Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
16824 commits 387 branches 195 tags 255 MiB
Commit graph

16824 commits

This branch
This branch
All branches
Author SHA1 Message Date
Tim Wojtulewicz
db5ab72d0e Remove libzmq5 from Docker images 
This was accidentally added in 356685d82d and
doesn't need to be in our official 7.0 images.
 2025-07-14 14:28:09 -07:00
Tim Wojtulewicz
8f877f9d58 CI: Force opensuse-tumbleweed image to rebuild 2025-07-14 14:24:10 -07:00
Arne Welzel
a0d35d6e28 Merge remote-tracking branch 'origin/topic/vern/ZAM-const-prop-fix' 
* origin/topic/vern/ZAM-const-prop-fix:
  fix for error in ZAM's constant propagation logic

(cherry picked from commit 869bd181b2)
 2025-07-14 14:16:09 -07:00
Arne Welzel
59a1c74ac5 Merge remote-tracking branch 'origin/topic/awelzel/4562-post-proc-lookup-failure' 
* origin/topic/awelzel/4562-post-proc-lookup-failure:
  btest/logging: Fly-by cleanup
  logging/Ascii: Fix abort() for non-existing postrotation functions

(cherry picked from commit f4357485d2)
 2025-07-14 14:13:37 -07:00
Arne Welzel
356685d82d Merge branch 'topic/ado/final-docker' of https://github.com/edoardomich/zeek 
* 'topic/ado/final-docker' of https://github.com/edoardomich/zeek:
  docker: Add `net-tools` and `procps` dependencies

(cherry picked from commit 8189716adc)
 2025-07-14 14:11:49 -07:00
Tim Wojtulewicz
d90c0d3730 Update ZeekJS to v0.18.0 
This is primarily to bring in 26c8c3684c46dce2f00b191ed009b1ea9bfe9159.
 2025-07-14 14:10:31 -07:00
Arne Welzel
181214ed78 Merge remote-tracking branch 'origin/topic/awelzel/4522-bdat-last-reply-fix' 
* origin/topic/awelzel/4522-bdat-last-reply-fix:
  smtp: Fix last_reply column in smtp.log for BDAT LAST

(cherry picked from commit f5063bfcd4)
 2025-07-14 13:57:07 -07:00
Tim Wojtulewicz
4021a0c654 Update CHANGES, VERSION, and NEWS for 7.0.8 2025-05-19 14:42:22 -07:00
Arne Welzel
b76a75d86e Merge remote-tracking branch 'origin/topic/awelzel/4035-btest-openssl-sha1-certs' 
* origin/topic/awelzel/4035-btest-openssl-sha1-certs:
  external/subdir-btest.cfg: Set OPENSSL_ENABLE_SHA1_SIGNATURES=1
  btest/x509_verify: Drop OpenSSL 1.0 hack
  testing/btest: Use OPENSSL_ENABLE_SHA1_SIGNATURES

(cherry picked from commit 280e7acc6e)
 2025-05-19 11:18:20 -07:00
Tim Wojtulewicz
737b7d0add Update paraglob submodule for GCC 15.1 build fix 2025-05-19 09:36:28 -07:00
Arne Welzel
a233788a69 Merge remote-tracking branch 'origin/topic/awelzel/ci-fedora-42' 
* origin/topic/awelzel/ci-fedora-42:
  probabilistic/BitVector: Add include <cstdint>
  Bump spicy to fix build with GCC 15.1
  CI: Drop fedora-40
  CI: Add fedora-42

(cherry picked from commit 7583651bec)
 2025-05-19 09:36:28 -07:00
Johanna Amann
1610fe9eaf Merge remote-tracking branch 'origin/topic/johanna/remove-bind-library-check' 
* origin/topic/johanna/remove-bind-library-check:
  Remove unnecessary check for bind library.

Closes GH-432t log9

(cherry picked from commit 37be65dfd0)
 2025-05-19 09:18:21 -07:00
Arne Welzel
94700130ed Merge remote-tracking branch 'origin/topic/vern/zam-aggr-change-in-loop' 
* origin/topic/vern/zam-aggr-change-in-loop:
  fix for ZAM optimization when an aggregate is modified inside of a loop

