openSUSE Recommended Update: Recommended update for rspamd ______________________________________________________________________________ Announcement ID: openSUSE-RU-2023:0375-1 Rating: important References: Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for rspamd fixes the following issues: - Update to 3.7.4 - [Enhancement] Add composite rule for suspicious URLs in suspicious messages - [Fix] Another try to fix setproctitle - [Fix] Do not cleanup hyperscan files unless new ones are loaded - [Fix] Fix various issues with canonicalisation of the paths - [Fix] Properly set config field when creating tasks from Lua - [Fix] Set loaded variable explicitly - [Fix] known_senders: fix config handling - [Fix] rbl: fix exclude_local - [Minor] Add missing include for gcc 14 - [Minor] Add rule for messages missing both X-Mailer and User-Agent header - [Minor] Bundle fasttext as linux distributives are just useless - [Minor] Enable fasttext on RPM based linux - [Minor] Forgot it in one more place - [Minor] Improve FREEMAIL_AFF capture rates - [Minor] Limit fasttext to amd64 only - [Minor] Properly search for fasttext include - [Minor] Treat *.zpaq attachments as archives and harmful - [Minor] force_actions: set a group for symbols - [WebUI] Update map editor - Update to 3.7.3 - [Fix] Emergency fix for the hyperscan path error - Update to 3.7.2 - [Minor] Make compiling with backward-cpp optional by @a16bitsysop in #4639 - [Rules] Blank spam detection by @fatalbanana in #4644 - [Minor] Treat *.cue attachments as harmful by @twesterhever in #4642 - Dzjaivnt patch 1 by @dzjaivnt in #4640 - [WebUI] Add control to invert action filter by @moisseev in #4645 - [Fix] DMARC reporting: fix reporting for subdomains by @fatalbanana in #4587 - [Minor] RSPAMD_SHAREDIR is called SHAREDIR in configuration by @fatalbanana in #4649 - [WebUI] Fix history table vanishing by @moisseev in #4661 - Tighten rspamd's attachment policy by @twesterhever in #4656 - [Minor] rbl: support use of different matchers for return codes by @fatalbanana in #4657 - Update to 3.7.1 - [Fix] CMakeLists.txt remove whitespace added by linter as it makes te… by @a16bitsysop in #4560 - fix: redis schema parsing by @Conni2461 in #4562 - [Minor] Update JS libraries by @moisseev in #4567 - [WebUI] Restore contrasting foreground color by @moisseev in #4569 - Add new exporter to push JSON to a raw TCP socket by @lingfish in #4572 - [WebUI] Tweak bootstrap colors for accessibility by @moisseev in #4577 - Rewrite configuration utils in C++ by @vstakhov in #4573 - [Minor] Slightly adjust DNSBL scores by @twesterhever in #4557 - Added support for Redis 6 ACL (username/password) by @laodc in #4578 - [Feature] Support feed exclusions in phishing module by @dragoangel in #4575 - [Minor] Remove unwanted debug logging by @fatalbanana in #4585 - Fix regression in invokation of rspamd-test by @ln5 in #4588 - [Fix] Correct format pattern for RE tree tempfile name by @ln5 in #4590 - [Minor] Remove unused variables by @ln5 in #4591 - [Fix] Correct format string for unw_word_t by @ln5 in #4592 - [Fix] rbl: really fix dependency registration when symbols_prefixes i… by @fatalbanana in #4594 - [Fix] rspamadm mime: arguments beginning with letter t by @fatalbanana in #4597 - [Minor] API docs: lua_ip: fix function name by @fatalbanana in #4598 - [Feature] rbl: support checking numeric URLs in isolation by @fatalbanana in #4596 - [Feature] Add ICAP Content-Type and Filename from TODO List by @lbahtarliev in #4595 - [Minor] Try fix CI by @fatalbanana in #4603 - [Fix] MISSING_MIMEOLE: avoid matching messages from Android GMail app (#4561) by @fatalbanana in #4600 - [WebUI] Set locale on UI load by @moisseev in #4607 - Update configwizard.lua by @Dani778 in #4605 - [Minor] Revisit numeric_urls by @fatalbanana in #4602 - [Fix] Change Date: header location to conform with RFC by @lbahtarliev in #4608 - Implement known senders plugin by @vstakhov in #4610 - Merge tests into master branch by @fatalbanana in #4615 - Run CI on ARM by @fatalbanana in #4617 - [Minor] Try fix test logs by @fatalbanana in #4620 - Minor improvements for CI by @fatalbanana in #4621 - Fix wrong copypasta & mis-named file by @fatalbanana in #4624 - [Fix] Prevent DNSWL sabotage by @mdierksen in #4627 - Update to 3.6 - [WebUI] Migrate to Bootstrap v5.2 by @moisseev in #4444 - fix: avoid double-dip of nrcpt when calculating ratelimit condition by @simbuerg in #4448 - [WebUI] Fix "Clean history" button enabling/disabling in the Scan tab by @moisseev in #4453 - [Minor] Use a scalar variable as a dir handle by @moisseev in #4457 - Fix arc by @jendis in #4449 - [Minor] Fix pagination control border radius by @moisseev in #4461 - [Fix] remove obsolete rspamd-redirector files by @a16bitsysop in #4422 - Add fasttext language detector to Rspamd by @vstakhov in #4473 - [Minor] Fix rows background coloring by @moisseev in #4490 - [WebUI] Add ability to compute fuzzy hashes by @moisseev in #4499 - [Fix] rbl: fix dependency registration when symbols_prefixes is used by @fatalbanana in #4498 - [Enhancement] Add composite rule for