From 2dbcea6bbf5b3d15f261fd581ed6259566de1c64 Mon Sep 17 00:00:00 2001 From: Craig Leres Date: Tue, 22 Aug 2023 13:34:35 -0700 Subject: security/zeek: Update to 6.0.0 https://github.com/zeek/zeek/releases/tag/v6.0.0 This is the latest major version number Long-Term Support (LTS) release of Zeek. The NETMAP option has been removed; it was too difficult to build it without zeek being installed in %%PREFIX%%. The consensus was that this was a rarely used feature, please reach out to me if need this (I've done some work on a new security/zeek-netmap port that is probably the right way forward). When I upgraded zeek on my systems I found some cruft left over from previous versions. The way I recommend upgrading from 5.0.9 to 6.0.0 is: service zeek stop pkg delete -fy zeek py311-zkg [clean up leftover files in /usr/local/lib/zeek] pkg install -y zeek service zeek deploy Changes: - Zeek now treats private address space (i.e., non-routable IP address ranges) as local by default - Telemetry centralization and Prometheus exposition is not enabled by default anymore - Custom source tarballs require a repo-info.json file. - Plugin authors should raise the minimum required CMake version to 3.15 to ensure compatibility with new CMake scaffolding included in this release - Zeek container images are not pushed to the zeekurity organization anymore - The error message returned when using bro_init, bro_done, and bro_script_loaded events is now removed Reported by: Tim Wojtulewicz --- UPDATING | 21 ++ security/zeek/Makefile | 48 +--- security/zeek/distinfo | 8 +- .../zeek/files/patch-auxil_spicy_CMakeLists.txt | 22 -- .../zeek/files/patch-src_input_readers_raw_Raw.cc | 146 ----------- .../zeek/files/patch-src_input_readers_raw_Raw.h | 10 - security/zeek/pkg-plist | 276 ++++++++++++--------- 7 files changed, 187 insertions(+), 344 deletions(-) delete mode 100644 security/zeek/files/patch-auxil_spicy_CMakeLists.txt delete mode 100644 security/zeek/files/patch-src_input_readers_raw_Raw.cc delete mode 100644 security/zeek/files/patch-src_input_readers_raw_Raw.h diff --git a/UPDATING b/UPDATING index c6c2e3374c5e..59ee7f3b456f 100644 --- a/UPDATING +++ b/UPDATING @@ -5,6 +5,27 @@ they are unavoidable. You should get into the habit of checking this file for changes each time you update your ports collection, before attempting any port upgrades. +20230822: +AUTHOR: leres@FreeBSD.org + + security/zeek has been upgraded to 6.0.0 and the NETMAP option + was removed; it was too difficult to build it without zeek being + installed in %%PREFIX%%. + + The consensus was that this was a rarely used feature, please + reach out to me if need this (I've done some work on a new + security/zeek-netmap port that is probably the right way forward). + + When I upgraded zeek on my systems I found some cruft left over + from previous versions. The way I recommend upgrading from 5.0.9 to + 6.0.0 is: + + service zeek stop + pkg delete -fy zeek py311-zkg + [clean up leftover files in /usr/local/lib/zeek] + pkg install -y zeek + service zeek deploy + 20230817: AFFECTS: users of databases/redis AUTHOR: yasu@FreeBSD.org diff --git a/security/zeek/Makefile b/security/zeek/Makefile index b1226c204d2a..650440d6e981 100644 --- a/security/zeek/Makefile +++ b/security/zeek/Makefile @@ -1,5 +1,5 @@ PORTNAME= zeek -DISTVERSION= 5.0.9 +DISTVERSION= 6.0.0 CATEGORIES= security MASTER_SITES= https://download.zeek.org/ DISTFILES= ${DISTNAME}${EXTRACT_SUFX} @@ -20,7 +20,7 @@ LIB_DEPENDS= libcares.so:dns/c-ares RUN_DEPENDS= c-ares>=1.18.1:dns/c-ares USES= bison cmake compiler:c++17-lang cpe gettext-runtime perl5 \ - python shebangfix ssl + python:3.7+ shebangfix ssl USE_LDCONFIG= yes @@ -39,6 +39,9 @@ CMAKE_ON= BROKER_DISABLE_DOC_EXAMPLES BROKER_DISABLE_TESTS \ BUILD_SHARED_LIBS BUILD_STATIC_BROKER INSTALL_AUX_TOOLS CMAKE_ARGS= -DCARES_ROOT_DIR:PATH=${PREFIX} \ -DCMAKE_EXE_LINKER_FLAGS="${OPENSSL_LDFLAGS}" \ + -DINSTALL_BTEST:BOOL=OFF \ + -DINSTALL_BTEST_PCAPS:BOOL=OFF \ + -DINSTALL_ZKG:BOOL=OFF \ -DPY_MOD_INSTALL_DIR:PATH=${PREFIX}/lib/zeekctl \ -DZEEK_ETC_INSTALL_DIR:PATH=${PREFIX}/etc \ -DZEEK_MAN_INSTALL_PATH=${MANPREFIX}/man \ @@ -47,21 +50,19 @@ CMAKE_ARGS= -DCARES_ROOT_DIR:PATH=${PREFIX} \ ZEEKUSER?= zeek ZEEKGROUP?= zeek -PLIST_SUB+= ARCH=${UNAME_M} \ - LCASE_OPSYS=${OPSYS:tl} \ - ZEEKGROUP=${ZEEKGROUP} \ +PLIST_SUB+= ZEEKGROUP=${ZEEKGROUP} \ ZEEKUSER=${ZEEKUSER} USERS= ${ZEEKUSER} GROUPS= ${ZEEKGROUP} -OPTIONS_DEFINE= GEOIP2 IPSUMDUMP LBL_CF LBL_HF NETMAP PERFTOOLS SPICY ZEEKCTL \ +OPTIONS_DEFINE= GEOIP2 IPSUMDUMP LBL_CF LBL_HF PERFTOOLS SPICY ZEEKCTL \ ZKG OPTIONS_SINGLE= BUILD_TYPE OPTIONS_SINGLE_BUILD_TYPE= DEBUG MINSIZEREL RELEASE RELWITHDEBINFO -OPTIONS_DEFAULT= GEOIP2 IPSUMDUMP LBL_CF LBL_HF NETMAP RELEASE ZEEKCTL \ +OPTIONS_DEFAULT= GEOIP2 IPSUMDUMP LBL_CF LBL_HF RELEASE ZEEKCTL \ ZKG OPTIONS_DEFAULT_aarch64= SPICY OPTIONS_DEFAULT_amd64= SPICY @@ -76,7 +77,6 @@ IPSUMDUMP_DESC= Enables traffic summaries LBL_CF_DESC= Unix time to formated time/date filter support LBL_HF_DESC= Address to hostname filter support MINSIZEREL_DESC= Optimizations on, debug symbols/flags off -NETMAP_DESC= Native Netmap Packet IOSource for Zeek PERFTOOLS_DESC= Use Perftools to improve memory & CPU usage RELEASE_DESC= Optimizations on, debug symbols/flags off RELWITHDEBINFO_DESC= Optimizations/debug symbols on, debug flags off @@ -91,8 +91,6 @@ IPSUMDUMP_BUILD_DEPENDS= ipsumdump:net/ipsumdump IPSUMDUMP_RUN_DEPENDS= ipsumdump:net/ipsumdump LBL_CF_RUN_DEPENDS= ${LOCALBASE}/bin/cf:sysutils/lbl-cf LBL_HF_RUN_DEPENDS= ${LOCALBASE}/bin/hf:sysutils/lbl-hf -NETMAP_GH_TUPLE= zeek:zeek-netmap:v2.0.0:zeek_netmap -NETMAP_USE= GITHUB=nodefault PERFTOOLS_BUILD_DEPENDS= ${LOCALBASE}/bin/perftools-pprof:devel/google-perftools PERFTOOLS_CMAKE_BOOL= ENABLE_PERFTOOLS