Re: git: 2dbcea6bbf5b - main - security/zeek: Update to 6.0.0
- In reply to: Craig Leres : "git: 2dbcea6bbf5b - main - security/zeek: Update to 6.0.0"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 22 Aug 2023 20:41:38 UTC
UPDATES needs an AFFECTS: line. See below.
—
Dan Langille
http://langille <http://langille/>.org/
> On Aug 22, 2023, at 4:35 PM, Craig Leres <leres@freebsd.org> wrote:
>
> The branch main has been updated by leres:
>
> URL: https://cgit.FreeBSD.org/ports/commit/?id=2dbcea6bbf5b3d15f261fd581ed6259566de1c64
>
> commit 2dbcea6bbf5b3d15f261fd581ed6259566de1c64
> Author: Craig Leres <leres@FreeBSD.org>
> AuthorDate: 2023-08-22 20:34:35 +0000
> Commit: Craig Leres <leres@FreeBSD.org>
> CommitDate: 2023-08-22 20:34:35 +0000
>
> security/zeek: Update to 6.0.0
>
> https://github.com/zeek/zeek/releases/tag/v6.0.0
>
> This is the latest major version number Long-Term Support (LTS)
> release of Zeek.
>
> The NETMAP option has been removed; it was too difficult to build
> it without zeek being installed in %%PREFIX%%. The consensus was
> that this was a rarely used feature, please reach out to me if need
> this (I've done some work on a new security/zeek-netmap port that
> is probably the right way forward).
>
> When I upgraded zeek on my systems I found some cruft left over
> from previous versions. The way I recommend upgrading from 5.0.9
> to 6.0.0 is:
>
> service zeek stop
> pkg delete -fy zeek py311-zkg
> [clean up leftover files in /usr/local/lib/zeek]
> pkg install -y zeek
> service zeek deploy
>
> Changes:
>
> - Zeek now treats private address space (i.e., non-routable IP
> address ranges) as local by default
>
> - Telemetry centralization and Prometheus exposition is not enabled
> by default anymore
>
> - Custom source tarballs require a repo-info.json file.
>
> - Plugin authors should raise the minimum required CMake version
> to 3.15 to ensure compatibility with new CMake scaffolding
> included in this release
>
> - Zeek container images are not pushed to the zeekurity organization
> anymore
>
> - The error message returned when using bro_init, bro_done, and
> bro_script_loaded events is now removed
>
> Reported by: Tim Wojtulewicz
> ---
> UPDATING | 21 ++
> security/zeek/Makefile | 48 +---
> security/zeek/distinfo | 8 +-
> .../zeek/files/patch-auxil_spicy_CMakeLists.txt | 22 --
> .../zeek/files/patch-src_input_readers_raw_Raw.cc | 146 -----------
> .../zeek/files/patch-src_input_readers_raw_Raw.h | 10 -
> security/zeek/pkg-plist | 276 ++++++++++++---------
> 7 files changed, 187 insertions(+), 344 deletions(-)
>
> diff --git a/UPDATING b/UPDATING
> index c6c2e3374c5e..59ee7f3b456f 100644
> --- a/UPDATING
> +++ b/UPDATING
> @@ -5,6 +5,27 @@ they are unavoidable.
> You should get into the habit of checking this file for changes each time
> you update your ports collection, before attempting any port upgrades.
>
> +20230822:
> +AUTHOR: leres@FreeBSD.org
This is missing an AFFECTS: clause.
> +
> + security/zeek has been upgraded to 6.0.0 and the NETMAP option
> + was removed; it was too difficult to build it without zeek being
> + installed in %%PREFIX%%.
> +
> + The consensus was that this was a rarely used feature, please
> + reach out to me if need this (I've done some work on a new
> + security/zeek-netmap port that is probably the right way forward).