messages only containing a redirector URL by @twesterhever in #4496 - [WebUI] Show validation feedback inside login modal by @moisseev in #4504 - [Minor] Improve HACKED_WP_PHISHING coverage by @twesterhever in #4506 - [Minor] Add additional bad extensions by @twesterhever in #4508 - [Minor] Assorted cleanup and housekeeping of configuration files, take 2 by @twesterhever in #4505 - [Rules] Add thread hijacking composite rule by @twesterhever in #4507 - [Minor] Move HAS_ONION_URI from "experimental" to "url" group by @twesterhever in #4495 - [Enhancement] Make Google Firebase rule productive by @twesterhever in #4494 - Use the correct mime format for 7z by @JasonStephenson in #4517 - [Minor] Increase score for .chm attachments by @twesterhever in #4518 - [Enhancement] Improve detection of Google redirection URLs by @twesterhever in #4497 - if elasticsearch_version >= 7 we should not send the _type to elastic… by @mariojansen in #4520 - [Enhancement] Treat HTML attachments as (slightly) bad by @twesterhever in #4519 - Dockerfile: Switch to bookworm by @mrueg in #4532 - [Feature] external_relay: add ip_map strategy by @moesoha in #4537 - [Feature] Detect Apple Mail and remove scores for their known common behavior by @dragoangel in #4538 - [Minor] A bit better apple_x_mailer regex by @dragoangel in #4539 - replace ECDSA_sign_setup/ECDSA_sign_ex with ECDSA_sign by @sthen in #4541 - [Fix] dmarc gramar - allow spaces before ";" by @rheoli in #4547 - [Minor] Minor fixes for previous ratelimit changes by @fatalbanana in #4549 - [Minor] Improve catch rates of FREEMAIL_AFF by @twesterhever in #4556 - [Minor] Tweak HAS_GOOGLE_REDIR to detect Google AMP URLs as well by @twesterhever in #4558 - Enable more features - Enable nice stacktraces for crashes. New BR: libunwind-devel - use system xxhash: New BR: xxhash-devel - enable blas/lapack support for the neural network processing New BR: lapack-devel, libopenblas_openmp-devel, openblas-common-devel - Update to 3.5 - [WebUI] Add legacy history version badge by @moisseev in #4326 - [Feature] Enable Mime part filters on antivirus module by @jonmoesli in #4328 - metadata_exporter http pusher: Extend valid return codes by @yo000 in #4334 - [Minor] debian package: disable luajit on arm64 by @fatalbanana in #4335 - Support external maps in Rspamd by @vstakhov in #4324 - [Fix] Return true from has_urls(true) if only emails are present by @cpragadeesh in #4365 - [Fix] received: filtering of artificial header by @kakochang in #4367 - [Fix] Replace broken strict_domains with phishing_exceptions by @dupondje in #4376 - Fix build with gcc 13 by including by @heirecka in #4375 - rspamc: add -R option for human readable report by @amishmm in #4377 - rspamc: optimize indentation condition by @amishmm in #4381 - Set required_score = reject score and minor change to the report by @amishmm in #4383 - conf/modules.d/arc.conf: fix parameter name by @jendis in #4387 - Fixes to support global lua maps in user settings by @dpetrov67 in #4393 - [Enhancement] Make Google URL redirection rules productive by @twesterhever in #4399 - [Enhancement] Add rule to detect Google Firebase URLs by @twesterhever in #4401 - [Minor] Assorted cleanup and housekeeping of configuration files by @twesterhever in #4397 - addition: add Betterbird to user_agent_thunderbird by @georglauterbach in #4404 - [Minor] Replace "Spamhaus XBL any" hack with a more clear solution by @twesterhever in #4398 - [Enhancement] Add IPFS URL heuristic by @twesterhever in #4310 - Checking for redirector url in mail by @korgoth1 in #4351 - fix incorrect asn references in bimi.conf by @mta59066 in #4410 - [Minor] Account for one more undisclosed-recipients address variant by @citrin in #4413 - Fix for x-rspamd-action in Milter headers module by @nishils in #4416 - [WebUI] Update JS libraries by @moisseev in #4414 - [WebUI] Update bootstrap by @moisseev in #4420 - [Minor] remove check for sys/cdefs.h in CMakelists.txt by @a16bitsysop in #4430 - [Minor] Fix some compiler warnings by @a16bitsysop in #4436 - Upgrade to 3.4 again - Fix metadata_exporter with many recipients by @yo000 in #4294 - [Fix] Fix favicon.ico Content-Type header by @moisseev in #4302 - [Minor] Fix copy-paste error by @moisseev in #4305 - Add basic auth to metadata_exporter http pusher by @yo000 in #4300 - [Enhancement] Add composite rule against AFF involving freemailers by @twesterhever in #4304 - Penalize bounce spam by @frederikbosch in #4308 - Update to 3.4 - Fix metadata_exporter with many recipients by @yo000 in #4294 - [Fix] Fix favicon.ico Content-Type header by @moisseev in #4302 - [Minor] Fix copy-paste error by @moisseev in #4305 - Add basic auth to metadata_exporter http pusher by @yo000 in #4300 - [Enhancement] Add composite rule against AFF involving freemailers by @twesterhever in #4304 - Penalize bounce spam by @frederikbosch in #4308 Patch Instructions: To install this openSUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2023-375=1 Package List: - openSUSE Backports SLE-15-SP5 (aarch64 ppc64le s390x x86_64): rspamd-3.7.4-bp155.2.3.1 References: