Upstream changes:
* quickstep
* crash on a retweet tab in Tweet details tabs when non-Twitter World
is selected
* pass application name to notify-send
* thanks Shibafu Midorino
* improve performance of toot cache
* crash on Fav'ed from Mastodon World when Current World is not
fav'ed account
Upstream changelog (from CHANGELOG.md):
## 1.10.3 / 2019-04-22
### Security Notes
[MRI] Pulled in upstream patch from libxslt that addresses CVE-2019-11068. Full details are available in [#1892](https://github.com/sparklemotion/nokogiri/issues/1892). Note that this patch is not yet (as of 2019-04-22) in an upstream release of libxslt.
## 1.10.2 / 2019-03-24
### Security
* [MRI] Remove support from vendored libxml2 for future script macros. [#1871]
* [MRI] Remove support from vendored libxml2 for server-side includes within attributes. [#1877]
### Bug fixes
* [JRuby] Fix node ownership in duplicated documents. [#1060]
* [JRuby] Rethrow exceptions caught by Java SAX handler. [#1847, #1872] (Thanks, @adjam!)
Changelog:
3.44.1:
* 1554336 - Optimize away unneeded loop in mpi.c
* 1515342 - More thorough input checking
* 1540541 - Don't unnecessarily strip leading 0's from key material during
PKCS11 import
* 1515236 - Add a SSLKEYLOGFILE enable/disable flag at build.sh
* 1546229 - Add IPSEC IKE support to softoken
* 1473806 - Fix SECKEY_ConvertToPublicKey handling of non-RSA keys
* 1546477 - Updates to testing for FIPS validation
* 1552208 - Prohibit use of RSASSA-PKCS1-v1_5 algorithms in TLS 1.3
* 1551041 - Unbreak build on GCC < 4.3 big-endian
Release notes:
- Added support for adding VBA macros to workbooks. These macros can
be extracted from existing xlsm files, created in Excel, and added to
new xlsm files.
- Added support for ZIP64 extensions when writing very large xlsx
files to allow the zip container, or individual XML files within it,
to be greater than 4 GB.
- Added extra validity checks on worksheet names.
1.9.4: 23 May 2019
* [CritFix] Fix case sensitivity when parsing Content-Type
* [Fix] Arc: Another bunch of fixes for arc signing
* [Fix] Arc: More arc signing fixes
* [Fix] Avoid another overflow in fpconv
* [Fix] Fix ARC signing after fixing another bug in it...
* [Fix] Fix dkim signing exceptions
* [Fix] Fix some more corner cases for fpconv
* [Fix] Further fixes to printing of the FP numbers
* [Fix] Ratelimit: Fix dynamic score
1.9.3: 13 May 2019
* [Conf] Add IP_SCORE_FREEMAIL composite rule
* [Feature] Add cryptobox method to generate dkim keypairs
* [Feature] Add fast hashes to lua cryptobox hash
* [Feature] Add least passthrough results
* [Feature] Allow oversign if exists mode
* [Feature] Clickhouse: Modernise table initial schema
* [Feature] Implement IUF interface for specific fast hashes
* [Feature] Lua_util: Allow to obfuscate different fields
* [Feature] Tune memory management in Rspamd and Lua
* [Fix] Avoid buffer overflow when printing long lua strings
* [Fix] Change the default oversigning headers to a more sane list
* [Fix] Clickhouse: Do not store digest as it is not needed now
* [Fix] Clickhouse: Fix lots of storage issues
* [Fix] Clickhouse: Support custom actions
* [Fix] Deny URLs where hostname is bogus
* [Fix] Do not blacklist mail by SPF/DMARC for local/authed users
* [Fix] Fix DoS caused by bug in glib
* [Fix] Fix UCL parsing of the multiline strings
* [Fix] Fix buffer overflow when printing small floats
* [Fix] Fix init code for servers keypairs cache
* [Fix] Fix issue with urls with no tld (e.g. IP)
* [Fix] Fix memory in arc signing logic
* [Fix] Fix memory leak in language detector during reloads
* [Fix] Fix mixed case content type processing
* [Fix] Fix processing of the ip urls in file
* [Fix] Fix use after free
* [Fix] HTML: Fix `size` attribute processing
* [Fix] Hum, it seems that 99ff1c8 was not correct
* [Fix] Lua_task: Fix task:get_from method
* [Fix] Preserve fd when mapping file to scan
* [Fix] Re-use milter_headers settings when doing arc signing
* [Fix] Set dmarc force action as least action
* [Fix] Switch to GMT
* [Fix] allow PKCS7 signatures to be text/plain, too
* [Project] Add initial version of the vault management tool
* [Project] Add vault support for DKIM and ARC signing
* [Project] Implement keys rotation in the vault
* [Project] Improve dkim keys generation for vault
* [Project] Improve keys creation in rspamadm vault
