] Css: Fix parsing of the qualified rules
* [Project] Css: Fix rules merging
* [Project] Css: Further fixes to lexer
* [Project] Css: Further steps to parse css colors + rework
* [Project] Css: Further work on parser's methods
* [Project] Css: Implement backlog of css tokens
* [Project] Css: Implement numbers and ident parsers
* [Project] Css: Implement simple css selectors lookup
* [Project] Css: Implement styles merging
* [Project] Css: Make debug strings json like to simplify tests
* [Project] Css: Minor adjustments
* [Project] Css: More meat to the lexer
* [Project] Css: Move some of the tests to the doctest
* [Project] Css: Projected a parser
* [Project] Css: Properties attachment logic
* [Project] Css: Remove ragel from build targets (maybe keep for reference)
* [Project] Css: Rework css block structure
* [Project] Css: Rework flags of css properties
* [Project] Css: Rework tokens structure
* [Project] Css: Several fixes + tests
* [Project] Css: Simplify checks
* [Project] Css: Simplify debug code
* [Project] Css: Start css selectors parsing logic
* [Project] Css: Start semantic parsing for rules
* [Project] Css: Start stylesheet implementation
* [Project] Css: Tidy up lambdas
* [Project] Css: rework tokeniser
* [Project] Dmarc: Add dmarc report tool (WIP)
* [Project] Dmarc: Add munging configuration
* [Project] Dmarc: Add preliminary munging logic
* [Project] Dmarc: Fix header removal
* [Project] Dmarc: Fix munging logic
* [Project] Dmarc: Use full recipient address instead of a domain map
* [Project] Dmarc: Use zlists for dmarc reports
* [Project] Dmarc_report: Add message generation logic
* [Project] Dmarc_report: Add preliminary sending support
* [Project] Fix lua bindings
* [Project] Fix xml/sgml tags processing
* [Project] Handle new modification
* [Project] Html/CSS: Add transform from a CSS rule to html block
* [Project] Html/CSS: Link html and css styles
* [Project] Html/CSS: Switch styles parsing to css parser
* [Project] Html/Css: Fix some issues found
* [Project] Html/Css: Implement visibility rules for a block
* [Project] Html: Add more tests cases and fix some more corner issues
* [Project] Html: Add rows display type support
* [Project] Html: Allow decode entities function to normalise spaces + unit tests
* [Project] Html: Another rework of the tags structure
* [Project] Html: Another try to fix unbalanced cases
* [Project] Html: Fix crossing spans
* [Project] Html: Fix parent propagation
* [Project] Html: Further rework of the html parsing stuff
* [Project] Html: Implement logic for tags pairing
* [Project] Html: Implement rawtext state machine
* [Project] Html: Insert closing tags as well :(
* [Project] Html: More fixes
* [Project] Html: More fixes
* [Project] Html: More spaces logic fixes
* [Project] Html: One more attempt to write text content
* [Project] Html: Replace \0 in html content
* [Project] Html: Rework img/a tags handling
* [Project] Html: Rework propagation method
* [Project] Html: Rework tags placement
* [Project] Html: Rework transparency logic
* [Project] Html: Support 'hidden' attribute
* [Project] Html: Try another approach to append tags content
* [Project] Html: Try to deal with bad unknown tags properly
* [Project] Lua_aws: Add canonicalisation utility
* [Project] Lua_aws: Add function to produce AWS Authorisation header
* [Project] Lua_aws: Implement request signing
* [Project] Lua_mime: Add lua_mime.modify_headers routine
* [Project] Lua_task: Add modify_header method
* [Project] Lua_task: Allow to extract modified headers
* [Project] Make unescape code public for unit testing
* [Project] More fixes for closed tags
* [Project] More fixes to calculations
* [Project] Rework API for the modified headers
* [Project] Rework html visibility rule
* [Project] Skeleton of the css library
* [Project] Start headers modification API structure
* [Project] Start working on AWS Lua API
