diff --git a/CHANGES b/CHANGES index 6fe39c9226..7fe52f63b2 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,77 @@ +6.0.2-8 | 2024-01-12 11:57:00 -0700 + + * Update cmake submodule [nomail] (Tim Wojtulewicz, Corelight) + + * smb: Fix &read_expire not in effect due to &default=string_set() usage (Arne Welzel, Corelight) + + The SMB::State$recent_files field is meant to have expiring entries. + However, due to usage of &default=string_set(), the &read_expire + attribute is not respected causing unbounded state growth. Replace + &default=string_set() with &default=set(). + + Thanks to ya-sato on Slack for reporting! + + Related: zeek/zeek-docs#179, #3513. + + (cherry picked from 5740dbcf20ca81fdbd1a9e474a7025e71e997697) + + * GH-3453: DNS: Add Ed25519 and Ed448 enum values to parser (Arne Welzel, Corelight) + + We already had these declared in dns/const.zeek, so extend the parser + as well to avoid raising weirds and add some test pcaps: + + $ dig @8.8.8.8 DNSKEY ed448.no + $ dig @8.8.8.8 ed448.no +dnssec + + And the same for the ed25519.no domain. + + (cherry picked from commit a5a79d3f3a0c8620d2e15dedb2606bbf18487cbf) + + * RE_Match_State: Do not reset current_pos for every Match() call (Arne Welzel, Corelight) + + This seems like a bug: If one feeds one byte at a time, current_pos + is being reset for every byte, possibly reporting the wrong offsets + in the accepted_matches map. + + (cherry picked from commit a5a79d3f3a0c8620d2e15dedb2606bbf18487cbf) + + * frameworks/software: Fix stale value used for stripping (Arne Welzel, Corelight) + + There was some confusion around which value was used subsequent to a strip(), + but sub not respecting anchors make it appear to work. Also seems that the + `\(?` part seems redundant. + + (cherry picked from commit a5a79d3f3a0c8620d2e15dedb2606bbf18487cbf) + + * GH-3455: strings.bif/sub,gsub: Respect anchors in pattern (Arne Welzel, Corelight) + + Anchors within pattern passed to sub() or gsub() were previously ignored, + replacing any occurrence of '' even when '^' was used as a + pattern. + + This is a pretty user-visible change (and we even have anchored patterns + within the base scripts), but seems "the right thing to do". + + Relates to #3455 + + (cherry picked from commit a5a79d3f3a0c8620d2e15dedb2606bbf18487cbf) + + * SSL: Add new extension types and ECH test (Johanna Amann, Corelight) + + This commit adds a multitude of new extension types that were added in + the last few years; it also adds grease values to extensions, curves, + and ciphersuites. + + Furthermore, it adds a test that contains a encrypted-client-hello + key-exchange (which uses several extension types that we do not have in + our baseline so far). + + (cherry picked from commit 3257c0e216c6f2231376baa9dbcb6b9c27805d97) + + * Add jq to final.Dockerfile (Matti Bispham, Corelight) + + (cherry picked from commit 5ef5733fcc51c078f4d439de86931c69c4339afc) + 6.0.2-3 | 2024-01-12 11:19:06 -0700 * Let signature framework match HTTP body end (xb-anssi) diff --git a/VERSION b/VERSION index fada74b78a..a2fb7c03cc 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -6.0.2-3 +6.0.2-8 diff --git a/cmake b/cmake index 79a4c2e94e..9de9d01bbd 160000 --- a/cmake +++ b/cmake @@ -1 +1 @@ -Subproject commit 79a4c2e94e404d8c9787a53a905d4d0dffb2e3f0 +Subproject commit 9de9d01bbd034a5506fb04463c328775d3f09f57