Merge branch 'rspamd:master' into master

4 files changed, 77 insertions, 9 deletions

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 8028e170e..3d384fa1b 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -8,7 +8,7 @@
 CMAKE_MINIMUM_REQUIRED(VERSION 3.12 FATAL_ERROR)
 
 SET(RSPAMD_VERSION_MAJOR 3)
-SET(RSPAMD_VERSION_MINOR 10)
+SET(RSPAMD_VERSION_MINOR 11)
 SET(RSPAMD_VERSION_PATCH 0)
 
 # Keep two digits all the time
diff --git a/ChangeLog b/ChangeLog
index f749c7887..3bee75dd2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,66 @@
+3.10.0: 30 Sep 2024
+  * [Conf] Add SenderScore RPBL return codes
+  * [Conf] Add SenderScore Reputationlist RBL
+  * [Conf] Increase scores for strange things in the archives
+  * [CritFix] The max size for signing key is actually 65 bytes for p256
+  * [Feature] Add rspamadm secretbox command
+  * [Feature] Add rspamd_cxx_unit_cryptobox for unit testing
+  * [Feature] Add support for OpenSSL 3.0
+  * [Feature] Add support for OpenSSL 3.0 for DKIM
+  * [Feature] Add tests for rspamd_cryptobox
+  * [Feature] Add tooling to encrypt strings in Lua
+  * [Feature] Allow differen modes for fuzzy rules
+  * [Feature] Allow to set negative group score limit via `min_score`
+  * [Feature] DMARC: Implement reporting.only_domains setting
+  * [Fix] Add workaround for the bug in OpenSSL < 3.0.8
+  * [Fix] Another fix for Redis schema
+  * [Fix] Another safe-guards for learning/classifying an empty message
+  * [Fix] Apply the same workaround for signing keys
+  * [Fix] Check message before trying to dereference pointer
+  * [Fix] Do not install doctest stuff
+  * [Fix] Encode headers that we send to milter add header
+  * [Fix] Fix DCC `rep` handling
+  * [Fix] Fix Redis scripts uploading when Redis is not ready
+  * [Fix] Fix and rework various parts
+  * [Fix] Fix compatibility with OSSL 1.0
+  * [Fix] Fix glib internals by setting locale in `rspamc`
+  * [Fix] GPT: Fix bug in condition check
+  * [Fix] Get rid of EVP_PKEY_CTX_set1_rsa_keygen_pubexp
+  * [Fix] Iterate over dynamic keys in fuzzy storage
+  * [Fix] Make tostring in UCL a bit less brain-damaged
+  * [Fix] More bogus sizes fix
+  * [Fix] Preserve the previous behaviour of RDNS_* checks
+  * [Fix] Rework DMARC to correctly handle spaces in DMARC records Issue: #4906
+  * [Fix] Sign key != encryption key, omg
+  * [Fix] Unify lua symbols registration
+  * [Fix] Use proper keys when doing asymmetric encryption
+  * [Project] Add API method to push unwrapped UCL object
+  * [Project] Add more stuff to transparent UCL
+  * [Project] Add parsing of key limits and expire date
+  * [Project] Add ratelimit parsing for fuzzy keys
+  * [Project] Allow manipulations with opaque UCL objects
+  * [Project] Allow to change log tag from HTTP request
+  * [Project] Implement expiration
+  * [Project] Implement per-key ratelimit
+  * [Project] Move ratelimit parsing stuff to a common library
+  * [Project] Remove NIST (OpenSSL) mode from cryptobox
+  * [Project] Remove NIST mode from everywhere
+  * [Project] Rework ratelimits check
+  * [Project] Some more fixes
+  * [Project] Start support of MIME UTF8
+  * [Project] Try to allow more transparent access of ucl elements
+  * [Rework] Allow more flexible keypair encoding
+  * [Rework] Breaking: Rewrite cfg transform and remove legacy
+  * [Rework] Change fuzzy error symbols
+  * [Rework] Change the logic of skipping symbols
+  * [Rework] Clean up legacy code
+  * [Rework] Implement new replies logic on the server's side
+  * [Rework] Remove control block support
+  * [Rework] Resolve rdns in a separate function
+  * [Rework] Use __builtin_cpu_supports where possible
+  * [Rework] Use a more straight structure for DKIM keys
+  * [Rules] Fix some old rules
+
 3.9.1: 23 Jul 2024
   * [Conf] Spf: Add R_SPF_PLUSALL symbol with some score
   * [Feature] Spf: Treat SPF +all in a special way
diff --git a/contrib/libucl/lua_ucl.c b/contrib/libucl/lua_ucl.c
index 19ac9cb12..473aefe0c 100644
--- a/contrib/libucl/lua_ucl.c
+++ b/contrib/libucl/lua_ucl.c
@@ -1426,7 +1426,7 @@ lua_ucl_newindex(lua_State *L)
 
 	if (ucl_object_type(obj) == UCL_OBJECT) {
 		if (key_type == LUA_TSTRING) {
-			lua_Integer keylen;
+			size_t keylen;
 			const char *key = lua_tolstring(L, 2, &keylen);
 
 			ucl_object_t *value_obj = lua_ucl_object_get(L, 3);
@@ -1539,7 +1539,7 @@ lua_ucl_newindex(lua_State *L)
 			obj->value.av = NULL;
 			obj->type = UCL_OBJECT;
 
-			lua_Integer keylen;
+			size_t keylen;
 			const char *key = lua_tolstring(L, 2, &keylen);
 
 			ucl_object_t *value_obj = lua_ucl_object_get(L, 3);
diff --git a/lualib/lua_scanners/dcc.lua b/lualib/lua_scanners/dcc.lua
index 8d5e9e10a..186d1543d 100644
--- a/lualib/lua_scanners/dcc.lua
+++ b/lualib/lua_scanners/dcc.lua
@@ -198,13 +198,18 @@ local function dcc_check(task, content, digest, rule)
             local opts = {}
             local score = 0.0
             info = info:lower()
-            local rep = info:match('rep=([^=%s]+)')
+            local rep = info:match('rep=(%d+)')
 
             -- Adjust reputation if available
             if rep then
-              rep = tonumber(rep)
-            end
-            if not rep then
+              rep = (tonumber(rep) or 100.0) / 100.0
+
+              if rep > 1.0 then
+                rep = 1.0
+              elseif rep < 0.0 then
+                rep = 0.0
+              end
+            else
               rep = 1.0
             end
 
@@ -213,12 +218,12 @@ local function dcc_check(task, content, digest, rule)
               if num == 'many' then
                 rnum = lim
               else
-                rnum = tonumber(num)
+                rnum = tonumber(num) or lim
               end
 
               if rnum and rnum >= lim then
                 opts[#opts + 1] = string.format('%s=%s', what, num)
-                score = score + rep / 3.0
+                score = score * rep
               end
             end