* [Project] Use lua_mime to modify headers
* [Project] Use modified headers on dkim signing
* [Project] Use string_view to constexpr variant unpacking
* [Rework] Add composites manager concept
* [Rework] Add tags definitions
* [Rework] Allow C code to be compiled with C++ compiler
* [Rework] Clickhouse: Store url flags
* [Rework] Composites: Rewrite the composites logic
* [Rework] Composites: Start rework of the composites framework
* [Rework] Dmarc: Move check policy function to the common utils
* [Rework] Dmarc: Rework reports keys structure
* [Rework] Further work to make html content private
* [Rework] Html/CSS: Remove css C bindings as they are useless now
* [Rework] Html/CSS: Rework Lua bindings
* [Rework] Html/Css: Start rework of the html blocks
* [Rework] Html: Add images processing logic
* [Rework] Html: Add traverse function
* [Rework] Html: Another steps to get rid of gnode
* [Rework] Html: Convert to variant
* [Rework] Html: Deal with the utf_content part
* [Rework] Html: Final rework part for the html processing code
* [Rework] Html: Fix Lua bindings
* [Rework] Html: Forgot to add the internal include
* [Rework] Html: Further html urls rework
* [Rework] Html: Further rework of the tags content extraction
* [Rework] Html: Make parameters as a vector again
* [Rework] Html: Move blocks part
* [Rework] Html: Move images processing stuff
* [Rework] Html: Rework lua bindings
* [Rework] Html: Start html text extraction rework
* [Rework] Html: Start refactoring of the html tags handling
* [Rework] Html: Start removing of GNode stuff
* [Rework] Html: Start rework of the html content structure
* [Rework] Lua_magic: Try to detect text parts with 8bit characters for non-utf8 encodings
* [Rework] Move HTML url functions and rework them
* [Rework] Move and adopt entities handling logic
* [Rework] Move common and rarely used dmarc code to the library
* [Rework] Move compression routines outside of rspamd_util library
* [Rework] Move entities/tags handling
* [Rework] Phishing: Split from redirectors usage
* [Rework] Redesign html blocks propagation logic
* [Rework] Remove tag name string
* [Rework] Rename phished url to a linked url
* [Rework] Reorganize dmarc plugin and remove unsupported reporting code
* [Rework] Reputation: Use more flexible types in get/set functions
* [Rework] Require proper C++ environment for Rspamd build
* [Rework] Rework extended urls output
* [Rework] Rework tags parsing machine
* [Rework] Slightly improve old regexp API
* [Rework] Start conversion of the redis pool code to c++
* [Rework] Try to resolve failed upstreams more agressively
* [Rework] Use C++ utf8 library with unit tests to trim whitespaces
* [Rework] Use C++ version for unicode normalisation
* [Rework] Use C++ version of the lua threads pool
* [Rules] Add raw addresses to MULTIPLE_FROM options
* [Rules] Another fix to HTTP_TO_HTTPS rule
* [Rules] Do not trigger HTML_SHORT_LINK_IMG on external images
* [Rules] Extend FORGED_X_MAILER
* [Rules] Extend OLD_X_MAILER
* [Rules] Fix CTYPE_MIXED_BOGUS for text attachments
* [Rules] Fix FPs for CTYPE_MIXED_BOGUS
* [Rules] Fix HTTP_TO_HTTPS rule
* [Rules] Fix HTTP_TO_HTTPS rule
* [Rules] Fix zerofont rule (partially)
* [Rules] Micro-optimize X_PHP_EVAL
* [Rules] Reduce default weight for R_MISSING_CHARSET
-------------------------------------------------------------------
Wed Jun 2 13:55:50 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
- use systemd_ordering
-------------------------------------------------------------------
Wed Jun 2 13:55:08 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
- add Requires(pre) to shadow to fix %pre scriptlet
-------------------------------------------------------------------
Wed Jun 2 00:19:41 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
- disable PCRE2 for now:
https://bugzilla.opensuse.org/show_bug.cgi?id=1182864#c10
-------------------------------------------------------------------
Tue Mar 2 11:04:58 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org>
- Add patch to fix build with lua 5.4:
* rspamd-add-lua-5.4.patch
-------------------------------------------------------------------
Fri Feb 19 01:02:52 UTC 2021 - Bernhard Wiedemann <bwiedemann@suse.com>
- Fix i586 build
-------------------------------------------------------------------
Fri Jan 8 20:22:15 UTC 2021 - Michael Ströder <michael@stroeder.com>
- update to 2.7
* [Conf] Add R_DKIM_PERMFAIL to the metric
* [CritFix] Dkim: Fix simple canonicalisation if multiple signatures are presented
* [CritFix] Fix controller paths normalisation
* [Feature] Add INVALID_DATE rule
* [Feature] Add controller endpoint for training neural
* [Feature] Add sanity checks for actions thresholds
* [Feature] Add support of '==' and '!=' in Rspamd expressions
* [Feature] Composites: Improve composite atoms parser
* [Feature] Docker: use Debian slim variant
* [Feature] Elastic: Add some missing fields
* [Feature] Extract text from img alt attributes
* [Feature] Improve charset detection logic
* [Feature] Lua_clickhouse: Add optional row callback for large selections
* [Feature] Lua_dns_resolver: Add idna_convert_utf8 method
* [Feature] Lua_mime: Add ability to do multipattern replacement
* [Feature] Lua_trie: Allow to report start of the match
* [Feature] Multimap: support adding map values as extra options
* [Feature] Neural: Move PCA learning to a subprocess
* [Feature] RBL: support matching content/image URLs only
* [Feature] RBL: support use of multiple selectors
* [Feature] Reputation: Allow to specify ip masks
* [Feature] Support SMIME signed messages container
* [Feature] Support multiple conditions for symbols
* [Feature] Support ping in milter mode
* [Feature] Support rspamd_text in selector regexps
* [Feature] Use own daemonization routine
* [Feature] Vadesecure: Implement settings_outbound feature as recommended by Vade
* [Feature] `rspamadm clickhouse` command
* [Feature] allow hyperscan for aarch64
* [Fix] Allow to set priorities between post init scripts
* [Fix] Allow to use maps for strings that are not zero terminated
* [Fix] Apply max_lua_urls limit for emails as well
* [Fix] Arc: Fix CV check on signing
* [Fix] Arc: Fix signing of the broken ARC chains
* [Fix] Clickhouse: escape carriage return
* [Fix] Composites: Allow partial match
* [Fix] Deduct type of a table methods
* [Fix] Do not load errored hyperscan database
* [Fix] Do not process links in ignored html tags
* [Fix] Fix ClamAV result for cached encrypted file (#3395)
* [Fix] Fix canonicalisation when l= tag is presented
* [Fix] Fix flag shift
* [Fix] Fix handling of skip/skip_process http flags
* [Fix] Fix html attachments checks
* [Fix] Fix issue with pushing binary formats to Lua strings
* [Fix] Fix logging for rspamadm
* [Fix] Fix off-by-one with init check
* [Fix] Fix parsing of escape characters in quoted pairs
* [Fix] Fix pushing ucl strings with \0 inside
* [Fix] Fix quoted-printable soft newlines bugged case
* [Fix] Fix settings in case actions are set to null (#3415)
* [Fix] Fix several issues with auth results producing
* [Fix] Fix smtp comments exclusion
* [Fix] Fix smtp date syntax definition
* [Fix] Fix substring search in case if srchlen == inlen
* [Fix] Fix text selectors
* [Fix] Honour `systemd` setting when logging to console (#3514)
* [Fix] Html: Add entities collisions prevention logic (e.g. for mathml entities)
* [Fix] Lua_auth_results: Quote potentially bad values in AR header
* [Fix] Multimap: Fix flags usage
* [Fix] Multimap: Fix scoring for combined maps
* [Fix] Plug GList * leak in redis pool
* [Fix] RBL: allow for multiple matches of the same label if types are different
* [Fix] Rely on libev checks for file maps
* [Fix] Restore simple dkim canonicalisation mode
* [Fix] Return MimeCharset as we work with emails...