> +
> + When I upgraded zeek on my systems I found some cruft left over
> + from previous versions. The way I recommend upgrading from 5.0.9 to
> + 6.0.0 is:
> +
> + service zeek stop
> + pkg delete -fy zeek py311-zkg
> + [clean up leftover files in /usr/local/lib/zeek]
> + pkg install -y zeek
> + service zeek deploy
> +
> 20230817:
> AFFECTS: users of databases/redis
> AUTHOR: yasu@FreeBSD.org
> diff --git a/security/zeek/Makefile b/security/zeek/Makefile
> index b1226c204d2a..650440d6e981 100644
> --- a/security/zeek/Makefile
> +++ b/security/zeek/Makefile
> @@ -1,5 +1,5 @@
> PORTNAME= zeek
> -DISTVERSION= 5.0.9
> +DISTVERSION= 6.0.0
> CATEGORIES= security
> MASTER_SITES= https://download.zeek.org/
> DISTFILES= ${DISTNAME}${EXTRACT_SUFX}
> @@ -20,7 +20,7 @@ LIB_DEPENDS= libcares.so:dns/c-ares
> RUN_DEPENDS= c-ares>=1.18.1:dns/c-ares
>
> USES= bison cmake compiler:c++17-lang cpe gettext-runtime perl5 \
> - python shebangfix ssl
> + python:3.7+ shebangfix ssl
>
> USE_LDCONFIG= yes
>
> @@ -39,6 +39,9 @@ CMAKE_ON= BROKER_DISABLE_DOC_EXAMPLES BROKER_DISABLE_TESTS \
> BUILD_SHARED_LIBS BUILD_STATIC_BROKER INSTALL_AUX_TOOLS
> CMAKE_ARGS= -DCARES_ROOT_DIR:PATH=${PREFIX} \
> -DCMAKE_EXE_LINKER_FLAGS="${OPENSSL_LDFLAGS}" \
> + -DINSTALL_BTEST:BOOL=OFF \
> + -DINSTALL_BTEST_PCAPS:BOOL=OFF \
> + -DINSTALL_ZKG:BOOL=OFF \
> -DPY_MOD_INSTALL_DIR:PATH=${PREFIX}/lib/zeekctl \
> -DZEEK_ETC_INSTALL_DIR:PATH=${PREFIX}/etc \
> -DZEEK_MAN_INSTALL_PATH=${MANPREFIX}/man \
> @@ -47,21 +50,19 @@ CMAKE_ARGS= -DCARES_ROOT_DIR:PATH=${PREFIX} \
>
> ZEEKUSER?= zeek
> ZEEKGROUP?= zeek
> -PLIST_SUB+= ARCH=${UNAME_M} \
> - LCASE_OPSYS=${OPSYS:tl} \
> - ZEEKGROUP=${ZEEKGROUP} \
> +PLIST_SUB+= ZEEKGROUP=${ZEEKGROUP} \
> ZEEKUSER=${ZEEKUSER}
>
> USERS= ${ZEEKUSER}
> GROUPS= ${ZEEKGROUP}
>
> -OPTIONS_DEFINE= GEOIP2 IPSUMDUMP LBL_CF LBL_HF NETMAP PERFTOOLS SPICY ZEEKCTL \
> +OPTIONS_DEFINE= GEOIP2 IPSUMDUMP LBL_CF LBL_HF PERFTOOLS SPICY ZEEKCTL \
> ZKG
>
> OPTIONS_SINGLE= BUILD_TYPE
> OPTIONS_SINGLE_BUILD_TYPE= DEBUG MINSIZEREL RELEASE RELWITHDEBINFO
>
> -OPTIONS_DEFAULT= GEOIP2 IPSUMDUMP LBL_CF LBL_HF NETMAP RELEASE ZEEKCTL \
> +OPTIONS_DEFAULT= GEOIP2 IPSUMDUMP LBL_CF LBL_HF RELEASE ZEEKCTL \
> ZKG
> OPTIONS_DEFAULT_aarch64= SPICY
> OPTIONS_DEFAULT_amd64= SPICY
> @@ -76,7 +77,6 @@ IPSUMDUMP_DESC= Enables traffic summaries
> LBL_CF_DESC= Unix time to formated time/date filter support
> LBL_HF_DESC= Address to hostname filter support