PERFTOOLS_RUN_DEPENDS= ${LOCALBASE}/bin/perftools-pprof:devel/google-perftools @@ -124,10 +122,6 @@ USE_RC_SUBR= zeek post-extract: @${RM} -rf ${WRKSRC}/auxil/c-ares -post-patch: - ${REINPLACE_CMD} -e '\|/usr/local/|s|$$| ${STAGEDIR}${PREFIX}/|' \ - ${WRKSRC_zeek_netmap}/cmake/FindNetmap.cmake - post-install-ZEEKCTL-on: ${MKDIR} ${STAGEDIR}${PREFIX}/logs ${MKDIR} ${STAGEDIR}${PREFIX}/spool/tmp @@ -149,32 +143,8 @@ post-install: post-install-SPICY-on: @${RM} -rf ${STAGEDIR}${PREFIX}/include/hilti/rt/3rdparty/SafeInt/Archive @${RM} -rf ${STAGEDIR}${PREFIX}/include/hilti/rt/3rdparty/SafeInt/Test - @${RMDIR} ${STAGEDIR}${PREFIX}/include/zeek/builtin-plugins/spicy-plugin/bin - @${RMDIR} ${STAGEDIR}${PREFIX}/include/zeek/builtin-plugins/spicy-plugin/cmake - @${RM} -rf ${STAGEDIR}${PREFIX}/include/zeek/builtin-plugins/spicy-plugin/include - @${RMDIR} ${STAGEDIR}${PREFIX}/include/zeek/builtin-plugins/spicy-plugin/spicy - @${RM} -rf ${STAGEDIR}${PREFIX}/include/zeek/builtin-plugins/spicy-plugin/src - @${RM} -rf ${STAGEDIR}${PREFIX}/include/zeek/builtin-plugins/spicy-plugin/tests - @${RMDIR} ${STAGEDIR}${PREFIX}/include/zeek/script_opt/CPP/maint - @${RMDIR} ${STAGEDIR}${PREFIX}/lib/zeek-spicy/modules pre-install-ZEEKCTL-on: ${MKDIR} ${STAGEDIR}${PREFIX}/etc/rc.d -post-install-NETMAP-on: - ${MKDIR} ${WRKDIR}/zeek-bin - ${CP} ${STAGEDIR}${PREFIX}/bin/zeek-config ${WRKDIR}/zeek-bin - ${REINPLACE_CMD} -e 's|${PREFIX}|${STAGEDIR}${PREFIX}|g' \ - ${WRKDIR}/zeek-bin/zeek-config - cd ${WRKSRC_zeek_netmap} && ${SETENV} PATH=${WRKDIR}/zeek-bin:${PATH} \ - ./configure --with-netmap=/usr \ - --install-root=${STAGEDIR}${PREFIX}/lib/zeek/plugins - cd ${WRKSRC_zeek_netmap}/build && make && make install - @${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/zeek/plugins/Zeek_Netmap/lib/Zeek-Netmap.freebsd-${UNAME_M}.so - -.include - -# Would like to use ARCH (uname -p) but it's not always correct (e.g. arm64) -UNAME_M!= ${UNAME} -m - -.include +.include diff --git a/security/zeek/distinfo b/security/zeek/distinfo index 22ff3939cdf7..8f96203cdbfc 100644 --- a/security/zeek/distinfo +++ b/security/zeek/distinfo @@ -1,5 +1,3 @@ -TIMESTAMP = 1684516872 -SHA256 (zeek-5.0.9.tar.gz) = 2d6247c667c1838d0efd8d860744baadde4b2e8721734dea250e37147899cfcd -SIZE (zeek-5.0.9.tar.gz) = 42904019 -SHA256 (zeek-zeek-netmap-v2.0.0_GH0.tar.gz) = d37a69babfbb62a51a2413d6b83ae792ce1e7f1ccb1d51bd6b209a10fe5c4d75 -SIZE (zeek-zeek-netmap-v2.0.0_GH0.tar.gz) = 9100 +TIMESTAMP = 1692569614 +SHA256 (zeek-6.0.0.tar.gz) = cc37587389ec96a2437c48851a6ef8300b19a39d9e6a1c9066570c25b070d0e2 +SIZE (zeek-6.0.0.tar.gz) = 60086607 diff --git a/security/zeek/files/patch-auxil_spicy_CMakeLists.txt b/security/zeek/files/patch-auxil_spicy_CMakeLists.txt deleted file mode 100644 index 6aee2809e636..000000000000 --- a/security/zeek/files/patch-auxil_spicy_CMakeLists.txt +++ /dev/null @@ -1,22 +0,0 @@ ---- auxil/spicy/CMakeLists.txt.orig 2022-07-09 17:28:05 UTC -+++ auxil/spicy/CMakeLists.txt -@@ -36,3 +36,19 @@ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wno-vla") - set(HILTI_DEV_PRECOMPILE_HEADERS OFF) - - add_subdirectory(spicy) -+ -+# Disable Spicy unit test targets. -+# -+# Spicy builds its unit tests as part of `ALL`. They are usually not only -+# uninteresting for us but might cause problems. Since any configuration -+# we do for our unit tests happens through global C++ compiler flags, they -+# would get inherited directly by Spicy which can cause issues, e.g., we set -+# `-DDOCTEST_CONFIG_DISABLE` if `ENABLE_ZEEK_UNIT_TESTS` is false, but Spicy -+# unit test do not anticipate this define being set. -+set_target_properties( -+ hilti-rt-tests -+ hilti-rt-configuration-tests -+ spicy-rt-tests -+ hilti-toolchain-tests -+ spicy-toolchain-tests -+ PROPERTIES EXCLUDE_FROM_ALL TRUE) diff --git a/security/zeek/files/patch-src_input_readers_raw_Raw.cc b/security/zeek/files/patch-src_input_readers_raw_Raw.cc deleted file mode 100644 index 7ed81f816406..000000000000 --- a/security/zeek/files/patch-src_input_readers_raw_Raw.cc +++ /dev/null @@ -1,146 +0,0 @@ ---- src/input/readers/raw/Raw.cc.orig 2022-07-05 19:35:27 UTC -+++ src/input/readers/raw/Raw.cc -@@ -2,15 +2,15 @@ - - #include "zeek/input/readers/raw/Raw.h" - --#include - #include --#include --#include --#include - #include - #include - #include - #include -+#include -+#include -+#include -+#include - - #include "zeek/input/readers/raw/Plugin.h" - #include "zeek/input/readers/raw/raw.bif.h" -@@ -36,6 +36,7 @@ Raw::Raw(ReaderFrontend* frontend) - firstrun = true; - mtime = 0; - ino = 0; -+ dev = 0; - forcekill = false; - offset = 0; - separator.assign((const char*)BifConst::InputRaw::record_separator->Bytes(), -@@ -282,10 +283,27 @@ bool Raw::OpenInput() - file = std::unique_ptr(fopen(fname.c_str(), "r"), fclose); - if ( ! file ) - { -+ if ( Info().mode == MODE_STREAM ) -+ // Wait for file to appear -+ return true; -+ - Error(Fmt("Init: cannot open %s", fname.c_str())); - return false; - } - -+ if ( Info().mode == MODE_STREAM ) -+ { -+ struct stat sb; -+ if ( fstat(fileno(file.get()), &sb) == -1 ) -+ { -+ // This is unlikely to fail -+ Error(Fmt("Could not get fstat for %s", fname.c_str())); -+ return false; -+ } -+ ino = sb.st_ino; -+ dev = sb.st_dev; -+ } -+ - if ( ! SetFDFlags(fileno(file.get()), F_SETFD, FD_CLOEXEC) ) - Warning(Fmt("Init: cannot set close-on-exec for %s", fname.c_str())); - } -@@ -346,6 +364,7 @@ bool Raw::DoInit(const ReaderInfo& info, int num_field - fname = info.source; - mtime = 0; - ino = 0; -+ dev = 0; - execute = false; - firstrun = true; - int want_fields = 1; -@@ -574,25 +593,61 @@ bool Raw::DoUpdate() - - mtime = sb.st_mtime; - ino = sb.st_ino; -+ dev = sb.st_dev; - // file changed. reread. - // - // fallthrough - } - - case MODE_MANUAL: -- case MODE_STREAM: -- if ( Info().mode == MODE_STREAM && file ) -- { -- clearerr(file.get()); // remove end of file evil bits -- break; -- } -- - CloseInput(); - if ( ! OpenInput() ) - return false; - - break; - -+ case MODE_STREAM: -+ // Clear possible EOF condition -+ if ( file ) -+ clearerr(file.get()); -+ -+ // Done if reading from a pipe -+ if ( execute ) -+ break; -+ -+ // Check if the file has changed -+ struct stat sb; -+ if ( stat(fname.c_str(), &sb) == -1 ) -+ // File was removed -+ break; -+ -+ // Is it the same file? -+ if ( file && sb.st_ino == ino && sb.st_dev == dev ) -+ break; -+ -+ // File was replaced -+ FILE* tfile; -+ tfile = fopen(fname.c_str(), "r"); -+ if ( ! tfile ) -+ break; -+ -+ // Stat newly opened file -+ if ( fstat(fileno(tfile), &sb) == -1 ) -+ { -+ // This is unlikely to fail -+ Error(Fmt("Could not fstat %s", fname.c_str())); -+ fclose(tfile); -+ return false; -+ } -+ if ( file ) -+ file.reset(nullptr); -+ file = std::unique_ptr(tfile, fclose); -+ ino = sb.st_ino; -+ dev = sb.st_dev; -+ offset = 0; -+ bufpos = 0; -+ break; -+ - default: - assert(false); - } -@@ -604,6 +659,10 @@ bool Raw::DoUpdate() - { - if ( stdin_towrite > 0 ) - WriteToStdin(); -+ -+ if ( ! file && Info().mode == MODE_STREAM ) -+ // Wait for file to appear -+ break; - - int64_t length = GetLine(file.get()); - // printf("Read %lld bytes\n", length); diff --git a/security/zeek/files/patch-src_input_readers_raw_Raw.h b/security/zeek/files/patch-src_input_readers_raw_Raw.h deleted file mode 100644 index a4fdd306443f..000000000000 --- a/security/zeek/files/patch-src_input_readers_raw_Raw.h +++ /dev/null @@ -1,10 +0,0 @@ ---- src/input/readers/raw/Raw.h.orig 2022-07-05 21:28:35 UTC -+++ src/input/readers/raw/Raw.h -@@ -55,6 +55,7 @@ class Raw : public ReaderBackend (private) - bool firstrun; - time_t mtime; - ino_t ino; -+ dev_t dev; - - // options set from the script-level. - std::string separator; diff --git a/security/zeek/pkg-plist b/security/zeek/pkg-plist index bfae01ab3d1e..2077fe07d674 100644 --- a/security/zeek/pkg-plist +++ b/security/zeek/pkg-plist @@ -4,10 +4,6 @@ %%ZEEKCTL%%@postexec chown -R %%ZEEKUSER%%:%%ZEEKGROUP%% %D/spool/installed-scripts-do-not-touch bin/bifcl bin/binpac -bin/bro -bin/bro-config -bin/bro-cut -bin/broctl %%ZEEKCTL%%bin/capstats bin/gen-zam %%SPICY%%bin/hilti-config @@ -22,9 +18,10 @@ bin/paraglob-test %%SPICY%%bin/spicyz %%ZEEKCTL%%bin/trace-summary bin/zeek +bin/zeek-archiver +bin/zeek-client bin/zeek-config bin/zeek-cut -bin/zeek-wrapper %%ZEEKCTL%%bin/zeekctl %%ZEEKCTL%%@sample etc/networks.cfg.sample %%ZEEKCTL%%@sample etc/node.cfg.sample @@ -53,12 +50,10 @@ include/broker/detail/abstract_backend.hh include/broker/detail/algorithms.hh include/broker/detail/appliers.hh include/broker/detail/assert.hh -include/broker/detail/blob.hh include/broker/detail/comparable.hh include/broker/detail/die.hh include/broker/detail/filesystem.hh include/broker/detail/flare.hh -include/broker/detail/has_network_info.hh include/broker/detail/hash.hh include/broker/detail/inspect_enum.hh include/broker/detail/make_backend.hh @@ -77,7 +72,6 @@ include/broker/detail/sink_driver.hh include/broker/detail/source_driver.hh include/broker/detail/sqlite_backend.hh include/broker/detail/store_state.hh -include/broker/detail/subscription.hh include/broker/detail/type_traits.hh include/broker/domain_options.hh include/broker/endpoint.hh @@ -178,6 +172,7 @@ include/broker/zeek.hh %%SPICY%%include/hilti/ast/declarations/type.h %%SPICY%%include/hilti/ast/detail/operator-registry.h %%SPICY%%include/hilti/ast/detail/visitor.h +%%SPICY%%include/hilti/ast/doc-string.h %%SPICY%%include/hilti/ast/expression.h %%SPICY%%include/hilti/ast/expressions/all.h %%SPICY%%include/hilti/ast/expressions/assign.h @@ -370,6 +365,7 @@ include/broker/zeek.hh %%SPICY%%include/hilti/rt/doctest.h %%SPICY%%include/hilti/rt/exception.h %%SPICY%%include/hilti/rt/extension-points.h +%%SPICY%%include/hilti/rt/fiber-check-stack.h %%SPICY%%include/hilti/rt/fiber.h %%SPICY%%include/hilti/rt/filesystem.h %%SPICY%%include/hilti/rt/fmt.h @@ -385,8 +381,11 @@ include/broker/zeek.hh %%SPICY%%include/hilti/rt/library.h %%SPICY%%include/hilti/rt/linker.h %%SPICY%%include/hilti/rt/logging.h +%%SPICY%%include/hilti/rt/profiler-state.h +%%SPICY%%include/hilti/rt/profiler.h %%SPICY%%include/hilti/rt/result.h %%SPICY%%include/hilti/rt/safe-int.h +%%SPICY%%include/hilti/rt/safe-math.h %%SPICY%%include/hilti/rt/test/utils.h %%SPICY%%include/hilti/rt/threading.h %%SPICY%%include/hilti/rt/type-info.h @@ -479,6 +478,7 @@ include/paraglob/serializer.h %%SPICY%%include/spicy/compiler/detail/codegen/productions/look-ahead.h %%SPICY%%include/spicy/compiler/detail/codegen/productions/resolved.h %%SPICY%%include/spicy/compiler/detail/codegen/productions/sequence.h +%%SPICY%%include/spicy/compiler/detail/codegen/productions/skip.h %%SPICY%%include/spicy/compiler/detail/codegen/productions/switch.h %%SPICY%%include/spicy/compiler/detail/codegen/productions/type-literal.h %%SPICY%%include/spicy/compiler/detail/codegen/productions/unit.h @@ -494,6 +494,7 @@ include/paraglob/serializer.h %%SPICY%%include/spicy/global.h %%SPICY%%include/spicy/rt/autogen/config.h %%SPICY%%include/spicy/rt/base64.h +%%SPICY%%include/spicy/rt/configuration.h %%SPICY%%include/spicy/rt/debug.h %%SPICY%%include/spicy/rt/driver.h %%SPICY%%include/spicy/rt/filter.h @@ -517,8 +518,13 @@ include/zeek/3rdparty/ConvertUTF.h include/zeek/3rdparty/bro_inet_ntop.h include/zeek/3rdparty/bsd-getopt-long.h include/zeek/3rdparty/doctest.h +include/zeek/3rdparty/ghc/filesystem.hpp +include/zeek/3rdparty/ghc/fs_fwd.hpp +include/zeek/3rdparty/ghc/fs_impl.hpp +include/zeek/3rdparty/ghc/fs_std.hpp +include/zeek/3rdparty/ghc/fs_std_fwd.hpp +include/zeek/3rdparty/ghc/fs_std_impl.hpp include/zeek/3rdparty/modp_numtoa.h -include/zeek/3rdparty/nb_dns.h