* [Fix] Spamassassin: Fix pcre_only flags
* [Fix] Spamassassin: Preserve 'pcre_only' flag when dealing with regexp replacements
* [Fix] Try to fix GError leak
* [Fix] Try to fix a mess with settings loading by adding priorities
* [Fix] Try to move setings initialisation to a later stage
* [Fix] Use dup fd in milter handler to avoid races with the proxy
* [Fix] Use message pointer to avoid obsolete data to be cached
* [Project] Rbl: Migrate to `checks`
* [Project] Rbl: Move config code outside of the plugin
* [Project] Ressurect empty prefilters as connection filters
* [Project] Support connection filters registration from Lua
* [Rework] Add final cleanup logic
* [Rework] Add preliminary support of hyperscan caching for re maps
* [Rework] Add stale cache removal
* [Rework] Clickhouse: Improve performance
* [Rework] Distinguish between strict config test mode
* [Rework] Furhter logging improvements
* [Rework] Milter_headers: improve extended_headers_rcpt support
* [Rework] Move parsers to a separate lua library
* [Rework] Neural: Skip composite symbols
* [Rework] Rbl: Rework defaults logic
* [Rework] Some tunes to cache saving
* [Rework] Track maps origins
* [Rework] Use full crypto hash for regexp maps
* [Rules] Remove broken rule
-------------------------------------------------------------------
Thu Nov 26 12:05:28 UTC 2020 - Bernhard Wiedemann <bwiedemann@suse.com>
- Wait for network to be up before starting
-------------------------------------------------------------------
Fri Oct 9 17:51:10 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
- fix apparmor profile
- allow reading the webapp dir to make the builtin webserver work
- modernize the profile to use a short profile name
- remove php abstraction, replaced with rule to read the icu data
files
- remove all file rules that are covered by the base and
nameservice abstraction
- allow include (with "if exists) for local/rspamd and
local/usr.bin.rspamd (for backrwards compat)
-------------------------------------------------------------------
Mon Oct 5 10:42:14 UTC 2020 - Bernhard Wiedemann <bwiedemann@suse.com>
- Add usr.bin.rspamd apparmor profile
-------------------------------------------------------------------
Thu Oct 1 09:39:29 UTC 2020 - Bernhard Wiedemann <bwiedemann@suse.com>
- update to 2.6
* https://rspamd.com/announce/2020/09/30/rspamd-2.6.html
* Rework neural network plugin
* Rework bitcoin detection library
* Fix IDNA bugs
* Send more fuzzy module telemetry data to rspamd servers
* Drop upstream rspamd-gcc10-buildfix.patch
* Drop rspamd-moonjit.patch
-------------------------------------------------------------------
Wed Aug 12 03:34:28 UTC 2020 - Bernhard Wiedemann <bwiedemann@suse.com>
- Add rspamd-gcc10-buildfix.patch for Factory
- Skip rspamd-moonjit.patch on SLE to fix build
-------------------------------------------------------------------
Thu Apr 16 20:49:12 UTC 2020 - Hans-Peter Jansen <hpj@urpla.net>
- apply rspamd-moonjit.patch in order to allow using moonjit
-------------------------------------------------------------------
Wed Apr 1 21:48:03 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
- update to 2.5
https://rspamd.com/announce/2020/04/01/rspamd-2.5.html
-------------------------------------------------------------------
Fri Feb 28 06:41:59 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
- update to 2.4
https://rspamd.com/announce/2020/02/26/rspamd-2.4.html
-------------------------------------------------------------------
Sun Feb 9 17:09:51 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
- update to 2.3
https://rspamd.com/announce/2020/02/04/rspamd-2.3.html
-------------------------------------------------------------------
Thu Nov 28 16:22:35 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>
- only use hyperscan on x86_64
-------------------------------------------------------------------
Thu Nov 28 15:11:52 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>
- update to 2.2
https://rspamd.com/announce/2019/11/19/rspamd-2.2.html
-------------------------------------------------------------------
Mon Oct 28 16:52:41 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>
- update to 2.1
https://rspamd.com/announce/2019/10/28/rspamd-2.1.html
- dropped rspamd-fix-crash-on-startup.patch
-------------------------------------------------------------------
Sun Oct 13 20:30:34 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
- update to 2.0
https://rspamd.com/announce/2019/10/11/rspamd-2.0.html
Please verify the upgrade notes for incompatible changes:
https://rspamd.com/doc/migration.html#migration-to-rspamd-20
- changed build requires
- added rspamd-fix-crash-on-startup.patch to fix startup crash
(https://github.com/rspamd/rspamd/issues/3079)
-------------------------------------------------------------------
Thu Jun 6 12:50:16 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
- update to 1.9.4
https://rspamd.com/changes.html#release-194-23-may-2019
https://rspamd.com/announce/2019/05/13/rspamd-1.9.3.html
-------------------------------------------------------------------
Fri Apr 19 15:42:58 UTC 2019 - Michael Ströder <michael@stroeder.com>
- update to 1.9.2
https://rspamd.com/announce/2019/04/16/rspamd-1.9.2.html
https://rspamd.com/announce/2019/04/05/rspamd-1.9.1.html
-------------------------------------------------------------------
Wed Mar 13 17:03:30 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>
- update to 1.9.0
https://rspamd.com/announce/2019/03/12/rspamd-1.9.0.html
-------------------------------------------------------------------
Wed Jan 23 16:14:21 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>
- overrides.d should be override.d, this might require changes to
your configuration, please verify.