* [Rework] Move lua_worker to a dedicated unit
* [WebUI] Add URL fragments (#) support
* [WebUI] Fix AJAX request URL
1.9.2: 16 Apr 2019
* [Conf] Allow to load users plugins from plugins.d
* [Conf] oversign openpgp and autocrypt headers
* [Feature] Add SPF FFI library for Lua
* [Feature] Add more verbosity for SPF caching
* [Feature] Antivirus: Handle encrypted files specially
* [Feature] Clickhouse: Slashing - add new fields to CH
* [Feature] Dkim_signing: Add OpenDKIM like signing_table and key_table
* [Feature] Dkim_signing: Allow to use new options as maps
* [Feature] Import fpconv library
* [Feature] Lua_maps: Allow static regexp and glob maps
* [Feature] Parse ical files
* [Feature] Rspamadm: Add dns_tool utility
* [Feature] Store SPF records digests
* [Feature] Use fpconv girsu2 implementation for printing floats
* [Fix] Clickhouse: Use integer seconds when inserting rows
* [Fix] Fix floating point printing
* [Fix] Fix processing of embedded urls
* [Fix] Lua_clickhouse: Fix CH errors processing
* [Fix] Make spf digest stable
* [Fix] Properly detect encrypted files in zip archives
* [Fix] Slashing: Store times in GMT timezone in ClickHouse
* [Rules] Add additional conditions to perform BTC checks
* [Rules] Fix pay-to-hash addresses validation
1.9.1: 5 Apr 2019
* [Conf] Add vendor groups for symbols
* [Feature] Add `rspamadm template` command
* [Feature] Allow to add messages from settings
* [Feature] Allow unconnected DNS servers operations
* [Feature] Check limits after being set, migrate to uint64
* [Feature] Greylist: Allow to disable greylisting depending on symbols
* [Feature] Improve lua binary strings output
* [Feature] Mime_types: Implement user configurable extension filters
* [Feature] Mime_types: When no extension defined, detect it by content
* [Feature] Preprocess config files using jinja templates
* [Feature] Replies: Filter replies sender to limit whitelisting to direct messages
* [Feature] Treat all tags with HREF as a potential hyperlinks
* [Feature] Validate BTC addresses in LEAKED_PASSWORD_SCAM
* [Fix] Add crash safety for HTTP async routines
* [Fix] Another fix for Redis sentinel
* [Fix] Clickhouse: Fix table schema upload
* [Fix] Core: Fix squeezed dependencies handling for virtual symbols
* [Fix] Finally fix default parameters parsing in actions section
* [Fix] Fix ES sending logic (restore from coroutines mess)
* [Fix] Fix finishing script for clickhouse collection
* [Fix] Fix priority for regexp symbols registriation
* [Fix] Fix various issues found by PVS Studio
* [Fix] Initialize lua debugging earlier
* [Fix] Neural: Fix training
* [Fix] Rework cached Redis logic to avoid sentinels breaking
* [Fix] SURBL: Fix regression in surbl module
* [Fix] Fix double signing in the milter
* [Project] Add support of HTTP proxy in requests
* [Rework] Change lua global variables registration
* [Rework] Rework HTML content urls extraction
* [Rework] Start rework of aliasing in Rspamd
* [WebUI] Combine Scan and Learning into one tab
* [WebUI] Fix symbol score input type
* [WebUI] Show grayed out pie
* [WebUI] Update Throughput summary values dynamically
1.9.0: 12 Mar 2019
* [Conf] Add missing includes
* [Conf] Move to options
* [Conf] Rbl: DWL is actually special whitelist
* [Conf] Relax some uribl rules
* [Conf] Remove abuse.ch
* [CritFix] Html: Entities are not valid within tag params values
* [Feature] Add `rspamadm mime sign` tool
* [Feature] Add configgraph utility
* [Feature] Add dedicated ZW spaces detection for URLs
* [Feature] Add flag to url object when visible part is url_like
* [Feature] Add method task:lookup_words
* [Feature] Add pyzor support (by crosenberg)
* [Feature] Allow to add upstream watchers to Lua API
* [Feature] Allow to set rewrite subject pattern from settings
* [Feature] Better escaping of unicode
* [Feature] Clickhouse: Allow to store subject in Clickhouse
* [Feature] Core: Add QP encoding utility
* [Feature] Core: Add libmagic detection for all parts
* [Feature] Core: Add support for gzip archives
* [Feature] Core: Allow to construct scan tasks from raw data
* [Feature] Core: Detect charset in archived files
* [Feature] Core: Ignore and mark invisible spaces
* [Feature] Core: Normalise zero-width spaces in urls
* [Feature] Core: Process data urls for images
* [Feature] Core: Relax quoted-printable encoding