include/zeek/3rdparty/patricia.h include/zeek/3rdparty/rapidjson/include/rapidjson/allocators.h include/zeek/3rdparty/rapidjson/include/rapidjson/cursorstreamwrapper.h @@ -560,6 +566,7 @@ include/zeek/3rdparty/rapidjson/include/rapidjson/uri.h include/zeek/3rdparty/rapidjson/include/rapidjson/writer.h include/zeek/3rdparty/setsignal.h include/zeek/3rdparty/sqlite3.h +include/zeek/3rdparty/zeek_inet_ntop.h include/zeek/Anon.h include/zeek/Attr.h include/zeek/Base64.h @@ -612,7 +619,6 @@ include/zeek/Pipe.h include/zeek/PolicyFile.h include/zeek/PrefixTable.h include/zeek/PriorityQueue.h -include/zeek/Queue.h include/zeek/RE.h include/zeek/RandTest.h include/zeek/Reassem.h @@ -626,8 +632,8 @@ include/zeek/ScannedFile.h include/zeek/Scope.h include/zeek/ScriptCoverageManager.h include/zeek/ScriptProfile.h +include/zeek/ScriptValidation.h include/zeek/SerializationFormat.h -include/zeek/Sessions.h include/zeek/SmithWaterman.h include/zeek/Span.h include/zeek/Stats.h @@ -690,8 +696,7 @@ include/zeek/analyzer/protocol/dns/DNS.h include/zeek/analyzer/protocol/dns/events.bif.h include/zeek/analyzer/protocol/file/File.h include/zeek/analyzer/protocol/file/events.bif.h -include/zeek/analyzer/protocol/finger/Finger.h -include/zeek/analyzer/protocol/finger/events.bif.h +include/zeek/analyzer/protocol/finger/legacy/Finger.h include/zeek/analyzer/protocol/ftp/FTP.h include/zeek/analyzer/protocol/ftp/events.bif.h include/zeek/analyzer/protocol/ftp/functions.bif.h @@ -705,7 +710,6 @@ include/zeek/analyzer/protocol/gssapi/gssapi.pac include/zeek/analyzer/protocol/http/HTTP.h include/zeek/analyzer/protocol/http/events.bif.h include/zeek/analyzer/protocol/http/functions.bif.h -include/zeek/analyzer/protocol/icmp/ICMP.h include/zeek/analyzer/protocol/ident/Ident.h include/zeek/analyzer/protocol/ident/events.bif.h include/zeek/analyzer/protocol/imap/IMAP.h @@ -937,11 +941,10 @@ include/zeek/analyzer/protocol/ssl/tls-handshake-protocol.pac include/zeek/analyzer/protocol/ssl/tls-handshake-signed_certificate_timestamp.pac include/zeek/analyzer/protocol/ssl/tls-handshake.pac include/zeek/analyzer/protocol/ssl/types.bif.h -include/zeek/analyzer/protocol/syslog/Syslog.h -include/zeek/analyzer/protocol/syslog/events.bif.h -include/zeek/analyzer/protocol/syslog/syslog-analyzer.pac -include/zeek/analyzer/protocol/syslog/syslog-protocol.pac -include/zeek/analyzer/protocol/syslog/syslog.pac +include/zeek/analyzer/protocol/syslog/legacy/Syslog.h +include/zeek/analyzer/protocol/syslog/legacy/syslog-analyzer.pac +include/zeek/analyzer/protocol/syslog/legacy/syslog-protocol.pac +include/zeek/analyzer/protocol/syslog/legacy/syslog.pac include/zeek/analyzer/protocol/tcp/ContentLine.h include/zeek/analyzer/protocol/tcp/TCP.h include/zeek/analyzer/protocol/tcp/TCP_Endpoint.h @@ -950,7 +953,6 @@ include/zeek/analyzer/protocol/tcp/TCP_Reassembler.h include/zeek/analyzer/protocol/tcp/events.bif.h include/zeek/analyzer/protocol/tcp/functions.bif.h include/zeek/analyzer/protocol/tcp/types.bif.h -include/zeek/analyzer/protocol/udp/UDP.h include/zeek/analyzer/protocol/xmpp/XMPP.h include/zeek/analyzer/protocol/xmpp/events.bif.h include/zeek/analyzer/protocol/xmpp/xmpp-analyzer.pac @@ -968,10 +970,8 @@ include/zeek/broker/comm.bif.h include/zeek/broker/data.bif.h include/zeek/broker/messaging.bif.h include/zeek/broker/store.bif.h -%%SPICY%%include/zeek/builtin-plugins/spicy-plugin/consts.bif.h -%%SPICY%%include/zeek/builtin-plugins/spicy-plugin/events.bif.h -%%SPICY%%include/zeek/builtin-plugins/spicy-plugin/functions.bif.h -%%SPICY%%include/zeek/builtin-plugins/spicy-plugin/lib/zeek-spicy +include/zeek/communityid.bif.func_h +include/zeek/communityid.bif.netvar_h include/zeek/const.bif.func_h include/zeek/const.bif.netvar_h include/zeek/digest.h @@ -1000,12 +1000,6 @@ include/zeek/file_analysis/analyzer/pe/pe-file-idata.pac include/zeek/file_analysis/analyzer/pe/pe-file-types.pac include/zeek/file_analysis/analyzer/pe/pe-file.pac include/zeek/file_analysis/analyzer/pe/pe.pac -include/zeek/file_analysis/analyzer/unified2/Unified2.h -include/zeek/file_analysis/analyzer/unified2/events.bif.h -include/zeek/file_analysis/analyzer/unified2/types.bif.h -include/zeek/file_analysis/analyzer/unified2/unified2-analyzer.pac -include/zeek/file_analysis/analyzer/unified2/unified2-file.pac -include/zeek/file_analysis/analyzer/unified2/unified2.pac include/zeek/file_analysis/analyzer/x509/OCSP.h include/zeek/file_analysis/analyzer/x509/X509.h include/zeek/file_analysis/analyzer/x509/X509Common.h @@ -1093,13 +1087,18 @@ include/zeek/packet_analysis/protocol/ip/IPBasedAnalyzer.h include/zeek/packet_analysis/protocol/ip/SessionAdapter.h include/zeek/packet_analysis/protocol/iptunnel/IPTunnel.h include/zeek/packet_analysis/protocol/linux_sll/LinuxSLL.h +include/zeek/packet_analysis/protocol/linux_sll2/LinuxSLL2.h +include/zeek/packet_analysis/protocol/llc/LLC.h include/zeek/packet_analysis/protocol/mpls/MPLS.h include/zeek/packet_analysis/protocol/nflog/NFLog.h +include/zeek/packet_analysis/protocol/novell_802_3/Novell_802_3.h include/zeek/packet_analysis/protocol/null/Null.h +include/zeek/packet_analysis/protocol/pbb/PBB.h include/zeek/packet_analysis/protocol/ppp_serial/PPPSerial.h include/zeek/packet_analysis/protocol/pppoe/PPPoE.h include/zeek/packet_analysis/protocol/root/Root.h include/zeek/packet_analysis/protocol/skip/Skip.h +include/zeek/packet_analysis/protocol/snap/SNAP.h include/zeek/packet_analysis/protocol/tcp/Stats.h include/zeek/packet_analysis/protocol/tcp/TCP.h include/zeek/packet_analysis/protocol/tcp/TCPSessionAdapter.h @@ -1152,6 +1151,7 @@ include/zeek/script_opt/TempVar.h include/zeek/script_opt/UsageAnalyzer.h include/zeek/script_opt/UseDefs.h include/zeek/script_opt/ZAM/BuiltIn.h +include/zeek/script_opt/ZAM/BuiltInSupport.h