-------------------------------------------------------------------
Wed Jan 23 16:10:28 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>
- update to 1.8.3
- [CritFix] Make flags mutually exclusive for mime parts
- [CritFix] Strictly deny unencoded bad utf8 sequences in
headers
- [Feature] Add Kaspersky antivirus support
- [Feature] Add method to get dkim results
- [Feature] Add more words regexp classes
- [Feature] Allow to choose words format in `rspamadm mime`
- [Feature] Allow to get all types of words from Lua
- [Feature] Allow to get task flags in C expressions
- [Feature] Allow to require encryption when accepting
connections
- [Feature] Ignore bogus whitespaces in the words
- [Feature] Implement more strict configuration tests
- [Feature] Improve SPF results in Authentication-Results
- [Feature] Support ClickHouse database
- [Fix] Add failsafety for utf8 regexps
- [Fix] Do not trigger BROKEN_CONTENT_TYPE on innocent text
parts
- [Fix] Emit error if connection has been terminated with no
stop pattern
- [Fix] Fix boundaries checks in embedded messages
- [Fix] Fix double free
- [Fix] Perform policy downgrade on sample out, add tests
- [Fix] Properly escape utf8 regexps in hyperscan mode
- [Fix] Selectors - attachments args condition
- [Fix] Some fixes for raw parts
- [Fix] Treat learning errors as non-fatal
- [Fix] Use tld when looking for DKIM domains
- [Project] Words unicode structure rework
- [Project] Add preliminary Redis Sentinel support
- [Project] Improve Authentication-Results header
- [Project] Rework DKIM checks results
- [Project] Use more generalised API to produce meta words
-------------------------------------------------------------------
Mon Nov 19 13:17:01 UTC 2018 - Marcus Rueckert <mrueckert@suse.de>
- update to 1.8.2
- [Conf] Add DWL support in the default configuration
- [Conf] Disable rspamd_update by default (again)
- [Conf] Fix configuration sample for ratelimit
- [CritFix] Disable broken url tags by default
- [CritFix] Fix \0 processing when doing RSA sign
- [CritFix] Fix adding symbols to their primary groups
- [Feature] Add `rspamadm cookie` utility
- [Feature] Add specialised functions for generating encrypted cookies
- [Feature] Add support of cookies in replies module
- [Feature] Add support of words regexps
- [Feature] Allow to add 3rd party clang plugins
- [Feature] Allow to create lua regexps from glob or plain patterns
- [Feature] Allow to set custom limits for upstream lists
- [Feature] Detect orphaned parts and attach them to message
- [Feature] Filter tokens in bayes
- [Feature] Fold b= value when doing arc sealing
- [Feature] Ignore cookies in the future and too old in the past
- [Feature] Skip stop words in statistics
- [Feature] Store stop words and allow to query them
- [Feature] Support query arguments in controller's custom commands
- [Feature] Tune upstream limits in Rspamd proxy
- [Feature] Use different callback symbols for different uribls
- [Feature] Write DKIM selector in dkim allow/reject symbols
- [Fix] Add obs_fws state support to eoh state machine
- [Fix] Add sanity check when applying mime boundaries heuristic
- [Fix] Antivirus - virus names with 0 were recognized as tables
- [Fix] Disable headernames in bayes temporarily
- [Fix] Do not allow syntax errors in include files...
- [Fix] Do not allow to merge an object with an array (or vice versa)
- [Fix] Don't perform forged recipients check for missing recipients
- [Fix] Fix DKIM based RBLs
- [Fix] Fix actrie implementation (sync from upstream), fixed OOB read
- [Fix] Fix explicit methods call in selectors
- [Fix] Fix extraction of additional parts
- [Fix] Fix finalization for internal plugins
- [Fix] Fix override_defaults function
- [Fix] Fix squeezed symbols when using settings
- [Fix] Fix urls insertion in Clickhouse module
- [Fix] Furhter fixes to ratelimits logic
- [Fix] Ignore signatures when looking for boundaries
- [Fix] Properly set learned count
- [Fix] Really fix ratelimits configuration and work
- [Fix] Remove ambigious format flag from printf
- [Fix] Restore URLs exporting in ClickHouse plugin
- [Fix] Rework bayes calculations...
