head 1.3; access; symbols pkgsrc-2026Q1:1.3.0.4 pkgsrc-2026Q1-base:1.3 pkgsrc-2025Q4:1.3.0.2 pkgsrc-2025Q4-base:1.3 pkgsrc-2025Q3:1.1.0.14 pkgsrc-2025Q3-base:1.1 pkgsrc-2025Q2:1.1.0.12 pkgsrc-2025Q2-base:1.1 pkgsrc-2025Q1:1.1.0.10 pkgsrc-2025Q1-base:1.1 pkgsrc-2024Q4:1.1.0.8 pkgsrc-2024Q4-base:1.1 pkgsrc-2024Q3:1.1.0.6 pkgsrc-2024Q3-base:1.1 pkgsrc-2024Q2:1.1.0.4 pkgsrc-2024Q2-base:1.1 pkgsrc-2024Q1:1.1.0.2; locks; strict; comment @# @; 1.3 date 2025.11.16.21.39.50; author wiz; state Exp; branches; next 1.2; commitid 6VyWnC8U2BwGcPiG; 1.2 date 2025.11.02.21.17.43; author wiz; state Exp; branches; next 1.1; commitid uaJdJjaAbk65x1hG; 1.1 date 2024.05.16.15.22.14; author taca; state Exp; branches 1.1.2.1; next ; commitid gLliWGZvSDIlLeaF; 1.1.2.1 date 2024.05.16.15.22.14; author bsiegert; state dead; branches; next 1.1.2.2; commitid PS7ANWrAQDfbK7fF; 1.1.2.2 date 2024.06.23.15.58.45; author bsiegert; state Exp; branches; next ; commitid PS7ANWrAQDfbK7fF; desc @@ 1.3 log @rspamd: update to 3.14.0. 3.14.0: 10 Nov 2025 * [Feature] Fuzzy check: Add HTML fuzzy hashing for structural similarity matching * [Feature] Fuzzy check: Add per-rule text_hashes toggle for HTML-only fuzzy rules * [Feature] Fuzzy check: Add structured checks configuration with backward compatibility * [Feature] Fuzzy storage: Implement full TCP protocol support with auto-switch * [Feature] Fuzzy check: Add TCP connection management and error handling * [Feature] URL: Add task:get_cta_urls() API for proper CTA domain extraction * [Feature] URL: Move CTA processing into dedicated module * [Feature] URL: Add url:get_hash() method for efficient deduplication without string conversion * [Feature] GPT: Add web search context support with Redis caching * [Feature] HTML: Add infrastructure for async URL rewriting with Lua bindings * [Feature] HTML: Add task:rewrite_html_urls() and task:get_html_urls() Lua API * [Feature] WebUI: Implement dark mode with theme toggle and auto detection * [Feature] Aliases: Add advanced resolution with loop detection for converging paths * [Feature] Milter: Add ESMTP argument parsing with Lua API access * [Feature] Milter: Add per-recipient ESMTP args parsing and metadata access * [Feature] Milter: Support array of positions for remove_headers operations * [Feature] Proxy: Add client IP preservation in message headers through chain * [Feature] Rspamc: Add milter.add_headers object format support to --mime * [Feature] Configwizard: Add Postfix integration wizard using postconf utility * [Feature] Build: Add comprehensive BSD workflows (FreeBSD, NetBSD, OpenBSD) with Lua version selection * [Feature] Build: Add automated code review GitHub Actions workflow with Rspamd-specific guidelines * [Feature] Build: Add Docker-based integration test suite with ASAN and real corpus * [Feature] Build: Add automatic public suffix list synchronization * [Feature] Multimap: Add support for symbols with leading numerals * [Feature] DMARC: Add Auto-Reply-To and Precedence headers to prevent out-of-office replies * [Feature] Platform: Add NetBSD memory usage tracking support * [Feature] Utilities: Add fuzzy Redis migration utility * [Feature] Bayes: Allow skipping local/authenticated mail in autolearn condition * [Feature] ARC: Add DKIM signing key API for flexible ARC signing * [Feature] Logger: Add type specifiers support for better formatting * [Feature] Heap: Add rspamd_heap_push_slot to eliminate double allocation * [Fix] DNS: Preserve req->pos during reply validation to prevent packet truncation on UDP-to-TCP retransmits * [Fix] DNS: Regenerate transaction ID before copying to TCP buffer to avoid collisions * [Fix] DNS: Fix nameserver round-robin when using /etc/resolv.conf * [Fix] DNS: Fix TCP uninitialized memory leak * [Fix] DMARC: Add batching and forced GC for Redis connections to prevent pool exhaustion * [Fix] DMARC: Validate and normalize batch_size to prevent fractional indexing and loop errors * [Fix] DMARC: Refactor reporting to use helper functions and async maps * [Fix] Allocator: Fix jemalloc/system malloc mixing in getline() to prevent crashes * [Fix] Allocator: Fix allocator mismatches in hiredis * [Fix] Allocator: Fix allocator mismatches in libucl * [Fix] Hyperscan: Use runtime version instead of compile-time for database validation * [Fix] Hyperscan: Auto-recreate invalid unserialized cache files on version mismatch * [Fix] Memory: Fix leaks in fuzzy storage khash tables * [Fix] Memory: Fix leaks in upstream address parsing * [Fix] Memory: Fix leaks in *-any address parsing * [Fix] Memory: Fix OpenSSL providers cleanup * [Fix] Memory: Fix UCL object memory leak in Lua integration * [Fix] Memory: Fix stat metadata tokenization leak * [Fix] Fuzzy TCP: Fix double-release in fuzzy_tcp_session * [Fix] Fuzzy TCP: Fix refcount leak in destructor * [Fix] Fuzzy TCP: Fix timeout handling and buffer overflow * [Fix] Fuzzy TCP: Fix endianness mismatch in framing protocol * [Fix] Fuzzy TCP: Fix race conditions and fd reuse bugs * [Fix] Fuzzy TCP: Use pure ev_timer for session timeouts * [Fix] Fuzzy TCP: Fix server replies and client event handling * [Fix] Shutdown: Keep srv events active during shutdown to track auxiliary processes * [Fix] ARC: Restore strict header ordering to comply with RFC 8617 * [Fix] ARC: Add ed25519 key support * [Fix] Composites: Implement two-phase evaluation for postfilter dependencies * [Fix] Composites: Use null-terminated string for symbol lookup * [Fix] URL: Refactor extraction to prevent DoS with hash-based deduplication * [Fix] URL: Add 50k URL limit with warning for DoS protection * [Fix] URL: Skip HTML_DISPLAYED URLs in CTA detection * [Fix] URL: Fix CTA priority preservation in extract_specific_urls * [Fix] Bayes: Improve Redis server discovery * [Fix] Bayes: Only bypass learn when header value matches * [Fix] ESMTP: Robust per-recipient parsing in milter with safe cursor advance * [Fix] ESMTP: Refcount ESMTP args in proxy_session_refresh to avoid use-after-free * [Fix] ESMTP: Correct Lua stack cleanup in lua_task_get_rcpt_esmtp_args * [Fix] HTML: Correct attribute value offset calculation for URL rewriting * [Fix] HTML: Add HTML entity encoding for URL rewriting * [Fix] HTML: Fix segfault due to incorrect HTML features access * [Fix] HTML: Fix frequency-based ordering in domain hashing * [Fix] HTML: Fix shingles hash generation bugs * [Fix] HTML: Fix memory leaks in shingles generation * [Fix] HTML: Fix memory management in html_cta.process_html_links * [Fix] HTML: Fix CSS class normalization in fuzzy tokens * [Fix] HTML: Fix cache key collision between text and HTML fuzzy hashes * [Fix] OpenBSD: Fix kinfo_proc structure member names * [Fix] OpenBSD: Disable Hyperscan (not available) * [Fix] FreeBSD: Fix zstd package name * [Fix] FreeBSD: Add IGNORE_OSVERSION for package version mismatches * [Fix] NetBSD: Setup pkgin and PKG_PATH before installing packages * [Fix] NetBSD: Fix missing dependencies and package names * [Fix] BSD: Remove -j flag from ninja in all BSD workflows * [Fix] Multimap: Handle symbols with leading numerals * [Fix] Aliases: Prevent creation of malformed email addresses * [Fix] Aliases: Fix alias loop detection for converging paths * [Fix] Aliases: Fix is_local_domain to support backend objects * [Fix] Aliases: Correct to_local when no recipients present * [Fix] Aliases: Fix set_addr validation to prevent malformed addresses * [Fix] MIME: Remove Authentication-Results and anonymize envelope-from in Received headers * [Fix] Mempool: Prevent double-free in destructor cleanup * [Fix] Rspamadm: Unbreak dnstool command * [Fix] Integration tests: Fix ASAN configuration and startup diagnostics * [Minor] Replace GHashTable with khash in fuzzy_check.c and lua_textpart_get_cta_urls * [Minor] Update cache key prefix to match module name in llm_search_context * [Minor] Fix llm_search_context to follow Rspamd idioms * [Minor] Refactor