diff --git a/rspamd-2.5.tar.gz b/rspamd-2.5.tar.gz
deleted file mode 100644
index c8d4dd7..0000000
--- a/rspamd-2.5.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ef66073079cf02bda8f31e861ff3a34467a957d6c3958c118e142915ef960038
-size 4490310
diff --git a/rspamd-2.6.tar.gz b/rspamd-2.6.tar.gz
new file mode 100644
index 0000000..f15e278
--- /dev/null
+++ b/rspamd-2.6.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:002aee47dc4d6f8c6c0572b58ccb0cbcbb9bb7689442c33a5a5cf893e72506db
+size 5079444
diff --git a/rspamd-gcc10-buildfix.patch b/rspamd-gcc10-buildfix.patch
deleted file mode 100644
index e83d793..0000000
--- a/rspamd-gcc10-buildfix.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-commit 06c6c939ae59516a720f0cfc5a29e214b6569476
-Author: Heiko Becker <heirecka@exherbo.org>
-Date:   Sat Apr 4 00:15:28 2020 +0200
-
-    [Minor] Cherry-pick a fix for replxx to build with gcc10
-    
-    723d9c84869511dfb5e63f5c3d3372ac38114713 in replxx's git.
-    
-    Building rspamd with gcc10 errors out with "'runtime_error' is not a
-    member of 'std'" otherwise.
-
-diff --git a/contrib/replxx/src/io.cxx b/contrib/replxx/src/io.cxx
-index a09886701..8df176d1c 100644
---- a/contrib/replxx/src/io.cxx
-+++ b/contrib/replxx/src/io.cxx
-@@ -3,6 +3,7 @@
- #include <cstdlib>
- #include <cstring>
- #include <array>
-+#include <stdexcept>
- 
- #ifdef _WIN32
- 
diff --git a/rspamd-moonjit.patch b/rspamd-moonjit.patch
deleted file mode 100644
index f68cae6..0000000
--- a/rspamd-moonjit.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-Index: b/cmake/FindLua.cmake
-===================================================================
---- a/cmake/FindLua.cmake
-+++ b/cmake/FindLua.cmake
-@@ -16,6 +16,7 @@ MACRO(FindLua)
-                 "${RSPAMD_SEARCH_PATH}" "${LUA_ROOT}"
-                 $ENV{LUA_DIR}
-                 PATH_SUFFIXES "include/luajit-2.0"
-+		"include/moonjit-2.2"
-                 "include/luajit-2.1"
-                 "include/luajit${LUA_VERSION_MAJOR}${LUA_VERSION_MINOR}"
-                 "include/luajit${LUA_VERSION_MAJOR}.${LUA_VERSION_MINOR}"
-@@ -111,4 +112,4 @@ MACRO(FindLua)
-             MESSAGE(STATUS "Found lua ${LUA_VERSION_MAJOR}.${LUA_VERSION_MINOR} in lib:${LUA_LIBRARY}, headers:${LUA_INCLUDE_DIR}")
-         ENDIF(ENABLE_LUAJIT MATCHES "ON")
-     ENDIF(LUA_LIBRARY AND LUA_INCLUDE_DIR)
--ENDMACRO()
-\ No newline at end of file
-+ENDMACRO()
-Index: b/src/lua/lua_common.h
-===================================================================
---- a/src/lua/lua_common.h
-+++ b/src/lua/lua_common.h
-@@ -41,11 +41,16 @@ luaL_register (lua_State *L, const gchar
- #endif
- 
- #if defined(LUA_VERSION_NUM) && LUA_VERSION_NUM == 501
-+#if 0
-+/* FIXME: need to check for LUAJIT_VERSION_NUM for moonjit
-+          but cannot just include luajit.h unconditionally here 
-+*/
- static inline int lua_absindex (lua_State *L, int i) {
- 	if (i < 0 && i > LUA_REGISTRYINDEX)
- 		i += lua_gettop(L) + 1;
- 	return i;
- }
-+#endif
- static inline int lua_rawgetp (lua_State *L, int i, const void *p) {
- 	int abs_i = lua_absindex(L, i);
- 	lua_pushlightuserdata(L, (void*)p);
diff --git a/rspamd.changes b/rspamd.changes
index c6f4e7e..5e06c8e 100644
--- a/rspamd.changes
+++ b/rspamd.changes
@@ -1,3 +1,33 @@
+-------------------------------------------------------------------
+Fri Oct  9 17:51:10 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
+
+- fix apparmor profile
+  - allow reading the webapp dir to make the builtin webserver work
+  - modernize the profile to use a short profile name
+  - remove php abstraction, replaced with rule to read the icu data
+    files
+  - remove all file rules that are covered by the base and
+    nameservice abstraction
+  - allow include (with "if exists) for local/rspamd and
+    local/usr.bin.rspamd (for backrwards compat)
+
+-------------------------------------------------------------------
+Mon Oct  5 10:42:14 UTC 2020 - Bernhard Wiedemann <bwiedemann@suse.com>
+
+- Add usr.bin.rspamd apparmor profile
+
+-------------------------------------------------------------------
+Thu Oct  1 09:39:29 UTC 2020 - Bernhard Wiedemann <bwiedemann@suse.com>
+
+- update to 2.6
+  * https://rspamd.com/announce/2020/09/30/rspamd-2.6.html
+  * Rework neural network plugin
+  * Rework bitcoin detection library
+  * Fix IDNA bugs
+  * Send more fuzzy module telemetry data to rspamd servers
+  * Drop upstream rspamd-gcc10-buildfix.patch
+  * Drop rspamd-moonjit.patch
+
 -------------------------------------------------------------------
 Wed Aug 12 03:34:28 UTC 2020 - Bernhard Wiedemann <bwiedemann@suse.com>
 