(cherry picked from commit 2255fa23b8)
 2025-05-19 09:16:10 -07:00
Tim Wojtulewicz
c700efc3c8 Merge remote-tracking branch 'origin/topic/bbannier/bump-spicy-7.0' into release/7.0 
* origin/topic/bbannier/bump-spicy-7.0:
  Bump `auxil/spicy` to v1.11.5
 2025-05-19 09:09:14 -07:00
Benjamin Bannier
1b5ac2d2e5 Bump auxil/spicy to v1.11.5 2025-05-19 14:54:59 +02:00
Tim Wojtulewicz
05da1c5a52 Updating CHANGES and VERSION. 2025-05-09 07:30:44 -07:00
Tim Wojtulewicz
5f07b3a858 Merge remote-tracking branch 'origin/topic/bbannier/bump-spicy-7.0' into release/7.0 
* origin/topic/bbannier/bump-spicy-7.0:
  Bump auxil/spicy to spicy-1.11.4
 2025-05-08 14:46:40 -07:00
Benjamin Bannier
98eb2a10de Bump auxil/spicy to spicy-1.11.4 2025-05-08 13:13:43 -07:00
Tim Wojtulewicz
c2874bf818 Update docs submodule [nomail] [skip ci] 2025-05-08 12:14:30 -07:00
Tim Wojtulewicz
83ea862c11 Update NEWS for 7.0.7 [nomail] [skip ci] 2025-05-06 13:42:21 -07:00
Tim Wojtulewicz
11cf9e99f2 Add fix to support CMake 4.0, plus update Spicy to version that supports it 2025-05-06 12:45:49 -07:00
Tim Wojtulewicz
76c94e84ac CI: Use brew version of python3 on macOS 2025-05-06 10:57:18 -07:00
Tim Wojtulewicz
37e7b57664 Update quic baselines due to service ordering 2025-05-06 10:09:16 -07:00
Tim Wojtulewicz
c8b42fe3c7 Merge remote-tracking branch 'origin/topic/awelzel/4275-for-release-7.0' into release/7.0 
* origin/topic/awelzel/4275-for-release-7.0:
  ldap: Replace if with switch on bool
  Merge remote-tracking branch 'origin/topic/awelzel/4275-ldap-gss-spnego-auth-miss'
 2025-05-06 09:54:58 -07:00
Arne Welzel
bdcb1c8a44 ldap: Replace if with switch on bool 
The change from a2a535d0c9 used
zeek/spicy#1841, but Zeek 7.0 does not have that functionality
yet. Replace with switch ( bool ).
 2025-05-06 09:47:42 +02:00
Arne Welzel
ceb798b42a Merge remote-tracking branch 'origin/topic/awelzel/4275-ldap-gss-spnego-auth-miss' 
* origin/topic/awelzel/4275-ldap-gss-spnego-auth-miss:
  ldap: Clean up from code review
  ldap: Add Sicily Authentication constants
  ldap: Only switch into MS_KRB5 mode if responseToken exists

(cherry picked from commit a2a535d0c9)
 2025-05-06 09:46:49 +02:00
Arne Welzel
ec18da8baa Merge remote-tracking branch 'origin/topic/awelzel/4405-quic-fragmented-crypto' 
* origin/topic/awelzel/4405-quic-fragmented-crypto:
  Bump external/zeek-testing
  QUIC: Extract reset_crypto() function
  QUIC: Rename ConnectionIDInfo to Context
  QUIC: Switch initial_destination_conn_id to optional
  QUIC: Use initial destination conn_id for decryption
  QUIC: Handle CRYPTO frames across multiple INITIAL packets
  QUIC: Do not consume EncryptedLongPacketPayload
  QUIC: Fix ACK frame parsing

(cherry picked from commit 50ac8d1468)
 2025-05-05 12:56:53 -07:00
Arne Welzel
e712461719 broker/main: Adapt enum values to agree with comm.bif 
Logic to detect this error already existed, but due to enum identifiers
not having a value set, it never triggered before.

Should probably backport this one.

(cherry picked from commit 6bc36e8cf8)
 2025-05-05 12:54:42 -07:00
Tim Wojtulewicz
bc8dc65bd6 Update cmake submodule [nomail] 2025-05-05 12:16:39 -07:00
Tim Wojtulewicz
3e5060018a Update docs submodule to fix RTD [nomail] [skip ci] 2025-03-20 13:48:45 -07:00
Tim Wojtulewicz
9f8e27118e Update CHANGES, VERSION, and NEWS for 7.0.6 release 2025-03-20 12:24:26 -07:00
Tim Wojtulewicz
89376095dc Update zeekctl submodule to fix a couple btests 2025-03-19 13:04:31 -07:00
Tim Wojtulewicz
3e8af6497e Update zeekjs to v0.16.0 2025-03-19 10:43:17 -07:00
Tim Wojtulewicz
5051cce720 Updating CHANGES and VERSION. 2025-03-19 10:43:02 -07:00
Tim Wojtulewicz
c30b835a14 Update mozilla-ca-list.zeek and ct-list.zeek to NSS 3.109 2025-03-18 17:59:01 -07:00
Tim Wojtulewicz
a041080e3f Update core/vntag-in-vlan baseline to remove ip_proto field for 7.0 2025-03-18 17:03:05 -07:00
Tim Wojtulewicz
fc3001c76a CI: Force rebuild of tumbleweed docker image 2025-03-18 16:33:45 -07:00
Tim Wojtulewicz
e2b2c79306 Merge remote-tracking branch 'origin/topic/timw/ci-macos-upgrade-pip' 
* origin/topic/timw/ci-macos-upgrade-pip:
  CI: Unconditionally upgrade pip on macOS