llm_search_context to use lua_cache module * [Minor] Address review comments in various modules * [Minor] Fix droid usage * [Minor] Use GPT-5 Codex for code reviews * [Minor] Update libucl with automatic stack management * [Rework] Prioritize CTA URLs in redirector and Lua helpers * [Rework] RBL configuration: Add new from selectors, content_urls checks, and lower_utf8 for hashed domains * [Rework] Make Bayes learn guards configurable * [Rework] Refactor element visibility control to use Bootstrap classes * [Rework] Use postconf utility for Postfix configuration in configwizard * [Rework] Remove Lua-level HTTP header parsing in ESMTP args getters * [Rework] Add CFG_REF_* macros with debug logging for config refcounting * [Rework] Move OpenSSL providers from global to libs_ctx * [Rework] Convert heap to fully intrusive kvec-based implementation * [Rework] Add specialized pool types for long-lived and short-lived allocations * [Rework] Improve memory pool destructors with smart preallocation based on pool type * [Project] Restrict code review workflow to authorized maintainers * [Project] Add Claude Code and Cursor AI assistant configuration * [WebUI] Replace Glyphicons with FontAwesome SVG icons * [WebUI] Update CodeJar to version 4.3.0 * [WebUI] Update Node.js and ESLint * [WebUI] Update D3-based visualization libs * [WebUI] Replace deprecated alert-error class with alert-danger * [WebUI] Add search syntax hint to history table filter input * [WebUI] Fix theme toggle default to auto * [WebUI] Keep classifiers list when request is skipped * [WebUI] Repopulate classifier dropdown * [WebUI] Add comment for removeEventListener * [WebUI] Fix icon rendering race condition in tab initialization * [Test] Add comprehensive Lua unit tests for HTML URL rewriting * [Test] Add unit tests for HTML URL rewriting patch engine * [Test] Add functional tests for HTML fuzzy hashing * [Test] Add ARC chain verification tests with multiple signatures * [Test] Add e2e for classifier dropdown population * [Test] Multimap symbol with leading numerals * [Test] Sync public suffix list automatically * [Test] Update JS linters * [Test] Fix integration test environment variable passing * [Test] Add detailed error output for integration test failures @ text @$NetBSD$ os.date() require integer as second argument but get_date() returns float on NetBSD. So, convert return value of get_date() to integer. This fix is provided from Yoshitaka Tokugawa . --- src/plugins/lua/dmarc.lua.orig 2025-11-16 21:33:51.465412541 +0000 +++ src/plugins/lua/dmarc.lua @@@@ -296,7 +296,7 @@@@ local function dmarc_validate_policy(tas -- Prepare and send redis report element local period = os.date('%Y%m%d', - task:get_date({ format = 'connect', gmt = false })) + math.floor(task:get_date({ format = 'connect', gmt = false }))) -- Dmarc domain key must include dmarc domain, rua and period local dmarc_domain_key = table.concat( @ 1.2 log @rspamd: update to 3.13.2. 3.13.2 What's Changed [Feature] Add user/domain context support for LLM-based classification by @@vstakhov in #5647 Implement Metadefender hash lookup module by @@vstakhov in #5656 Add vault kv version 2 support by @@vstakhov in #5654 Fix duplicate symbol in once_received plugin by @@vstakhov in #5658 [Fix] Enforce server-controlled HTTP map refresh intervals by @@vstakhov in #5660 [Fix] Propagate unused Redis Sentinel options by @@fatalbanana in #5597 Fix rspamd dkim key loading for ed25519 by @@vstakhov in #5664 Fix dkim relaxed bodyhash calculation for spaces by @@vstakhov in #5662 Feat: Added rua address exclusion in dmarc.lua by @@croessner in #5653 [Feature] Add separate encryption keys for read/write operations in fuzzy_check by @@vstakhov in #5665 3.13.1 Added Archive module: Full support for encrypted ZIP archives, including both ZipCrypto and AES encryption; both reading and writing of AES-encrypted ZIP archives is supported with updated Lua bindings using libarchive for flexible