diff --git a/rspamd.spec b/rspamd.spec
index af47630..8a554cb 100644
--- a/rspamd.spec
+++ b/rspamd.spec
@@ -2,6 +2,7 @@
 # spec file for package rspamd
 #
 # Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -31,11 +32,6 @@
   %if (0%{?suse_version} >= 1315)
     %bcond_without luajit
   %endif
-
-  # Tumbleweed and Leap 15.2 uses moonjit:
-  %if (0%{?suse_version} > 1500) || (0%{?sle_version} >= 150200 && 0%{?is_opensuse})
-    %bcond_without moonjit
-  %endif
 %endif
 
 %if 0%{?suse_version} >= 1500 && ! 0%{?sle_version}
@@ -55,24 +51,26 @@
 
 %global _wwwdir /srv/www/webapps
 
+%if 0%{?suse_version} && 0%{?suse_version} < 1500
+%global force_gcc_version 9
+%endif
+
 Name:           rspamd
-Version:        2.5
+Version:        2.6
 Release:        0
 License:        Apache-2.0
 Summary:        Spam filtering system
 Url:            https://rspamd.com/
 Group:          Productivity/Networking/Email/Utilities
 Source0:        https://github.com/rspamd/rspamd/archive/%{version}/%{name}-%{version}.tar.gz
+Source1:        usr.bin.rspamd
 Patch0:         rspamd-conf.patch
 Patch1:         rspamd-after-redis-target.patch
-Patch2:         rspamd-moonjit.patch
-# PATCH-FIX-UPSTREAM
-Patch3:         rspamd-gcc10-buildfix.patch
 BuildRequires:  cmake
 BuildRequires:  curl-devel
 BuildRequires:  db-devel
 BuildRequires:  file-devel
-BuildRequires:  gcc-c++
+BuildRequires:  gcc%{?force_gcc_version}-c++
 BuildRequires:  gd-devel
 %if %{with hyperscan}
 BuildRequires:  hyperscan-devel
@@ -122,6 +120,8 @@ Requires:  rspamd-client = %{version}
 %else
 Conflicts: rspamd-client
 %endif
+BuildRequires:  apparmor-abstractions
+Requires:       apparmor-abstractions
 