(cherry picked from commit e8d91c8227)
 2025-03-18 16:21:45 -07:00
Tim Wojtulewicz
ed32ee73fa Merge remote-tracking branch 'origin/topic/timw/ci-macos-sequoia' 
* origin/topic/timw/ci-macos-sequoia:
  ci/init-external-repo.sh: Use regex to match macos cirrus task
  CI: Change macOS runner to Sequoia

(cherry picked from commit 43f108bb71)
 2025-03-18 16:21:13 -07:00
Tim Wojtulewicz
eed9858bc4 CI: Update freebsd to 13.4 and 14.2 2025-03-18 16:20:06 -07:00
Tim Wojtulewicz
ed081212ae Merge remote-tracking branch 'origin/topic/timw/vntag-in-vlan' 
* origin/topic/timw/vntag-in-vlan:
  Add analyzer registration from VLAN to VNTAG

(cherry picked from commit cb5e3d0054)
 2025-03-18 16:18:13 -07:00
Arne Welzel
ec04c925a0 Merge remote-tracking branch 'origin/topic/awelzel/2311-load-plugin-bare-mode' 
* origin/topic/awelzel/2311-load-plugin-bare-mode:
  scan.l: Fix @load-plugin scripts loading
  scan.l: Extract switch_to() from load_files()
  ScannedFile: Allow skipping canonicalization

(cherry picked from commit a3a08fa0f3)
 2025-03-18 16:16:39 -07:00
Arne Welzel
de8127f3cd Merge remote-tracking branch 'origin/topic/awelzel/4198-4201-quic-maintenance' 
* origin/topic/awelzel/4198-4201-quic-maintenance:
  QUIC/decrypt_crypto: Rename all_data to data
  QUIC: Confirm before forwarding data to SSL
  QUIC: Parse all QUIC packets in a UDP datagram
  QUIC: Only slurp till packet end, not till &eod

(cherry picked from commit 44304973fb)
 2025-03-18 16:15:34 -07:00
Arne Welzel
b5774f2de9 Merge remote-tracking branch 'origin/topic/vern/ZAM-field-assign-in-op' 
* origin/topic/vern/ZAM-field-assign-in-op:
  pre-commit: Bump spicy-format to 0.23
  fix for ZAM optimization of assigning a record field to result of "in" operation

(cherry picked from commit 991bc9644d)
 2025-03-18 16:13:01 -07:00
Tim Wojtulewicz
7c8a7680ba Update CHANGES, VERSION, and NEWS for 7.0.5 release 2024-12-16 11:12:48 -07:00
Tim Wojtulewicz
26b50908e1 Merge remote-tracking branch 'security/topic/timw/7.0.5-patches' into release/7.0 
* security/topic/timw/7.0.5-patches:
  QUIC/decrypt_crypto: Actually check if decryption was successful
  QUIC/decrypt_crypto: Limit payload_length to 10k
  QUIC/decrypt_crypto: Fix decrypting into too small stack buffer
 2024-12-16 10:21:59 -07:00
Arne Welzel
c2f2388f18 QUIC/decrypt_crypto: Actually check if decryption was successful 
...and bail if it wasn't.

PCAP was produced using OSS-Fuzz input from issue 383379789.
 2024-12-13 13:10:45 -07:00
Arne Welzel
d745d746bc QUIC/decrypt_crypto: Limit payload_length to 10k 
Given we dynamically allocate memory for decryption, employ a limit
that is unlikely to be hit, but allows for large payloads produced
by the fuzzer or jumbo frames.
 2024-12-13 13:10:45 -07:00
Arne Welzel
5fbb6b4599 QUIC/decrypt_crypto: Fix decrypting into too small stack buffer 
A QUIC initial packet larger than 1500 bytes could lead to crashes
due to the usage of a fixed size stack buffer for decryption.

Allocate the necessary memory dynamically on the heap instead.
 2024-12-13 13:10:45 -07:00
Tim Wojtulewicz
7c463b5f92 Update docs submodule [nomail] [skip ci] 2024-12-13 13:08:51 -07:00