Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package rspamd for openSUSE:Factory checked in at 2026-06-05 17:38:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rspamd (Old) and /work/SRC/openSUSE:Factory/.rspamd.new.2375 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rspamd" Fri Jun 5 17:38:55 2026 rev:47 rq:1357531 version:4.1.0 Changes: -------- --- /work/SRC/openSUSE:Factory/rspamd/rspamd.changes 2026-04-07 16:48:03.490430824 +0200 +++ /work/SRC/openSUSE:Factory/.rspamd.new.2375/rspamd.changes 2026-06-05 17:38:58.554736951 +0200 @@ -1,0 +2,97 @@ +Fri Jun 5 11:51:31 UTC 2026 - Marcus Rueckert <[email protected]> + +- Update to 4.1.0 + - Incompatible changes + - mx_check: three-layer Redis cache and finer outcome symbols + (MX_NONE replaces MX_NXDOMAIN/MX_MISSING) + - fuzzy_check: discover rspamd.com servers via SRV by default + - Features + - Upstreams: load-aware Power of Two Choices selection, + per-upstream latency EWMA, slow start on revive, per-target + SRV expansion honouring weights and error budgets, and + deferred DNS so transient startup failures no longer drop + upstreams + - url_redirector: chain-aware cache with intermediate hop + injection, coherent browser fingerprint profiles for stealth + resolution, glob-based redirector_hosts_map, and a per-URL + GET allowlist + - mx_check: IP-class classification, bad_mxs/bad_ips trust + maps, and per-source checks + - Protocol (/checkv3): expose custom metadata via metadata + headers and task:get_metadata() + - Composites: hot-reloadable dynamic composites map + - Lua API: bulk and regexp symbol lookups on task; + phase-specific (connect/read/write) timeouts and an on_error + callback for lua_tcp; lua_extras structured loader for custom + selectors, maps, and regexps with cross-kind dependency + ordering; and lua_feedback_parsers for DSN and ARF reports + - Scan timeouts: report pending async events and stalled + symbols when a scan times out + - Selectors: add fuzzy_digest, fuzzy_shingles, authenticated, + and received_count + - Logging & reporting: ClickHouse named extra_columns presets + (with an outbound preset) and richer Elastic logs (Reply-To, + received IPs, URL metadata, forcing module) + - external_services & scanners: per-service <RULE>_CHECK anchor + symbol for dependency ordering, plus eXpurgate engine support + in lua_scanners + - HTML/HTTP: HTML5 tag definitions (video/audio/picture/svg/…) + and optional insertion-ordered HTTP header emission + - Tooling: rspamadm control memstat for per-worker memory dumps + (RSS, mempool callsites, Lua heap, jemalloc), dmarc_report + --batch-wait, and autolearnstats --sort-by/--group + - Containers & misc: env-overridable baseline pidfile and + logging, auto-load of the shipped fasttext model when + present, and fixed-point (%.Nf) formatting with correct + rounding in fpconv + - Bug fixes + - Security hardening (parsers): fix NULL deref on S/MIME with + empty pkcs7-data, bound S/MIME recursion depth, harden + RAR/ZIP/7-zip parsers against malformed input, fix OOB reads + in CSS ident-escape scanning, find_eoh lookahead, bare spf2. + records, and empty/all-dots URL hosts, reject DNS labels that + overrun the packet, prevent an HTML entity-decode buffer + overflow, and add defensive mime_parser guards + - Security hardening (DoS & deps): bound URL query-scan + reentrancy on nested query URLs (multipattern), avoid + uninitialised bytes in rfc2047 decode, guard image linking + against a NULL decoded header, and port libucl upstream + security fixes (msgpack, parser bounds, schema) + - fuzzy_storage: harden network input paths, fix peer-pipe + partial-write resume and shutdown drain, plug a per-refresh + leak in dynamic ban inserts and a per-frame leak on + persistent TCP connections, and stop blocking allowed clients + on TCP + - neural: preserve the trained ANN across symbol-list drift and + symcache-driven profile rotation, and stabilise the profile + digest under disable_symbols_input while retargeting training + to the newest profile + - upstream: refill the token bucket over time so a flapping + upstream recovers, and avoid an infinite loop in get_random + when the only candidate is excluded + - URLs: canonicalise mailto: URIs and bare emails to a + slash-less form (RFC 6068), keep URLs with long userinfo + (userinfo-obfuscation phishing), preserve the verbatim href + as url->raw, and require TLD ≥ 3 chars for word_dot + naked-domain matches + - protocol (/checkv3): apply inline metadata.settings and + populate request headers + - composites: avoid over-eager second-pass deferral so + filter-stage composites are visible from postfilters + - Lua modules: fix a lua_tcp connection leak on read without + write, resolve the Redis master for rspamadm tools under + Sentinel, use Queue:new() in elastic, floor the dmarc connect + timestamp for PUC Lua compatibility, separate the greylisting + period from the Redis connection timeout, and write rspamadm + vault output to stdout directly + - Headers & encoding: emit ARC headers deterministically, map + DKIM permfail to dkim=permerror in Authentication-Results, + honour mime_utf8 in the INVALID_MSGID rule, correct lengths + after in-place mime-header rewrites, keep capture groups that + follow an empty one in regexp, and skip ICU conversion for + the synthetic x-binaryenc charset + - Misc: track all buckets in ratelimit selector rules, warn + when task_timeout is less than the symcache symbol timeout, + and use string_view::data() to fix libc++ builds + +------------------------------------------------------------------- Old: ---- rspamd-4.0.1.tar.gz New: ---- rspamd-4.1.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rspamd.spec ++++++ --- /var/tmp/diff_new_pack.VMzPwS/_old 2026-06-05 17:38:59.570779041 +0200 +++ /var/tmp/diff_new_pack.VMzPwS/_new 2026-06-05 17:38:59.574779207 +0200 @@ -68,7 +68,7 @@ %endif Name: rspamd -Version: 4.0.1 +Version: 4.1.0 Release: 0 Summary: Spam filtering system License: Apache-2.0 @@ -384,7 +384,13 @@ %config(noreplace) %{_sysconfdir}/rspamd/local.d/antivirus.conf.example %dir %{_sysconfdir}/rspamd/lua.local.d/ +%dir %{_sysconfdir}/rspamd/lua.local.d/maps +%dir %{_sysconfdir}/rspamd/lua.local.d/regexps +%dir %{_sysconfdir}/rspamd/lua.local.d/selectors %config(noreplace) %{_sysconfdir}/rspamd/lua.local.d/module.lua.example +%config(noreplace) %{_sysconfdir}/rspamd/lua.local.d/maps/example.lua.example +%config(noreplace) %{_sysconfdir}/rspamd/lua.local.d/regexps/example.lua.example +%config(noreplace) %{_sysconfdir}/rspamd/lua.local.d/selectors/example.lua.example %dir %{_sysconfdir}/rspamd/scores.d %config(noreplace) %{_sysconfdir}/rspamd/scores.d/content_group.conf @@ -583,6 +589,8 @@ %{_datadir}/rspamd/lualib/lua_aliases.lua %{_datadir}/rspamd/lualib/lua_fuzzy_html.lua %{_datadir}/rspamd/lualib/lua_url_filter.lua +%{_datadir}/rspamd/lualib/lua_extras.lua +%{_datadir}/rspamd/lualib/lua_feedback_parsers.lua %dir %{_datadir}/rspamd/lualib/lua_content %{_datadir}/rspamd/lualib/lua_content/ical.lua @@ -624,6 +632,7 @@ %{_datadir}/rspamd/lualib/lua_scanners/vadesecure.lua %{_datadir}/rspamd/lualib/lua_scanners/virustotal.lua %{_datadir}/rspamd/lualib/lua_scanners/metadefender.lua +%{_datadir}/rspamd/lualib/lua_scanners/expurgate.lua %dir %{_datadir}/rspamd/lualib/lua_selectors %{_datadir}/rspamd/lualib/lua_selectors/common.lua @@ -668,6 +677,7 @@ %{_datadir}/rspamd/lualib/rspamadm/logstats.lua %{_datadir}/rspamd/lualib/rspamadm/mapstats.lua %{_datadir}/rspamd/lualib/rspamadm/neural_export.lua +%{_datadir}/rspamd/lualib/rspamadm/memstat.lua %dir %{_datadir}/rspamd/lualib/plugins %{_datadir}/rspamd/lualib/plugins/dmarc.lua ++++++ rspamd-4.0.1.tar.gz -> rspamd-4.1.0.tar.gz ++++++ /work/SRC/openSUSE:Factory/rspamd/rspamd-4.0.1.tar.gz /work/SRC/openSUSE:Factory/.rspamd.new.2375/rspamd-4.1.0.tar.gz differ: char 13, line 1 ++++++ rspamd-conf.patch ++++++ --- /var/tmp/diff_new_pack.VMzPwS/_old 2026-06-05 17:38:59.642782024 +0200 +++ /var/tmp/diff_new_pack.VMzPwS/_new 2026-06-05 17:38:59.650782356 +0200 @@ -1,15 +1,16 @@ -Index: rspamd-3.13.0/conf/rspamd.conf +Index: rspamd-4.1.0/conf/rspamd.conf =================================================================== ---- rspamd-3.13.0.orig/conf/rspamd.conf -+++ rspamd-3.13.0/conf/rspamd.conf -@@ -31,7 +31,8 @@ lang_detection { - } - +--- rspamd-4.1.0.orig/conf/rspamd.conf ++++ rspamd-4.1.0/conf/rspamd.conf +@@ -35,8 +35,9 @@ lang_detection { logging { -- type = "file"; -+ type = "console"; + # Defaults to file logging; a deployment can export RSPAMD_LOG_TYPE + # (e.g. console or syslog) and RSPAMD_LOG_FILE to override without a patch. +- type = "{= env.LOG_TYPE|default('file') =}"; ++ type = "{= env.LOG_TYPE|default('console') =}"; + filename = "{= env.LOG_FILE|default('$LOGDIR/rspamd.log') =}"; + systemd = true; - filename = "$LOGDIR/rspamd.log"; .include "$CONFDIR/logging.inc" .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/logging.inc" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/logging.inc"