 %description
 Rspamd is a spam filtering system that allows evaluation of messages
@@ -157,12 +157,12 @@ This package holds the client tools (rspamc and rspamadm)
 %setup -q
 %patch0 -p1
 %patch1 -p1
-%if %{with moonjit}
-%patch2 -p1
-%endif
-%patch3 -p1
 
 %build
+%if 0%{?force_gcc_version}
+export CC="gcc-%{?force_gcc_version}"
+export CXX="g++-%{?force_gcc_version}"
+%endif
 %cmake                                      \
 %if 0%{suse_version} == 1315
   -DCMAKE_USER_MAKE_RULES_OVERRIDE=""       \
@@ -258,6 +258,9 @@ cat > %{buildroot}%{_sysconfdir}/%{name}/local.d/worker-proxy.inc << EOF
 EOF
 
 install -d -m 0755 %{buildroot}%{_sysconfdir}/%{name}/override.d
+mkdir -p %{buildroot}%{_sysconfdir}/apparmor.d/local/
+install -D -m644 %{SOURCE1} %{buildroot}%{_sysconfdir}/apparmor.d/usr.bin.rspamd
+echo "# Site-specific additions and overrides for 'usr.bin.rspamd'" > %{buildroot}%{_sysconfdir}/apparmor.d/local/usr.bin.rspamd
 
 %pre
 %{_sbindir}/groupadd -r %{rspamd_group} 2>/dev/null || :
@@ -308,6 +311,9 @@ install -d -m 0755 %{buildroot}%{_sysconfdir}/%{name}/override.d
 %{_libdir}/rspamd/librspamd-kann.so
 %{_libdir}/rspamd/librspamd-replxx.so
 
+%config %{_sysconfdir}/apparmor.d/usr.bin.rspamd
+%config(noreplace) %{_sysconfdir}/apparmor.d/local/usr.bin.rspamd
+
 %dir %{_sysconfdir}/rspamd/
 %config %{_sysconfdir}/rspamd/actions.conf
 %config %{_sysconfdir}/rspamd/cgp.inc
@@ -498,6 +504,7 @@ install -d -m 0755 %{buildroot}%{_sysconfdir}/%{name}/override.d
 %{_datadir}/rspamd/lualib/lua_ffi/common.lua
 %{_datadir}/rspamd/lualib/lua_ffi/dkim.lua
 %{_datadir}/rspamd/lualib/lua_ffi/init.lua
+%{_datadir}/rspamd/lualib/lua_ffi/linalg.lua
 %{_datadir}/rspamd/lualib/lua_ffi/spf.lua
 
 %dir %{_datadir}/rspamd/lualib/lua_magic
@@ -526,6 +533,7 @@ install -d -m 0755 %{buildroot}%{_sysconfdir}/%{name}/override.d
 %{_datadir}/rspamd/lualib/lua_scanners/virustotal.lua
 
 %dir %{_datadir}/rspamd/lualib/lua_selectors
+%{_datadir}/rspamd/lualib/lua_selectors/common.lua
 %{_datadir}/rspamd/lualib/lua_selectors/extractors.lua
 %{_datadir}/rspamd/lualib/lua_selectors/init.lua
 %{_datadir}/rspamd/lualib/lua_selectors/maps.lua
@@ -550,6 +558,7 @@ install -d -m 0755 %{buildroot}%{_sysconfdir}/%{name}/override.d
 
 %dir %{_datadir}/rspamd/rules
 %{_datadir}/rspamd/rules/bitcoin.lua
+%{_datadir}/rspamd/rules/bounce.lua
 %{_datadir}/rspamd/rules/content.lua
 %{_datadir}/rspamd/rules/forwarding.lua
 %{_datadir}/rspamd/rules/headers_checks.lua
@@ -565,6 +574,7 @@ install -d -m 0755 %{buildroot}%{_sysconfdir}/%{name}/override.d
 %{_datadir}/rspamd/rules/regexp/headers.lua
 %{_datadir}/rspamd/rules/regexp/misc.lua
 %{_datadir}/rspamd/rules/regexp/upstream_spam_filters.lua
+%{_datadir}/rspamd/rules/controller
 