compatibility with all standard ZIP encryption schemes Encrypted maps: Support for encrypted maps to enable new map distribution scenarios Redis TLS: Configurable TLS connections in Redis backend for improved compatibility in secure environments Improved MIME encoding refactoring: Major overhauls and multiple fixes for MIME encoding logic, including improved handling and decoding of UTF-8 in MIME headers, resulting in more robust email processing and better compatibility Learning system: Numerous fixes to learn checks and autolearn flag handling, prevention of duplicate message learning, and extended multiclass learning test coverage Map helpers alignment: Map helpers now enforced to be aligned to 64 bytes to prevent unaligned memory access errors on certain platforms CLI enhancements: Enhanced secretbox CLI and additional security test coverage Platform compatibility: Improved compatibility with Lua versions above 5.1 and better support for 32-bit platforms Fixed Critical fixes: Fixed bug when converting zero-length strings to numbers XML parsing: Fixed XML prolog detection in lua_magic module Build issues: Fixed build issues on 32-bit platforms Empty input handling: Addressed issues with empty input handling in lua_magic Test stability: Improved stability of automated testing with multiple miscellaneous test fixes Compatibility: Minor compatibility improvements and bugfixes (buffer allocation, missing cmath include, etc.) This release introduces archive module extensibility with full encrypted archive support including AES, new map distribution capabilities, secure integration options with Redis TLS, robust email and message processing improvements, and bugfixes for broader platform compatibility. This is recommended as a major stability and feature update. 3.13.0 Highlights & Major Features Since 3.12.1 1. Multiclass Bayes Classification ([#5547](#5547)) Bayesian classifiers now support multi-class differentiation—labels like spam, ham, transactional, newsletters, phishing, and more (2-20 classes supported). Efficient: all classes for a message handled in a single Redis call. Backward compatible with old config (is_spam); new config enables named classes and labels. Autolearn and Lua API support multiclass workflows. Fully class-aware Redis caching. Examples: rspamc learn_class:transactional receipt.eml or rspamc learn_class:newsletter newsletter.eml Lua API: task:get_multiclass_result() gives class probabilities and confidence. 2. Neural Module Overhaul ([#5579](#5579)) Complete rework into a provider-based architecture: combines symbols, LLM embeddings (OpenAI, etc.), and planned providers (Bayes/FastText, in the future). Pluggable fusion—multiple feature types can be combined for richer, more accurate classification. Trained normalization (unit/zscore/none), used consistently at training/inference. Redis-backed caching for LLM embeddings to control cost/latency. Configurable via providers, versioned for safe upgrades, fully backwards compatible. 3. Multimap Selectors & Regex Enhancements ([#5615](#5615)) Powerful, SA-style “selector” rules in multimap module for regex filtering on message fields. Dedicated selector field, integrated with Hyperscan and regex cache. Example: selector FROM_CORP from:domain =~ /corp\.example$/i 4. MIME & HTML Feature Extraction ([#5619](#5619), [#5608](#5608)) MIME parser detects part types automatically. HTML parser project extracts more features for downstream modules. 5. HTTP, DNS, Upstream Improvements ([#5614](#5614), [#5603](#5603), [#5601](#5601)) Flexible HTTP timeout config and handling. Upstream reliability: probe mode, less need for forced revive. DNS nameserver resolution moved to getaddrinfo. 6. Modernization & Maintenance ([#5592](#5592), [#5598](#5598), [#5580](#5580), others) Standardized on C++20; builds, test, and CI improvements (ARM support, modern fallback maps). Regular code cleaning, bugfixes, and RPM tweaks. 