> MINSIZEREL_DESC= Optimizations on, debug symbols/flags off
> -NETMAP_DESC= Native Netmap Packet IOSource for Zeek
> PERFTOOLS_DESC= Use Perftools to improve memory & CPU usage
> RELEASE_DESC= Optimizations on, debug symbols/flags off
> RELWITHDEBINFO_DESC= Optimizations/debug symbols on, debug flags off
> @@ -91,8 +91,6 @@ IPSUMDUMP_BUILD_DEPENDS= ipsumdump:net/ipsumdump
> IPSUMDUMP_RUN_DEPENDS= ipsumdump:net/ipsumdump
> LBL_CF_RUN_DEPENDS= ${LOCALBASE}/bin/cf:sysutils/lbl-cf
> LBL_HF_RUN_DEPENDS= ${LOCALBASE}/bin/hf:sysutils/lbl-hf
> -NETMAP_GH_TUPLE= zeek:zeek-netmap:v2.0.0:zeek_netmap
> -NETMAP_USE= GITHUB=nodefault
> PERFTOOLS_BUILD_DEPENDS= ${LOCALBASE}/bin/perftools-pprof:devel/google-perftools
> PERFTOOLS_CMAKE_BOOL= ENABLE_PERFTOOLS
> PERFTOOLS_RUN_DEPENDS= ${LOCALBASE}/bin/perftools-pprof:devel/google-perftools
> @@ -124,10 +122,6 @@ USE_RC_SUBR= zeek
> post-extract:
> @${RM} -rf ${WRKSRC}/auxil/c-ares
>
> -post-patch:
> - ${REINPLACE_CMD} -e '\|/usr/local/|s|$$| ${STAGEDIR}${PREFIX}/|' \
> - ${WRKSRC_zeek_netmap}/cmake/FindNetmap.cmake
> -
> post-install-ZEEKCTL-on:
> ${MKDIR} ${STAGEDIR}${PREFIX}/logs
> ${MKDIR} ${STAGEDIR}${PREFIX}/spool/tmp
> @@ -149,32 +143,8 @@ post-install:
> post-install-SPICY-on:
> @${RM} -rf ${STAGEDIR}${PREFIX}/include/hilti/rt/3rdparty/SafeInt/Archive
> @${RM} -rf ${STAGEDIR}${PREFIX}/include/hilti/rt/3rdparty/SafeInt/Test
> - @${RMDIR} ${STAGEDIR}${PREFIX}/include/zeek/builtin-plugins/spicy-plugin/bin
> - @${RMDIR} ${STAGEDIR}${PREFIX}/include/zeek/builtin-plugins/spicy-plugin/cmake
> - @${RM} -rf ${STAGEDIR}${PREFIX}/include/zeek/builtin-plugins/spicy-plugin/include
> - @${RMDIR} ${STAGEDIR}${PREFIX}/include/zeek/builtin-plugins/spicy-plugin/spicy
> - @${RM} -rf ${STAGEDIR}${PREFIX}/include/zeek/builtin-plugins/spicy-plugin/src
> - @${RM} -rf ${STAGEDIR}${PREFIX}/include/zeek/builtin-plugins/spicy-plugin/tests
> - @${RMDIR} ${STAGEDIR}${PREFIX}/include/zeek/script_opt/CPP/maint
> - @${RMDIR} ${STAGEDIR}${PREFIX}/lib/zeek-spicy/modules
>
> pre-install-ZEEKCTL-on:
> ${MKDIR} ${STAGEDIR}${PREFIX}/etc/rc.d
>
> -post-install-NETMAP-on:
> - ${MKDIR} ${WRKDIR}/zeek-bin
> - ${CP} ${STAGEDIR}${PREFIX}/bin/zeek-config ${WRKDIR}/zeek-bin
> - ${REINPLACE_CMD} -e 's|${PREFIX}|${STAGEDIR}${PREFIX}|g' \
> - ${WRKDIR}/zeek-bin/zeek-config
> - cd ${WRKSRC_zeek_netmap} && ${SETENV} PATH=${WRKDIR}/zeek-bin:${PATH} \
> - ./configure --with-netmap=/usr \