 %{_mandir}/man8/rspamd.8*
 
@@ -585,12 +595,7 @@ install -d -m 0755 %{buildroot}%{_sysconfdir}/%{name}/override.d
 %{_wwwdir}/%{name}/mstile-150x150.png
 %{_wwwdir}/%{name}/safari-pinned-tab.svg
 
-%dir %{_wwwdir}/%{name}/css
-%{_wwwdir}/%{name}/css/bootstrap.min.css
-%{_wwwdir}/%{name}/css/d3evolution.css
-%{_wwwdir}/%{name}/css/footable.bootstrap.min.css
-%{_wwwdir}/%{name}/css/nprogress.css
-%{_wwwdir}/%{name}/css/rspamd.css
+%{_wwwdir}/%{name}/css
 
 %dir %{_wwwdir}/%{name}/fonts
 %{_wwwdir}/%{name}/fonts/glyphicons-halflings-regular.ttf
@@ -610,21 +615,12 @@ install -d -m 0755 %{buildroot}%{_sysconfdir}/%{name}/override.d
 %{_wwwdir}/%{name}/js/app/graph.js
 %{_wwwdir}/%{name}/js/app/history.js
 %{_wwwdir}/%{name}/js/app/rspamd.js
+%{_wwwdir}/%{name}/js/app/selectors.js
 %{_wwwdir}/%{name}/js/app/stats.js
 %{_wwwdir}/%{name}/js/app/symbols.js
 %{_wwwdir}/%{name}/js/app/upload.js
 
-%dir %{_wwwdir}/%{name}/js/lib
-%{_wwwdir}/%{name}/js/lib/bootstrap.min.js
-%{_wwwdir}/%{name}/js/lib/d3.min.js
-%{_wwwdir}/%{name}/js/lib/d3evolution.min.js
-%{_wwwdir}/%{name}/js/lib/d3pie.min.js
-%{_wwwdir}/%{name}/js/lib/footable.min.js
-%{_wwwdir}/%{name}/js/lib/jquery-3.4.1.min.js
-%{_wwwdir}/%{name}/js/lib/jquery.stickytabs.min.js
-%{_wwwdir}/%{name}/js/lib/nprogress.min.js
-%{_wwwdir}/%{name}/js/lib/require.min.js
-%{_wwwdir}/%{name}/js/lib/visibility.min.js
+%{_wwwdir}/%{name}/js/lib
 
 %if 0%{?with split_out_client}
 %files client
diff --git a/usr.bin.rspamd b/usr.bin.rspamd
new file mode 100644
index 0000000..aa65088
--- /dev/null
+++ b/usr.bin.rspamd
@@ -0,0 +1,35 @@
+# Last Modified: Mon Oct  5 10:19:40 2020
+#include <tunables/global>
+
+# based on https://github.com/progmaticltd/homebox/blob/master/install/playbooks/roles/rspamd/templates/apparmor.d/usr.bin.rspamd
+
+profile rspamd /usr/bin/rspamd {
+  #include <abstractions/base>
+  #include <abstractions/nameservice>
+  #include <abstractions/openssl>
+  #include <abstractions/ssl_certs>
+
+  /usr/bin/rspamd mr,
+
+  /etc/rspamd/** r,
+
+  /srv/www/webapps/rspamd/ r,
+  /srv/www/webapps/rspamd/** r,
+  /usr/share/rspamd/ r,
+  /usr/share/rspamd/** r,
+
+  /var/lib/rspamd/ r,
+  /var/lib/rspamd/** rwk,
+
+  /var/log/rspamd/rspamd.log* rwk,
+  /{var/,}run/rspamd/* rwk,
+
+  /dev/shm/rhm.* rw,
+  /etc/magic r,
+  /proc/sys/kernel/random/uuid r,
+
+  /usr/share/icu/*/icu*.dat r,
+
+  #include if exists <local/usr.bin.rspamd>
+  #include if exists <local/rspamd>
+}
\ No newline at end of file