7. WebUI & UX ([#5606](#5606), [#5607](#5607)) E2E scan test flows in WebUI. Bootstrap upgrade, Bayes class management from the web interface. 8. GPT & LLM Integrations ([#5612](#5612), [#5572](#5572)) Improved handling of GPT model parameters and prompts. Initial support for OpenAI GPT-5 and other models. Notable Bugfixes & Maintenance DCC plugin rewritten ([#5602](#5602)), optimized. DKIM relaxed body canonicalization ([#5593](#5593)), multimap, WebUI and configuration reliability increased. Numerous minor bugfixes, build and CI improvements. Projects & Modules Affected Core: Multiclass Bayes, Neural/LLM fusion Filtering: Multimap selectors, regex & Hyperscan Protocols: HTTP, DNS Web: WebUI, Bootstrap Plugins: DCC, DKIM, GPT, Neural @ text @d1 1 a1 1 $NetBSD: patch-src_plugins_lua_dmarc.lua,v 1.1 2024/05/16 15:22:14 taca Exp $ d8 1 a8 1 --- src/plugins/lua/dmarc.lua.orig 2025-10-05 18:04:57.000000000 +0000 d10 1 a10 1 @@@@ -323,7 +323,7 @@@@ local function dmarc_validate_policy(tas d12 4 a15 4 -- Prepare and send redis report element local period = os.date('%Y%m%d', - task:get_date({ format = 'connect', gmt = false })) + math.floor(task:get_date({ format = 'connect', gmt = false }))) d17 2 a18 2 -- Dmarc domain key must include dmarc domain, rua and period local dmarc_domain_key = table.concat( @ 1.1 log @mail/rspamd: fix DMARC report on NetBSD Fix DMARC report on NetBSD. os.date() require integer as second argument but get_date() returns float on NetBSD. So, convert return value of get_date() to integer. Without this change, data required for DMARC report would not be stored to Redis. This fix is provided from Yoshitaka Tokugawa . Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ d8 1 a8 1 --- src/plugins/lua/dmarc.lua.orig 2024-02-26 09:36:56.000000000 +0000 d10 1 a10 1 @@@@ -310,7 +310,7 @@@@ local function dmarc_validate_policy(tas d14 2 a15 2 - task:get_date({ format = 'connect', gmt = false })) + math.floor(task:get_date({ format = 'connect', gmt = false }))) @ 1.1.2.1 log @file patch-src_plugins_lua_dmarc.lua was added on branch pkgsrc-2024Q1 on 2024-06-23 15:58:45 +0000 @ text @d1 18 @ 1.1.2.2 log @Pullup ticket #6862 - requested by taca mail/rspamd: NetBSD bugfix Revisions pulled up: - mail/rspamd/Makefile 1.104-1.105 - mail/rspamd/cfgfiles.mk 1.10 - mail/rspamd/distinfo 1.58 - mail/rspamd/files/rspamd.sh 1.3 - mail/rspamd/patches/patch-src_plugins_lua_dmarc.lua 1.1 --- Module Name: pkgsrc Committed By: taca Date: Thu Apr 25 15:19:22 UTC 2024 Modified Files: pkgsrc/mail/rspamd: Makefile pkgsrc/mail/rspamd/files: rspamd.sh Log Message: mail/rspamd: allow rc.d script to reload Bump PKGREVISION. --- Module Name: pkgsrc Committed By: taca Date: Thu May 16 15:22:14 UTC 2024 Modified Files: pkgsrc/mail/rspamd: Makefile cfgfiles.mk distinfo Added Files: pkgsrc/mail/rspamd/patches: patch-src_plugins_lua_dmarc.lua Log Message: mail/rspamd: fix DMARC report on NetBSD Fix DMARC report on NetBSD. os.date() require integer as second argument but get_date() returns float on NetBSD. So, convert return value of get_date() to integer. Without this change, data required for DMARC report would not be stored to Redis. This fix is provided from Yoshitaka Tokugawa . Bump PKGREVISION. @ text @a0 18 $NetBSD: patch-src_plugins_lua_dmarc.lua,v 1.1 2024/05/16 15:22:14 taca Exp $ os.date() require integer as second argument but get_date() returns float on NetBSD. So, convert return value of get_date() to integer. This fix is provided from Yoshitaka Tokugawa . --- src/plugins/lua/dmarc.lua.orig 2024-02-26 09:36:56.000000000 +0000 +++ src/plugins/lua/dmarc.lua @@@@ -310,7 +310,7 @@@@ local function dmarc_validate_policy(tas -- Prepare and send redis report element local period = os.date('%Y%m%d', - task:get_date({ format = 'connect', gmt = false })) + math.floor(task:get_date({ format = 'connect', gmt = false }))) -- Dmarc domain key must include dmarc domain, rua and period local dmarc_domain_key = table.concat( @