- [Fix] Switch from chi-square to naive for large Fisher value
- [Fix] Treat normal password as enable password if there is no enable password
- [Fix] Use proper syntax for making DNS requests
- [Fix] Various fixes in embedded plugins
- [Project] Change fuzzy check selection logic to lua_fuzzy library
- [Project] Rework async events and symbols
- [Project] Move all metatokens in Bayes to lua_stat from C
- [WebUI] Add history rows per page control
- somehow the Patch/%patch lines for
rspamd-after-redis-target.patch were missing, adding them back.
-------------------------------------------------------------------
Sat Oct 27 01:54:35 UTC 2018 - Marcus Rueckert <mrueckert@suse.de>
- simplify the feature conditionals:
mostly to enable luajit and torch on more platforms
- add -fopenmp to the CFLAGS to fix a warning in torch
-------------------------------------------------------------------
Fri Oct 19 18:20:09 UTC 2018 - Marcus Rueckert <mrueckert@suse.de>
- update to 1.8.1
- [CritFix] Fix options insertion
- [CritFix] Fix words decay one more time (affects long messages)
- [CritFix] Increase default words_decay
- [CritFix] Plug memory leak in redis pool
- [Feature] Add `check_violation` feature to DKIM/ARC signing
- [Feature] Add only unique elements to Clickhouse url arrays
- [Feature] Allow `g+:` and `g-:` composite atoms
- [Feature] Allow dkim domains check in surbl
- [Feature] Allow maps with HTTP auth
- [Feature] Allow to disable actions by users settings
- [Feature] Extend whitelisting options
- [Feature] Store url object in images
- [Feature] Use verdict instead of the plain action in plugins
- [Fix] Allow to call fstring append with NULL string
- [Fix] DCC - luacheck
- [Fix] Do not load torch on each rspamadm invocation
- [Fix] Fix boundaries detection and rework stop words algorithm
- [Fix] Fix dependencies for DNS_SIGNED symbol
- [Fix] Fix errors when dealing with dynamic rates/bursts in
Ratelimit
- [Fix] Fix groups mess
- [Fix] Fix groups mess
- [Fix] Fix parsing address with comments
- [Fix] Fix resolving in DMARC reports
- [Fix] Fix various issues with parsing of the received headers
- [Fix] Fix watchers issue in lua_tcp when doing no resolving
- [Fix] Plug memory leak in language detector (affects reloads)
- [Fix] Remove one letter stop words
- [Fix] Slashing: backport chunk logic from libucl
- [Fix] Stop libevent from using cached time in rspamadm
- [Fix] Try to fix watchers chaining
- [Fix] Various fixes in redis sync interface
- [Fix] ip_score - respect check_authed and check_local settings
from config
- [Project] Rework passthrough actions
- [Project] Clustering module
- [Rework] Always create result for a task
- [Rework] Completely rewrite DMARC checks logic
- [Rework] Rework and fix whitelist plugin
- [WebUI] Add symbols sorting buttons
- [WebUI] Change symbols order without updating history
- [WebUI] Colorize symbols
- [WebUI] Do not display password form when secure_ip is set
- [WebUI] Fix symbol description tooltips display
- [WebUI] History: add sorting by symbol score value
- drop 5093631ddd4d3389cddaaa95865dc4a23143a10f.patch
-------------------------------------------------------------------
Mon Oct 1 14:48:13 UTC 2018 - Marcus Rueckert <mrueckert@suse.de>
- backport 5093631ddd4d3389cddaaa95865dc4a23143a10f.patch:
can be removed in 1.8.1
-------------------------------------------------------------------
Mon Sep 24 22:39:44 UTC 2018 - Marcus Rueckert <mrueckert@suse.de>
- update to 1.8.0
The most important features and fixes
- New selectors framework
This framework allows to combine and process different data
extracted from messages and use that in different plugins, such
as multimap, reputation or ratelimits. It is also possible to
use data extracted in Rspamd regular expressions.
- Coroutines API support in Lua
Now you can write code in a usual imperative manner but you
still will not block any other tasks. Each potentially blocking
operation creates a yielding-point. In turn, this means the
code is suspended until the operation is done (just like
blocking) and resumes only when there is some result.
Meanwhile, other tasks are processed as usual.