* [Feature] Core: Support RFC2231 encoding in headers
* [Feature] Core: Support telephone URLs
* [Feature] Core: allow to emit soft reject on task timeout
* [Feature] DCC: Add bulkness and reputation checks to dcc
* [Feature] Elastic: Modernize plugin
* [Feature] Export visible part of url to lua
* [Feature] Fuzzy_storage: add preliminary support of rate limits
* [Feature] HTML: Specially treat data urls in HTML
* [Feature] Implement event watchers for upstreams
* [Feature] Implement includes tracing in Lua
* [Feature] Improve dkim part in configwizard
* [Feature] Lua_scanners: Add VadeSecure engine support
* [Feature] Lua_task: Add flexible method to get specific urls
* [Feature] Mime_types: Add MIME_BAD_UNICODE rule
* [Feature] Mime_types: Use detected content type as well
* [Feature] Plugins: Add preliminary version of the external services plugin
* [Feature] Query sentinel on master errors
* [Feature] Regexp: Allow local lua functions in Rspamd regexp module
* [Feature] Rspamadm: Allow to append footers to plain messages
* [Feature] Rspamadm: Allow to rewrite headers in messages
* [Feature] Selectors: Add `ipmask` processor
* [Feature] Settings: Allow hostname match
* [Feature] Settings: Allow local when selecting settings
* [Feature] Settings: Allow multiple selectors
* [Feature] Settings: Allow to inverse conditions
* [Feature] Support User-Agent in HTTP requests
* [Feature] Support ed25519 dkim keys generation
* [Feature] Try to filter bad unicode types during normalisation
* [Feature] external_services - oletools (olefy) support
* [Feature] lua_scanners - icap protocol support
* [Feature] lua_scanners - spamassassin spam scanner
* [Fix] Add filter for absurdic URLs
* [Fix] Add some more cases for Received header
* [Fix] Allow to disable/enable composite symbols
* [Fix] Arc: Use a separated list of headers for arc signing
* [Fix] Archive: Final fixes for 7z archives
* [Fix] Clickhouse: Fix database usage
* [Fix] Controller: Make save stats timer persistent
* [Fix] Core: Detect encrypted rarv5 archives
* [Fix] Core: Don't detect language twice
* [Fix] Core: Fix address rotation bug
* [Fix] Core: Fix content calculations for message parts
* [Fix] Core: Fix emails comments parsing and other issues
* [Fix] Core: Fix etags support
* [Fix] Core: Fix headers folding on the last token
* [Fix] Core: Fix iso-8859-16 encoding
* [Fix] Core: Fix log_urls flag (and encrypted logging)
* [Fix] Core: Fix part length when dealing with boundaries
* [Fix] Core: Fix parts distance calculations
* [Fix] Core: Fix processing of NDNs of certain type
* [Fix] Core: Implement logic to find some bad characters in URLs
* [Fix] Core: treat nodes with ttl properly in lru cache
* [Fix] Fix Content-Type parsing
* [Fix] Fix HTTP headers signing case
* [Fix] Fix control interface
* [Fix] Fix deletion of the duplicate headers
* [Fix] Fix emails filtering in emails module
* [Fix] Fix greylisting log message and logic
* [Fix] Fix issues with storing of the accepted addr in rspamd control
* [Fix] Fix maps object update race condition
* [Fix] Fix memor leaks and whitespace processing
* [Fix] Fix processing of null bytes in headers
* [Fix] Fix rcpt_mime and from_mime in user settings
* [Fix] Fix rfc2047 decoding for CD headers
* [Fix] Fix rfc2231 for Content-Disposition header
* [Fix] Fix setting of the subject pattern in config
* [Fix] Greylist: fix records checking
* [Fix] HTML: Another HTML comments exception fix
* [Fix] HTML: Another entities decoding logic fix
* [Fix] HTML: Fix HTML comments with many dashes
* [Fix] HTML: Fix entities in HTML attributes
* [Fix] HTML: Fix some more SGML tags issues
* [Fix] Ignore whitespaces at the end of value in DKIM records
* [Fix] MID module: Fix DKIM domain matching
* [Fix] Milter_headers: Fix remove_upstream_spam_flag and modernise config
* [Fix] Mime_parser: Fix issue with parsing of the trailing garbadge
* [Fix] Mime_parser: Fix parsing of mime parts without closing boundary
* [Fix] Multimap: Fix operating with userdata
* [Fix] Process orphaned `symbols` section
* [Fix] Rdns: Fix multiple replies in fake replies
* [Fix] Rework groups scores definitions
* [Fix] Set proper element when reading data from Sentinel
* [Fix] Set rspamd user to initialise supplementary groups on reload
* [Fix] Settings: Fix selectors usage