include/zeek/script_opt/ZAM/Compile.h include/zeek/script_opt/ZAM/Inst-Gen.h include/zeek/script_opt/ZAM/IterInfo.h @@ -1162,6 +1162,17 @@ include/zeek/script_opt/ZAM/ZOp.h include/zeek/session/Key.h include/zeek/session/Manager.h include/zeek/session/Session.h +include/zeek/spicy/cookie.h +include/zeek/spicy/file-analyzer.h +include/zeek/spicy/manager.h +include/zeek/spicy/packet-analyzer.h +include/zeek/spicy/port-range.h +include/zeek/spicy/protocol-analyzer.h +include/zeek/spicy/runtime-support.h +include/zeek/spicy/spicy.bif.h +include/zeek/spicy/spicyz/config.h +include/zeek/spicy/spicyz/driver.h +include/zeek/spicy/spicyz/glue-compiler.h include/zeek/stats.bif.func_h include/zeek/stats.bif.netvar_h include/zeek/strings.bif.func_h @@ -1189,8 +1200,10 @@ include/zeek/types.bif.netvar_h include/zeek/util.h include/zeek/zeek-affinity.h include/zeek/zeek-bif.h +include/zeek/zeek-config-paths.h include/zeek/zeek-config.h include/zeek/zeek-setup.h +include/zeek/zeek-version.h include/zeek/zeek.bif.func_h include/zeek/zeek.bif.netvar_h include/zeek/zeek.pac @@ -1211,97 +1224,89 @@ lib/cmake/Broker/BrokerTargets-release.cmake lib/cmake/Broker/BrokerTargets.cmake lib/libbinpac.so lib/libbinpac.so.0 -lib/libbinpac.so.0.59 +lib/libbinpac.so.0.61 lib/libbroker.a %%SPICY%%lib/libhilti-rt-debug.a %%SPICY%%lib/libhilti-rt.a -%%SPICY%%lib/libhilti.a +%%SPICY%%lib/libhilti.so lib/libparaglob.a %%SPICY%%lib/libspicy-rt-debug.a %%SPICY%%lib/libspicy-rt.a -%%SPICY%%lib/libspicy.a -%%SPICY%%lib/zeek-spicy/cmake/FindSpicy.cmake -%%SPICY%%lib/zeek-spicy/cmake/FindZeek.cmake -%%SPICY%%lib/zeek-spicy/cmake/ZeekSpicyAnalyzerSupport.cmake -%%SPICY%%lib/zeek-spicy/include/zeek-spicy/autogen/config.h -%%SPICY%%lib/zeek-spicy/include/zeek-spicy/cookie.h -%%SPICY%%lib/zeek-spicy/include/zeek-spicy/debug.h -%%SPICY%%lib/zeek-spicy/include/zeek-spicy/driver.h -%%SPICY%%lib/zeek-spicy/include/zeek-spicy/file-analyzer.h -%%SPICY%%lib/zeek-spicy/include/zeek-spicy/packet-analyzer.h -%%SPICY%%lib/zeek-spicy/include/zeek-spicy/plugin.h -%%SPICY%%lib/zeek-spicy/include/zeek-spicy/protocol-analyzer.h -%%SPICY%%lib/zeek-spicy/include/zeek-spicy/runtime-support.h -%%SPICY%%lib/zeek-spicy/include/zeek-spicy/zeek-compat.h -%%SPICY%%lib/zeek-spicy/include/zeek-spicy/zeek-reporter.h -%%SPICY%%lib/zeek-spicy/spicy/zeek.spicy -%%SPICY%%lib/zeek-spicy/spicy/zeek_file.spicy -%%SPICY%%lib/zeek-spicy/spicy/zeek_rt.hlt -%%SPICY%%lib/zeek-spicy/tests/Scripts/canonify-zeek-log -%%SPICY%%lib/zeek-spicy/tests/Scripts/canonify-zeek-log-sorted -%%SPICY%%lib/zeek-spicy/tests/Scripts/diff-remove-abspath -%%SPICY%%lib/zeek-spicy/tests/Scripts/diff-remove-timestamps -%%SPICY%%lib/zeek-spicy/tests/Scripts/diff-sort -%%SPICY%%lib/zeek-spicy/tests/Scripts/spicy-version -%%SPICY%%lib/zeek-spicy/tests/Scripts/zeek-version -%%SPICY%%lib/zeek-spicy/tests/random.seed -%%NETMAP%%lib/zeek/plugins/Zeek_Netmap/COPYING -%%NETMAP%%lib/zeek/plugins/Zeek_Netmap/__bro_plugin__ -%%NETMAP%%lib/zeek/plugins/Zeek_Netmap/lib/Zeek-Netmap.%%LCASE_OPSYS%%-%%ARCH%%.so -%%NETMAP%%lib/zeek/plugins/Zeek_Netmap/scripts/__load__.zeek -%%NETMAP%%lib/zeek/plugins/Zeek_Netmap/scripts/init.zeek -%%NETMAP%%lib/zeek/plugins/Zeek_Netmap/zeekctl/netmap.py +%%SPICY%%lib/libspicy.so lib/zeek/python/SubnetTree.py lib/zeek/python/_SubnetTree.so lib/zeek/python/broker/__init__.py lib/zeek/python/broker/_broker.so lib/zeek/python/broker/zeek.py -%%ZEEKCTL%%lib/zeek/python/zeekctl/BroControl/__init__.py -%%ZEEKCTL%%lib/zeek/python/zeekctl/BroControl/cmdresult.py -%%ZEEKCTL%%lib/zeek/python/zeekctl/BroControl/config.py -%%ZEEKCTL%%lib/zeek/python/zeekctl/BroControl/plugin.py -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/__init__.py -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/cmdresult.py -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/config.py -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/control.py -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/cron.py -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/doc.py -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/events.py -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/exceptions.py -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/execute.py -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/install.py -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/lock.py -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/node.py -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/options.py -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/plugin.py -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/pluginreg.py -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/printdoc.py -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/ssh_runner.py -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/state.py -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/util.py -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/utilcurses.py -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/version.py -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/zeekcmd.py -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/zeekctl.py -%%ZEEKCTL%%lib/zeek/python/zeekctl/plugins/TestPlugin.py -%%ZEEKCTL%%lib/zeek/python/zeekctl/plugins/lb_custom.py -%%ZEEKCTL%%lib/zeek/python/zeekctl/plugins/lb_myricom.py -%%ZEEKCTL%%lib/zeek/python/zeekctl/plugins/lb_pf_ring.py -%%ZEEKCTL%%lib/zeek/python/zeekctl/plugins/ps.py -%%ZEEKCTL%%lib/zeek/python/zeekctl/plugins/zeek_port_warning.py +lib/zeek/python/zeekclient/__init__.py +lib/zeek/python/zeekclient/brokertypes.py +lib/zeek/python/zeekclient/cli.py +lib/zeek/python/zeekclient/config.py +lib/zeek/python/zeekclient/consts.py +lib/zeek/python/zeekclient/controller.py +lib/zeek/python/zeekclient/events.py +lib/zeek/python/zeekclient/logs.py +lib/zeek/python/zeekclient/ssl.py +lib/zeek/python/zeekclient/types.py +lib/zeek/python/zeekclient/utils.py +lib/zeek/python/zeekctl/BroControl/__init__.py +lib/zeek/python/zeekctl/BroControl/cmdresult.py +lib/zeek/python/zeekctl/BroControl/config.py +lib/zeek/python/zeekctl/BroControl/plugin.py +lib/zeek/python/zeekctl/ZeekControl/__init__.py +lib/zeek/python/zeekctl/ZeekControl/cmdresult.py +lib/zeek/python/zeekctl/ZeekControl/config.py +lib/zeek/python/zeekctl/ZeekControl/control.py +lib/zeek/python/zeekctl/ZeekControl/cron.py +lib/zeek/python/zeekctl/ZeekControl/doc.py +lib/zeek/python/zeekctl/ZeekControl/events.py +lib/zeek/python/zeekctl/ZeekControl/exceptions.py +lib/zeek/python/zeekctl/ZeekControl/execute.py +lib/zeek/python/zeekctl/ZeekControl/install.py +lib/zeek/python/zeekctl/ZeekControl/lock.py +lib/zeek/python/zeekctl/ZeekControl/node.py +lib/zeek/python/zeekctl/ZeekControl/options.py +lib/zeek/python/zeekctl/ZeekControl/plugin.py +lib/zeek/python/zeekctl/ZeekControl/pluginreg.py +lib/zeek/python/zeekctl/ZeekControl/printdoc.py +lib/zeek/python/zeekctl/ZeekControl/ssh_runner.py +lib/zeek/python/zeekctl/ZeekControl/state.py +lib/zeek/python/zeekctl/ZeekControl/util.py +lib/zeek/python/zeekctl/ZeekControl/utilcurses.py +lib/zeek/python/zeekctl/ZeekControl/version.py +lib/zeek/python/zeekctl/ZeekControl/zeekcmd.py +lib/zeek/python/zeekctl/ZeekControl/zeekctl.py +lib/zeek/python/zeekctl/plugins/TestPlugin.py +lib/zeek/python/zeekctl/plugins/lb_custom.py +lib/zeek/python/zeekctl/plugins/lb_myricom.py +lib/zeek/python/zeekctl/plugins/lb_pf_ring.py +lib/zeek/python/zeekctl/plugins/ps.py +lib/zeek/python/zeekctl/plugins/zeek_port_warning.py +lib/zeek/python/zeekctl/plugins/zzz_af_packet.py %%ZEEKCTL%%man/man1/trace-summary.1.gz man/man1/zeek-cut.1.gz man/man8/zeek.8.gz %%ZEEKCTL%%man/man8/zeekctl.8.gz +share/btest/data/Scripts/README +share/btest/data/Scripts/canonify-zeek-log +share/btest/data/Scripts/canonify-zeek-log-sorted +share/btest/data/Scripts/diff-remove-abspath +share/btest/data/Scripts/diff-remove-timestamps +share/btest/data/Scripts/diff-sort +share/btest/data/Scripts/run-zeek +share/btest/data/Scripts/spicy-version +share/btest/data/Scripts/zeek-version share/btest/data/random.seed share/btest/scripts/diff-canonifier share/btest/scripts/diff-canonifier-external +share/btest/scripts/diff-canonifier-spicy share/btest/scripts/diff-clean-doctest share/btest/scripts/diff-remove-abspath share/btest/scripts/diff-remove-fields share/btest/scripts/diff-remove-file-ids share/btest/scripts/diff-remove-fractions share/btest/scripts/diff-remove-openclose-timestamps +share/btest/scripts/diff-remove-spicy-abspath share/btest/scripts/diff-remove-timestamps share/btest/scripts/diff-remove-timestamps-and-sort share/btest/scripts/diff-remove-uids @@ -1311,6 +1316,9 @@ share/btest/scripts/diff-sort share/btest/scripts/diff-sort-and-remove-abspath share/btest/scripts/diff-sort-conn-service share/btest/scripts/diff-sort-set-elements +share/btest/scripts/spicy/diff-remove-abspath +share/btest/scripts/spicy/diff-remove-timestamps +share/btest/scripts/spicy/diff-sort %%SPICY%%share/hilti/hilti.hlt %%SPICY%%share/spicy/filter.spicy %%SPICY%%share/spicy/spicy-driver-host.cc @@ -1322,6 +1330,7 @@ share/btest/scripts/diff-sort-set-elements %%DATADIR%%/base/bif/bloom-filter.bif.zeek %%DATADIR%%/base/bif/cardinality-counter.bif.zeek %%DATADIR%%/base/bif/comm.bif.zeek +%%DATADIR%%/base/bif/communityid.bif.zeek %%DATADIR%%/base/bif/const.bif.zeek %%DATADIR%%/base/bif/data.bif.zeek %%DATADIR%%/base/bif/event.bif.zeek @@ -1355,7 +1364,6 @@ share/btest/scripts/diff-sort-set-elements %%DATADIR%%/base/bif/plugins/Zeek_FileExtract.events.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_FileExtract.functions.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_FileHash.events.bif.zeek -%%DATADIR%%/base/bif/plugins/Zeek_Finger.events.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_GSSAPI.events.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_GTPv1.events.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_GTPv1.functions.bif.zeek @@ -1440,18 +1448,12 @@ share/btest/scripts/diff-sort-set-elements %%DATADIR%%/base/bif/plugins/Zeek_SSL.events.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_SSL.functions.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_SSL.types.bif.zeek -%%SPICY%%%%DATADIR%%/base/bif/plugins/Zeek_Spicy.consts.bif.zeek -%%SPICY%%%%DATADIR%%/base/bif/plugins/Zeek_Spicy.events.bif.zeek -%%SPICY%%%%DATADIR%%/base/bif/plugins/Zeek_Spicy.functions.bif.zeek -%%DATADIR%%/base/bif/plugins/Zeek_Syslog.events.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_TCP.events.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_TCP.functions.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_TCP.types.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_Teredo.events.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_Teredo.functions.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_UDP.events.bif.zeek -%%DATADIR%%/base/bif/plugins/Zeek_Unified2.events.bif.zeek -%%DATADIR%%/base/bif/plugins/Zeek_Unified2.types.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_VXLAN.events.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_X509.events.