- Clickhouse optimization
Rspamd now uses a flat table to optimize ClickHouse SQL
requests. In fact, joins are not recommended by the ClickHouse
developers as multiple joins have proven to be slow. Hence,
Rspamd has moved all data to a single table. Schema migration
is done automatically, however, please read the migration notes
in case of any doubts. Old data is not migrated nor deleted
automatically.
There is now optional data retention support in the ClickHouse
module. You can set retention policies for the data stored in
Clickhouse to conform different regulations (e.g. GDPR).
- Unicode processing improvements
Rspamd now normalizes all unicode data using NFKC schema prior
to processing. This helps to prevent “glyph” attacks used by
some spammers nowadays. Unicode conversion has also been
improved to continue on bad symbols instead of giving up and
working with raw data.
- Language detection improvements
We have reworked the language detector to use stop-words and
rely on unicode glyphs more extensively. As the result of this
work, the speed of language detection has been increased
significantly (by 10 times in some cases). The preciseness of
the detection has also been improved.
- Fixed various bugs in sesssions handling
We have located and fixed various hidden issues caused by async
rules chaining. It might cause inconsistencies in the
dependencies processing, crashes in rare cases and other “bad
things”.
- Various Web Interface improvements and fixes
There are multiple improvements and fixes in the Web Interface.
In particular, the issues with cluster support and aggregation
have been addressed.
For all the fixes see
https://rspamd.com/announce/2018/09/24/rspamd-1.8.0.html
- drop patch 66ffcdfa880daeb3b50c7ef3bcb5511abb6d92f6.patch
included in update
-------------------------------------------------------------------
Thu Aug 30 14:06:44 UTC 2018 - Marcus Rueckert <mrueckert@suse.de>
- add conflicts on rspamd-client to ease switching between the 2
modes
-------------------------------------------------------------------
Thu Aug 30 13:48:21 UTC 2018 - Marcus Rueckert <mrueckert@suse.de>
- undo the split by guarding it with split_out_client:
osc build --with=split_out_client if you want to build with it
-------------------------------------------------------------------
Thu Aug 30 13:39:03 UTC 2018 - Marcus Rueckert <mrueckert@suse.de>
- replace our copy of rspamd.conf with a patch rspamd-conf.patch:
currently we only replace the logging to rspamd.conf with console
and set systemd mode
-------------------------------------------------------------------
Wed Aug 29 15:53:10 UTC 2018 - Marcus Rueckert <mrueckert@suse.de>
- split out rspamc and rspamadm into a rspamd-client package.
the main package will still require it so nothing would change
from this perspective.
This allows administration and training from other machines
without installing the whole stack.
-------------------------------------------------------------------
Wed Aug 29 15:52:31 UTC 2018 - Marcus Rueckert <mrueckert@suse.de>
- added rspamd-after-redis-target.patch:
make sure we start rspamd after redis.target
-------------------------------------------------------------------
Wed Aug 8 08:09:26 UTC 2018 - iippolitov@gmail.com
- updated version to 1.7.8
https://github.com/vstakhov/rspamd/releases/tag/1.7.9
- patch included to fix lua builds on i586
https://github.com/vstakhov/rspamd/commit/66ffcdfa880daeb3b50c7ef3bcb5511abb6d92f6.patch
- 2338.patch is removed: included in the upstream tarball
-------------------------------------------------------------------
Fri Jul 13 16:42:32 UTC 2018 - mrueckert@suse.de
- updated version to 1.7.8
https://github.com/vstakhov/rspamd/releases/tag/1.7.7
https://github.com/vstakhov/rspamd/releases/tag/1.7.8
- added https://github.com/vstakhov/rspamd/pull/2338.patch
-------------------------------------------------------------------
Fri Jul 13 16:37:41 UTC 2018 - mrueckert@suse.de
- limit pcre2 to 15.0 and newer
-------------------------------------------------------------------
Fri Jul 13 16:09:32 UTC 2018 - mrueckert@suse.de
- we had a buildrequires for libfann but the cmake flag was in a
conditional. removed the conditional.