* [Fix] Sort data received from Sentinel to avoid constant replacing
* [Fix] groups.conf - filename typo
* [Fix] lua_scanner - oletools typos, logging
* [Fix] lua_scanners - actions and symbol_fail
* [Fix] lua_scanners - fix luacheck
* [Fix] lua_scanners - kaspersky - response with fname
* [Fix] lua_scanners - savapi redis prefix
* [Fix] tests - antivirus - fprot symbols
* [Project] Add concept of flexible actions
* [Project] Add heuristical from parser to received parser
* [Project] Add new flags to clickhouse, redis and elastic exporters
* [Project] Attach new received parser
* [Project] Fallback to callbacks from coroutines
* [Project] Implement keep-alive support in lua_http
* [Project] Lua_udp: Implement fully functional client
* [Project] Plug keepalive knobs into http connection handling
* [Project] Rspamadm: Add `modify` tool
* [Rework] Convert rspamd-server to a shared library
* [Rework] Dcc: Rework DCC plugin
* [Rework] Enable explicit coroutines symbols
* [Rework] Rework telephone urls parsing logic
* [Rework] Rewrite RBL module
* [Rework] Settings: Rework settings check
* [Rework] Slashing: Distinguish lualibdir, pluginsdir and sharedir
* [Rework] Unify task_timeout
* [Rework] Use VEX instructions in assembly, relocate
* [WebUI] Notify user if uploaded data was not learned
* [WebUI] Remove redundant condition
1.8.3: 03 Dec 2018
* [CritFix] Make flags mutually exclusive for mime parts
* [CritFix] Strictly deny unencoded bad utf8 sequences in headers
* [Feature] Add Kaspersky antivirus support
* [Feature] Add method to get dkim results
* [Feature] Add more words regexp classes
* [Feature] Allow to choose words format in `rspamadm mime`
* [Feature] Allow to get all types of words from Lua
* [Feature] Allow to get task flags in C expressions
* [Feature] Allow to require encryption when accepting connections
* [Feature] Ignore bogus whitespaces in the words
* [Feature] Implement more strict configuration tests
* [Feature] Improve SPF results in Authentication-Results
* [Feature] Support ClickHouse database
* [Fix] Add failsafety for utf8 regexps
* [Fix] Do not trigger BROKEN_CONTENT_TYPE on innocent text parts
* [Fix] Emit error if connection has been terminated with no stop pattern
* [Fix] Fix boundaries checks in embedded messages
* [Fix] Fix double free
* [Fix] Perform policy downgrade on sample out, add tests
* [Fix] Properly escape utf8 regexps in hyperscan mode
* [Fix] Selectors - attachments args condition
* [Fix] Some fixes for raw parts
* [Fix] Treat learning errors as non-fatal
* [Fix] Use tld when looking for DKIM domains
* [Project] Words unicode structure rework
* [Project] Add preliminary Redis Sentinel support
* [Project] Improve Authentication-Results header
* [Project] Rework DKIM checks results
* [Project] Use more generalised API to produce meta words
1.8.2: 19 Nov 2018
* [Conf] Add DWL support in the default configuration
* [Conf] Disable rspamd_update by default (again)
* [Conf] Fix configuration sample for ratelimit
* [CritFix] Disable broken url tags by default
* [CritFix] Fix \0 processing when doing RSA sign
* [CritFix] Fix adding symbols to their primary groups
* [Feature] Add `rspamadm cookie` utility
* [Feature] Add specialised functions for generating encrypted cookies
* [Feature] Add support of cookies in replies module
* [Feature] Add support of words regexps
* [Feature] Allow to add 3rd party clang plugins
* [Feature] Allow to create lua regexps from glob or plain patterns
* [Feature] Allow to set custom limits for upstream lists
* [Feature] Detect orphaned parts and attach them to message
* [Feature] Filter tokens in bayes
* [Feature] Fold b= value when doing arc sealing
* [Feature] Ignore cookies in the future and too old in the past
* [Feature] Skip stop words in statistics
* [Feature] Store stop words and allow to query them
* [Feature] Support query arguments in controller's custom commands
* [Feature] Tune upstream limits in Rspamd proxy
* [Feature] Use different callback symbols for different uribls
* [Feature] Write DKIM selector in dkim allow/reject symbols
* [Fix] Add obs_fws state support to eoh state machine
* [Fix] Add sanity check when applying mime boundaries heuristic
* [Fix] Antivirus - virus names with 0 were recognized as tables
* [Fix] Disable headernames in bayes temporarily
* [Fix] Do not allow syntax errors in include files...