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_X509.functions.bif.zeek @@ -1460,6 +1462,7 @@ share/btest/scripts/diff-sort-set-elements %%DATADIR%%/base/bif/plugins/Zeek_XMPP.events.bif.zeek %%DATADIR%%/base/bif/plugins/__load__.zeek %%DATADIR%%/base/bif/reporter.bif.zeek +%%DATADIR%%/base/bif/spicy.bif.zeek %%DATADIR%%/base/bif/stats.bif.zeek %%DATADIR%%/base/bif/store.bif.zeek %%DATADIR%%/base/bif/strings.bif.zeek @@ -1481,6 +1484,8 @@ share/btest/scripts/diff-sort-set-elements %%DATADIR%%/base/files/x509/log-ocsp.zeek %%DATADIR%%/base/files/x509/main.zeek %%DATADIR%%/base/frameworks/analyzer/__load__.zeek +%%DATADIR%%/base/frameworks/analyzer/dpd.zeek +%%DATADIR%%/base/frameworks/analyzer/logging.zeek %%DATADIR%%/base/frameworks/analyzer/main.zeek %%DATADIR%%/base/frameworks/broker/__load__.zeek %%DATADIR%%/base/frameworks/broker/log.zeek @@ -1502,7 +1507,6 @@ share/btest/scripts/diff-sort-set-elements %%DATADIR%%/base/frameworks/control/__load__.zeek %%DATADIR%%/base/frameworks/control/main.zeek %%DATADIR%%/base/frameworks/dpd/__load__.zeek -%%DATADIR%%/base/frameworks/dpd/main.zeek %%DATADIR%%/base/frameworks/files/__load__.zeek %%DATADIR%%/base/frameworks/files/magic/__load__.zeek %%DATADIR%%/base/frameworks/files/magic/archive.sig @@ -1580,6 +1584,10 @@ share/btest/scripts/diff-sort-set-elements %%DATADIR%%/base/frameworks/signatures/main.zeek %%DATADIR%%/base/frameworks/software/__load__.zeek %%DATADIR%%/base/frameworks/software/main.zeek +%%DATADIR%%/base/frameworks/spicy/__load__.zeek +%%DATADIR%%/base/frameworks/spicy/init-bare.zeek +%%DATADIR%%/base/frameworks/spicy/init-framework.zeek +%%DATADIR%%/base/frameworks/spicy/main.zeek %%DATADIR%%/base/frameworks/sumstats/__load__.zeek %%DATADIR%%/base/frameworks/sumstats/cluster.zeek %%DATADIR%%/base/frameworks/sumstats/main.zeek @@ -1600,6 +1608,8 @@ share/btest/scripts/diff-sort-set-elements %%DATADIR%%/base/frameworks/supervisor/api.zeek %%DATADIR%%/base/frameworks/supervisor/control.zeek %%DATADIR%%/base/frameworks/supervisor/main.zeek +%%DATADIR%%/base/frameworks/telemetry/__load__.zeek +%%DATADIR%%/base/frameworks/telemetry/main.zeek %%DATADIR%%/base/frameworks/tunnels/__load__.zeek %%DATADIR%%/base/frameworks/tunnels/main.zeek %%DATADIR%%/base/init-bare.zeek @@ -1635,13 +1645,21 @@ share/btest/scripts/diff-sort-set-elements %%DATADIR%%/base/packet-protocols/iptunnel/main.zeek %%DATADIR%%/base/packet-protocols/linux_sll/__load__.zeek %%DATADIR%%/base/packet-protocols/linux_sll/main.zeek +%%DATADIR%%/base/packet-protocols/linux_sll2/__load__.zeek +%%DATADIR%%/base/packet-protocols/linux_sll2/main.zeek +%%DATADIR%%/base/packet-protocols/llc/__load__.zeek +%%DATADIR%%/base/packet-protocols/llc/main.zeek %%DATADIR%%/base/packet-protocols/main.zeek %%DATADIR%%/base/packet-protocols/mpls/__load__.zeek %%DATADIR%%/base/packet-protocols/mpls/main.zeek %%DATADIR%%/base/packet-protocols/nflog/__load__.zeek %%DATADIR%%/base/packet-protocols/nflog/main.zeek +%%DATADIR%%/base/packet-protocols/novell_802_3/__load__.zeek +%%DATADIR%%/base/packet-protocols/novell_802_3/main.zeek %%DATADIR%%/base/packet-protocols/null/__load__.zeek %%DATADIR%%/base/packet-protocols/null/main.zeek +%%DATADIR%%/base/packet-protocols/pbb/__load__.zeek +%%DATADIR%%/base/packet-protocols/pbb/main.zeek %%DATADIR%%/base/packet-protocols/ppp_serial/__load__.zeek %%DATADIR%%/base/packet-protocols/ppp_serial/main.zeek %%DATADIR%%/base/packet-protocols/pppoe/__load__.zeek @@ -1650,6 +1668,8 @@ share/btest/scripts/diff-sort-set-elements %%DATADIR%%/base/packet-protocols/root/main.zeek %%DATADIR%%/base/packet-protocols/skip/__load__.zeek %%DATADIR%%/base/packet-protocols/skip/main.zeek +%%DATADIR%%/base/packet-protocols/snap/__load__.zeek +%%DATADIR%%/base/packet-protocols/snap/main.zeek %%DATADIR%%/base/packet-protocols/tcp/__load__.zeek %%DATADIR%%/base/packet-protocols/tcp/main.zeek %%DATADIR%%/base/packet-protocols/teredo/__load__.zeek @@ -1684,6 +1704,9 @@ share/btest/scripts/diff-sort-set-elements %%DATADIR%%/base/protocols/dns/__load__.zeek %%DATADIR%%/base/protocols/dns/consts.zeek %%DATADIR%%/base/protocols/dns/main.zeek +%%DATADIR%%/base/protocols/finger/__load__.zeek +%%DATADIR%%/base/protocols/finger/main.zeek +%%DATADIR%%/base/protocols/finger/spicy-events.zeek %%DATADIR%%/base/protocols/ftp/__load__.zeek %%DATADIR%%/base/protocols/ftp/dpd.sig %%DATADIR%%/base/protocols/ftp/files.zeek @@ -1715,6 +1738,8 @@ share/btest/scripts/diff-sort-set-elements %%DATADIR%%/base/protocols/modbus/main.zeek %%DATADIR%%/base/protocols/mqtt/__load__.zeek %%DATADIR%%/base/protocols/mqtt/consts.zeek +%%DATADIR%%/base/protocols/mqtt/dpd.sig +%%DATADIR%%/base/protocols/mqtt/main.zeek %%DATADIR%%/base/protocols/mysql/__load__.zeek %%DATADIR%%/base/protocols/mysql/consts.zeek %%DATADIR%%/base/protocols/mysql/main.zeek @@ -1771,6 +1796,7 @@ share/btest/scripts/diff-sort-set-elements %%DATADIR%%/base/protocols/syslog/__load__.zeek %%DATADIR%%/base/protocols/syslog/consts.zeek %%DATADIR%%/base/protocols/syslog/main.zeek +%%DATADIR%%/base/protocols/syslog/spicy-events.zeek %%DATADIR%%/base/protocols/tunnels/__load__.zeek %%DATADIR%%/base/protocols/tunnels/dpd.sig %%DATADIR%%/base/protocols/xmpp/__load__.zeek @@ -1796,19 +1822,15 @@ share/btest/scripts/diff-sort-set-elements %%DATADIR%%/base/utils/thresholds.zeek %%DATADIR%%/base/utils/time.zeek %%DATADIR%%/base/utils/urls.zeek -%%ZEEKCTL%%%%SPICY%%%%DATADIR%%/builtin-plugins/Zeek_Spicy/Zeek/Spicy/__load__.zeek -%%ZEEKCTL%%%%SPICY%%%%DATADIR%%/builtin-plugins/Zeek_Spicy/Zeek/Spicy/bare.zeek -%%ZEEKCTL%%%%SPICY%%%%DATADIR%%/builtin-plugins/Zeek_Spicy/Zeek/Spicy/default.zeek -%%ZEEKCTL%%%%SPICY%%%%DATADIR%%/builtin-plugins/Zeek_Spicy/Zeek/Spicy/misc/record-spicy-batch.zeek -%%ZEEKCTL%%%%SPICY%%%%DATADIR%%/builtin-plugins/Zeek_Spicy/_Zeek -%%ZEEKCTL%%%%SPICY%%%%DATADIR%%/builtin-plugins/Zeek_Spicy/__load__.zeek -%%ZEEKCTL%%%%SPICY%%%%DATADIR%%/builtin-plugins/Zeek_Spicy/__preload__.zeek %%ZEEKCTL%%%%DATADIR%%/builtin-plugins/__load__.zeek %%ZEEKCTL%%%%DATADIR%%/builtin-plugins/__preload__.zeek +%%DATADIR%%/cmake/.cmake-format.json +%%DATADIR%%/cmake/.pre-commit-config.yaml %%DATADIR%%/cmake/AddUninstallTarget.cmake %%DATADIR%%/cmake/BifCl.cmake %%DATADIR%%/cmake/BinPAC.cmake %%DATADIR%%/cmake/BroPlugin.cmake +%%DATADIR%%/cmake/BuiltInSpicyAnalyzer.cmake %%DATADIR%%/cmake/COPYING %%DATADIR%%/cmake/ChangeMacInstallNames.cmake %%DATADIR%%/cmake/CheckCompilerArch.cmake @@ -1820,6 +1842,7 @@ share/btest/scripts/diff-sort-set-elements %%DATADIR%%/cmake/CheckTypes.cmake %%DATADIR%%/cmake/CommonCMakeConfig.cmake %%DATADIR%%/cmake/ConfigurePackaging.cmake +%%DATADIR%%/cmake/ConfigureSpicyBuild.cmake %%DATADIR%%/cmake/FindBIND.cmake %%DATADIR%%/cmake/FindBISON.cmake %%DATADIR%%/cmake/FindBinPAC.cmake @@ -1862,25 +1885,30 @@ share/btest/scripts/diff-sort-set-elements %%DATADIR%%/cmake/SetDefaultCompileFlags.cmake %%DATADIR%%/cmake/SetupRPATH.cmake %%DATADIR%%/cmake/UserChangedWarning.cmake +%%DATADIR%%/cmake/ZeekConfig.cmake +%%DATADIR%%/cmake/ZeekConfigVersion.cmake %%DATADIR%%/cmake/ZeekPlugin.cmake +%%DATADIR%%/cmake/ZeekPluginBootstrap.cmake %%DATADIR%%/cmake/ZeekPluginCommon.cmake %%DATADIR%%/cmake/ZeekPluginDynamic.cmake %%DATADIR%%/cmake/ZeekPluginStatic.cmake %%SPICY%%%%DATADIR%%/cmake/ZeekSpicyAnalyzerSupport.cmake %%DATADIR%%/cmake/ZeekSubdir.cmake +%%DATADIR%%/cmake/ZeekTargets.cmake %%DATADIR%%/cmake/cmake_uninstall.cmake.in +%%DATADIR%%/cmake/conan.cmake %%DATADIR%%/cmake/package_postupgrade.sh.in %%DATADIR%%/cmake/package_preinstall.sh.in %%DATADIR%%/cmake/zeek-plugin-create-package.sh %%DATADIR%%/cmake/zeek-plugin-install-package.sh -%%DATADIR%%/policy/files/unified2/__load__.zeek -%%DATADIR%%/policy/files/unified2/main.zeek %%DATADIR%%/policy/files/x509/disable-certificate-events-known-certs.zeek -%%DATADIR%%/policy/files/x509/log-ocsp.zeek +%%DATADIR%%/policy/frameworks/cluster/experimental.zeek +%%DATADIR%%/policy/frameworks/cluster/nodes-experimental/manager.zeek %%DATADIR%%/policy/frameworks/control/controllee.zeek %%DATADIR%%/policy/frameworks/control/controller.zeek %%DATADIR%%/policy/frameworks/dpd/detect-protocols.zeek %%DATADIR%%/policy/frameworks/dpd/packet-segment-logging.zeek +%%DATADIR%%/policy/frameworks/files/deprecated-txhosts-rxhosts-connuids.zeek %%DATADIR%%/policy/frameworks/files/detect-MHR.zeek %%DATADIR%%/policy/frameworks/files/entropy-test-all-files.zeek %%DATADIR%%/policy/frameworks/files/extract-all-files.zeek @@ -1931,15 +1959,17 @@ share/btest/scripts/diff-sort-set-elements %%DATADIR%%/policy/frameworks/netcontrol/catch-and-release.zeek %%DATADIR%%/policy/frameworks/notice/__load__.zeek %%DATADIR%%/policy/frameworks/notice/actions/drop.zeek +%%DATADIR%%/policy/frameworks/notice/community-id.zeek %%DATADIR%%/policy/frameworks/notice/extend-email/hostnames.zeek %%DATADIR%%/policy/frameworks/packet-filter/shunt.zeek %%DATADIR%%/policy/frameworks/signatures/detect-windows-shells.sig %%DATADIR%%/policy/frameworks/software/version-changes.zeek %%DATADIR%%/policy/frameworks/software/vulnerable.zeek %%DATADIR%%/policy/frameworks/software/windows-version-detection.zeek -%%DATADIR%%/policy/integration/barnyard2/__load__.zeek -%%DATADIR%%/policy/integration/barnyard2/main.zeek -%%DATADIR%%/policy/integration/barnyard2/types.zeek +%%DATADIR%%/policy/frameworks/spicy/record-spicy-batch.zeek +%%DATADIR%%/policy/frameworks/spicy/resource-usage.zeek +%%DATADIR%%/policy/frameworks/telemetry/log.zeek +%%DATADIR%%/policy/frameworks/telemetry/prometheus.zeek %%DATADIR%%/policy/integration/collective-intel/__load__.zeek %%DATADIR%%/policy/integration/collective-intel/main.zeek %%DATADIR%%/policy/misc/capture-loss.zeek @@ -1955,6 +1985,7 @@ share/btest/scripts/diff-sort-set-elements %%DATADIR%%/policy/misc/trim-trace-file.zeek %%DATADIR%%/policy/misc/unknown-protocols.zeek %%DATADIR%%/policy/misc/weird-stats.zeek +%%DATADIR%%/policy/protocols/conn/community-id-logging.zeek %%DATADIR%%/policy/protocols/conn/known-hosts.zeek %%DATADIR%%/policy/protocols/conn/known-services.zeek %%DATADIR%%/policy/protocols/conn/mac-logging.zeek @@ -1982,8 +2013,6 @@ share/btest/scripts/diff-sort-set-elements %%DATADIR%%/policy/protocols/modbus/known-masters-slaves.zeek %%DATADIR%%/policy/protocols/modbus/track-memmap.zeek %%DATADIR%%/policy/protocols/mqtt/__load__.zeek -%%DATADIR%%/policy/protocols/mqtt/dpd.sig -%%DATADIR%%/policy/protocols/mqtt/main.zeek %%DATADIR%%/policy/protocols/mysql/software.zeek %%DATADIR%%/policy/protocols/rdp/indicate_ssl.zeek %%DATADIR%%/policy/protocols/smb/log-cmds.zeek @@ -1995,15 +2024,14 @@ share/btest/scripts/diff-sort-set-elements %%DATADIR%%/policy/protocols/ssh/geo-data.zeek %%DATADIR%%/policy/protocols/ssh/interesting-hostnames.zeek %%DATADIR%%/policy/protocols/ssh/software.zeek +%%DATADIR%%/policy/protocols/ssl/certificate-request-info.zeek %%DATADIR%%/policy/protocols/ssl/decryption.zeek %%DATADIR%%/policy/protocols/ssl/dpd-v2.sig %%DATADIR%%/policy/protocols/ssl/expiring-certs.zeek -%%DATADIR%%/policy/protocols/ssl/extract-certs-pem.zeek %%DATADIR%%/policy/protocols/ssl/heartbleed.zeek %%DATADIR%%/policy/protocols/ssl/known-certs.zeek %%DATADIR%%/policy/protocols/ssl/log-certs-base64.zeek %%DATADIR%%/policy/protocols/ssl/log-hostcerts-only.zeek -%%DATADIR%%/policy/protocols/ssl/notary.zeek %%DATADIR%%/policy/protocols/ssl/ssl-log-ext.zeek %%DATADIR%%/policy/protocols/ssl/validate-certs.zeek %%DATADIR%%/policy/protocols/ssl/validate-ocsp.zeek @@ -2017,10 +2045,14 @@ share/btest/scripts/diff-sort-set-elements %%DATADIR%%/policy/tuning/json-logs.zeek %%DATADIR%%/policy/tuning/track-all-assets.zeek @sample %%DATADIR%%/site/local.zeek.sample +%%SPICY%%share/zeek/spicy/zeek.spicy +%%SPICY%%share/zeek/spicy/zeek_file.spicy +%%SPICY%%share/zeek/spicy/zeek_rt.hlt %%ZEEKCTL%%%%DATADIR%%/test-all-policy.zeek %%ZEEKCTL%%share/zeek/zeekctl/__load__.zeek %%ZEEKCTL%%share/zeek/zeekctl/auto.zeek %%ZEEKCTL%%share/zeek/zeekctl/check.zeek +%%ZEEKCTL%%share/zeek/zeekctl/logging.zeek %%ZEEKCTL%%share/zeek/zeekctl/main.zeek %%ZEEKCTL%%share/zeek/zeekctl/process-trace.zeek %%ZEEKCTL%%share/zeek/zeekctl/standalone.zeek -- cgit v1.2.3