- enable pcre2 support
- prepare building utils but they are broken atm
- enable hyperscan for TW and newer
- enable openblas for 15.0 and newer
- gd library had a BR but was not enabled
-------------------------------------------------------------------
Wed Jun 20 12:00:00 UTC 2018 - iippolitov@gmail.com
- changed default configuration to match current rules
https://rspamd.com/doc/workers/
-------------------------------------------------------------------
Tue Jun 19 12:00:00 UTC 2018 - iippolitov@gmail.com
- updated version to 1.7.6
https://github.com/vstakhov/rspamd/releases/tag/1.7.6
-------------------------------------------------------------------
Mon Apr 30 16:52:25 UTC 2018 - pieter@hollants.com
- updated version to 1.7.3
https://github.com/vstakhov/rspamd/releases/tag/1.7.3
- removed obsolete protocol.c.patch (incorporated into 1.7.3)
-------------------------------------------------------------------
Tue Mar 27 17:20:28 UTC 2018 - iippolitov@gmail.com
- updated version to 1.7.2
https://github.com/vstakhov/rspamd/releases/tag/1.7.2
- fix for https://github.com/vstakhov/rspamd/issues/2120 included
-------------------------------------------------------------------
Thu Mar 22 07:07:35 UTC 2018 - iippolitov@gmail.com
- updated version to 1.7.1
https://github.com/vstakhov/rspamd/releases/tag/1.7.1
- fixed ix86 build
conditional jemalloc, luajit, external hiredis and torch build
- fixed build without LUA JIT
https://github.com/vstakhov/rspamd/pull/2100
- fixed Leap 42.1 build (cmake used wrong ASM compiler)
-------------------------------------------------------------------
Mon Mar 19 18:33:42 UTC 2018 - iippolitov@gmail.com
- updated version to 1.7.0
https://github.com/vstakhov/rspamd/releases/tag/1.7.0
- disabled ENABLE_OPTIMIZE for Leap due to old GCC
https://github.com/vstakhov/rspamd/issues/2091
- luajit enabled by default (required by torch)
-------------------------------------------------------------------
Mon Mar 12 11:57:47 UTC 2018 - asn@cryptomilk.org
- Add missing runtime requirement for lua-lpeg
-------------------------------------------------------------------
Thu Mar 8 23:03:46 UTC 2018 - mrueckert@suse.de
- BR libnsl to fix build on suse_version >= 1500
-------------------------------------------------------------------
Sat Feb 17 09:10:30 UTC 2018 - thomas@cupracer.de
- updated version to 1.6.6
https://github.com/vstakhov/rspamd/releases/tag/1.6.6
-------------------------------------------------------------------
Thu Jul 27 12:15:45 UTC 2017 - iippolitov@gmail.com
- updated version to 1.6.3
https://github.com/vstakhov/rspamd/releases/tag/1.6.3
-------------------------------------------------------------------
Tue Jul 11 08:36:19 UTC 2017 - iippolitov@gmail.com
- updated version to 1.6.2
https://github.com/vstakhov/rspamd/releases/tag/1.6.2
-------------------------------------------------------------------
Wed Jun 14 18:34:59 UTC 2017 - iippolitov@gmail.com
- updated version to 1.6.1
-------------------------------------------------------------------
Tue Jun 13 10:10:53 UTC 2017 - iippolitov@gmail.com
- updated version to 1.6.0
- rspamd.conf with logging to console added to sources
-------------------------------------------------------------------
Tue Jun 6 17:30:00 UTC 2017 - iippolitov@gmail.com
- updated version to 1.5.9
-------------------------------------------------------------------
Mon Apr 3 18:48:46 UTC 2017 - jengelh@inai.de
- Ensure description is neutral. Replace unnecessary
%__-type macro indirections.
-------------------------------------------------------------------
Fri Mar 17 16:08:17 UTC 2017 - asn@cryptomilk.org
- Update to version 1.5.3
https://rspamd.com/announce/2017/03/17/rspamd-1.5.3.html
-------------------------------------------------------------------
Wed Mar 15 08:22:49 UTC 2017 - asn@cryptomilk.org
- Update to version 1.5.2
https://rspamd.com/announce/2017/03/01/rspamd-1.5.0.html
-------------------------------------------------------------------
Thu Dec 1 08:35:40 UTC 2016 - asn@cryptomilk.org
- Update to version 1.4.1
-------------------------------------------------------------------
Tue Nov 29 13:02:36 UTC 2016 - asn@cryptomilk.org
- Update to version 1.4.0
-------------------------------------------------------------------
Wed Jul 27 22:04:41 UTC 2016 - mrueckert@suse.de
- initial package