* [Fix] Do not allow to merge an object with an array (or vice versa)
* [Fix] Don't perform forged recipients check for missing recipients
* [Fix] Fix DKIM based RBLs
* [Fix] Fix actrie implementation (sync from upstream), fixed OOB read
* [Fix] Fix explicit methods call in selectors
* [Fix] Fix extraction of additional parts
* [Fix] Fix finalization for internal plugins
* [Fix] Fix override_defaults function
* [Fix] Fix squeezed symbols when using settings
* [Fix] Fix urls insertion in Clickhouse module
* [Fix] Furhter fixes to ratelimits logic
* [Fix] Ignore signatures when looking for boundaries
* [Fix] Properly set learned count
* [Fix] Really fix ratelimits configuration and work
* [Fix] Remove ambigious format flag from printf
* [Fix] Restore URLs exporting in ClickHouse plugin
* [Fix] Rework bayes calculations...
* [Fix] Switch from chi-square to naive for large Fisher value
* [Fix] Treat normal password as enable password if there is no enable password
* [Fix] Use proper syntax for making DNS requests
* [Fix] Various fixes in embedded plugins
* [Project] Change fuzzy check selection logic to lua_fuzzy library
* [Project] Rework async events and symbols
* [Project] Move all metatokens in Bayes to lua_stat from C
* [WebUI] Add history rows per page control
1.8.1: 16 Oct 2018
* [CritFix] Fix options insertion
* [CritFix] Fix words decay one more time (affects long messages)
* [CritFix] Increase default words_decay
* [CritFix] Plug memory leak in redis pool
* [Feature] Add `check_violation` feature to DKIM/ARC signing
* [Feature] Add only unique elements to Clickhouse url arrays
* [Feature] Allow `g+:` and `g-:` composite atoms
* [Feature] Allow dkim domains check in surbl
* [Feature] Allow maps with HTTP auth
* [Feature] Allow to disable actions by users settings
* [Feature] Extend whitelisting options
* [Feature] Store url object in images
* [Feature] Use verdict instead of the plain action in plugins
* [Fix] Allow to call fstring append with NULL string
* [Fix] DCC - luacheck
* [Fix] Do not load torch on each rspamadm invocation
* [Fix] Fix boundaries detection and rework stop words algorithm
* [Fix] Fix dependencies for DNS_SIGNED symbol
* [Fix] Fix errors when dealing with dynamic rates/bursts in Ratelimit
* [Fix] Fix groups mess
* [Fix] Fix groups mess
* [Fix] Fix parsing address with comments
* [Fix] Fix resolving in DMARC reports
* [Fix] Fix various issues with parsing of the received headers
* [Fix] Fix watchers issue in lua_tcp when doing no resolving
* [Fix] Plug memory leak in language detector (affects reloads)
* [Fix] Remove one letter stop words
* [Fix] Slashing: backport chunk logic from libucl
* [Fix] Stop libevent from using cached time in rspamadm
* [Fix] Try to fix watchers chaining
* [Fix] Various fixes in redis sync interface
* [Fix] ip_score - respect check_authed and check_local settings from config
* [Project] Rework passthrough actions
* [Project] Clustering module
* [Rework] Always create result for a task
* [Rework] Completely rewrite DMARC checks logic
* [Rework] Rework and fix whitelist plugin
* [WebUI] Add symbols sorting buttons
* [WebUI] Change symbols order without updating history
* [WebUI] Colorize symbols
* [WebUI] Do not display password form when secure_ip is set
* [WebUI] Fix symbol description tooltips display
* [WebUI] History: add sorting by symbol score value
Pyro 4.76
- corrected bogus space in worker thread name
- thread server can now be cleanly stopped with SIGINT / Ctrl-C on Windows
(if the selectors module is available which is also used by the multiplex server)
- the behavior of the NATPORT config item has been corrected to be in line with the API behavior of the Daemon:
if you leave this at 0 (the default), it will now correctly replicate the internal port number as NAT port
(instead of crashing with a configuration error)
- certs are now included in sdist archive so the ssl unit tests also run as intended
- now correctly checks for write access to the correct logfile location, instead of assuming the current directory
