* origin/topic/timw/fix-cirrus-macos-builds:
CI: Call 'brew install' for macOS to ensure we're using openssl@3 on all hosts
(cherry picked from commit 6047846353)
* Add ci/find-current-version.sh to figure out versions of lts and
feature branch based on repository state.
* Do not use ZEEK_IMAGE_REPO for the local images that
are expected to exist.
* Only use IMAGE_NAME/IMAGE_TAG instead of the ARCH and MANIFEST
versions that contained the very same values
* Support and push additional tags
In addition to the lts and feature tags, also push the base version
tags. 5.0 or 5.1 such that someone pulling zeek/zeek:5.0 will get
the most recent available 5.0 patch release.
(cherry picked from commit 357bdc71ad)
We previously used the Spicy plugin's `Spicy::available` to test for
Spicy support. However, having Spicy support does not necessarily mean that we
have built Zeek with its in-tree Spicy analyzers: the Spicy plugin
could have been pulled in from external. The new BIF now reliably
tells us whether the Spicy analyzers are available; its result
corresponds to what `zeek-config --have-spicy-analyzers` returns as
well.
We also move the two current checks over to use this BIF.
(Note: I refrained from renaming the CMake-side `USE_SPICY_ANALYERS`
to `HAVE_SPICY_ANALYZERS`. We should do this eventually for
consistency, but I didn't want to make more changes than necessary
right now.)
* origin/topic/awelzel/arm64-container-follow-ups-2:
Bump private testsuite for char handling fixes
Base64: report byte as positive integer
netbios_decode: use unsigned char for result
analyzer/http: Do not assume char is signed
cirrus: Run tests in a Debian 11 container, too
A baseline difference between arm64 and x86 showed up. We would
print a wrong character as negative value on x86 due to chars
being signed by default. Force an unsigned interpretation which
is also more reasonable because we'd have never indexed the
base64 table with -112
-XXXXXXXXXX.XXXXXX XXXXXXXXXXX 131.243.99.154 3288 193.159.183.138 80 base64_illegal_encoding character -112 ignored by Base64 decoding F zeek -
+XXXXXXXXXX.XXXXXX XXXXXXXXXXX 131.243.99.154 3288 193.159.183.138 80 base64_illegal_encoding character 144 ignored by Base64 decoding F zeek -
Fixes more of #2742
The buf[i] < 3 condition in use previously allowed all chars (signed on x86)
through that had the 0x80 high-bit set after reconstructing from the two
bytes of the netbios name, resulting in escaped non-ascii content in
the logs.
Fixes more of #2742
This avoids interference from other log streams in the policy hook test cases,
which could cause deviations in output vs baselines depending on build
configuration.
* origin/topic/awelzel/arm64-container-follow-ups:
docker: Extend tests to run a very basic Zeek script
cirrus: No broker-tests and no cpp-tests for images
docker: Update Makefile/README to align with the Cirrus CI setup
cirrus: Add back testing of container images
* security/topic/awelzel/125-ftp-timeout-three:
testing/ftp: Add tests and pcaps with invalid reply lines
ftp: Harden reply handing a bit and don't raise bad replies to script-land
ftp: ignore invalid commands
* origin/topic/robin/zeek-spicy-infra:
Switch to shared Spicy libraries by default.
Provide infrastructure to migrate legacy analyzers to Spicy.
Extend Zeekygen manager with method to check if it's active.
This should work now. It affects only the toolchain libraries
`libhilti`/`libspicy`. the runtime libraries `libhilti-rt` and
`libspicy-rt` are always built static (but they are small). Zeek
itself doesn't link against the toolchain anymore now anyways, but a
number of the Spicy tools do.
Note, we have an issue with Broker I believe: it looks like it always
overrides BUILD_SHARED_LIBS to `OFF`
Addresses #2675.
As initial examples, this branch ports the Syslog and Finger analyzers
over. We leave the old analyzers in place for now and activate them
iff we compile without any Spicy.
Needs `zeek-spicy-infra` branches in `spicy/`, `spicy-plugin/`,
`CMake/`, and `zeek/zeek-testing-private`.
Note that the analyzer events remain associated with the Spicy plugin
for now: that's where they will show up with `-NN`, and also inside
the Zeekygen documentation.
We switch CMake over to linking the runtime library into the plugin,
vs. at the top-level through object libraries.
* origin/topic/awelzel/2674-arm64-containers-on-cirrus:
cirrus/containers: Do not install btest pcaps
cirrus: Replace curl with _cache
cirrus: Add cluster testing
cirrus: Polish container_image_manifest_docker_builder
cirrus: Use ccache for faster container builds
cirrus: Add docker_builder tasks to build and push images
github: No more docker workflow