> - --install-root=${STAGEDIR}${PREFIX}/lib/zeek/plugins
> - cd ${WRKSRC_zeek_netmap}/build && make && make install
> - @${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/zeek/plugins/Zeek_Netmap/lib/Zeek-Netmap.freebsd-${UNAME_M}.so
> -
> -.include <bsd.port.pre.mk>
> -
> -# Would like to use ARCH (uname -p) but it's not always correct (e.g. arm64)
> -UNAME_M!= ${UNAME} -m
> -
> -.include <bsd.port.post.mk>
> +.include <bsd.port.mk>
> diff --git a/security/zeek/distinfo b/security/zeek/distinfo
> index 22ff3939cdf7..8f96203cdbfc 100644
> --- a/security/zeek/distinfo
> +++ b/security/zeek/distinfo
> @@ -1,5 +1,3 @@
> -TIMESTAMP = 1684516872
> -SHA256 (zeek-5.0.9.tar.gz) = 2d6247c667c1838d0efd8d860744baadde4b2e8721734dea250e37147899cfcd
> -SIZE (zeek-5.0.9.tar.gz) = 42904019
> -SHA256 (zeek-zeek-netmap-v2.0.0_GH0.tar.gz) = d37a69babfbb62a51a2413d6b83ae792ce1e7f1ccb1d51bd6b209a10fe5c4d75
> -SIZE (zeek-zeek-netmap-v2.0.0_GH0.tar.gz) = 9100
> +TIMESTAMP = 1692569614
> +SHA256 (zeek-6.0.0.tar.gz) = cc37587389ec96a2437c48851a6ef8300b19a39d9e6a1c9066570c25b070d0e2
> +SIZE (zeek-6.0.0.tar.gz) = 60086607
> diff --git a/security/zeek/files/patch-auxil_spicy_CMakeLists.txt b/security/zeek/files/patch-auxil_spicy_CMakeLists.txt
> deleted file mode 100644
> index 6aee2809e636..000000000000
> --- a/security/zeek/files/patch-auxil_spicy_CMakeLists.txt
> +++ /dev/null
> @@ -1,22 +0,0 @@
> ---- auxil/spicy/CMakeLists.txt.orig 2022-07-09 17:28:05 UTC
> -+++ auxil/spicy/CMakeLists.txt
> -@@ -36,3 +36,19 @@ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wno-vla")
> - set(HILTI_DEV_PRECOMPILE_HEADERS OFF)
> -
> - add_subdirectory(spicy)
> -+
> -+# Disable Spicy unit test targets.
> -+#
> -+# Spicy builds its unit tests as part of `ALL`. They are usually not only
> -+# uninteresting for us but might cause problems. Since any configuration
> -+# we do for our unit tests happens through global C++ compiler flags, they
> -+# would get inherited directly by Spicy which can cause issues, e.g., we set
> -+# `-DDOCTEST_CONFIG_DISABLE` if `ENABLE_ZEEK_UNIT_TESTS` is false, but Spicy
> -+# unit test do not anticipate this define being set.
> -+set_target_properties(
> -+ hilti-rt-tests
> -+ hilti-rt-configuration-tests
> -+ spicy-rt-tests
> -+ hilti-toolchain-tests
> -+ spicy-toolchain-tests
> -+ PROPERTIES EXCLUDE_FROM_ALL TRUE)
> diff --git a/security/zeek/files/patch-src_input_readers_raw_Raw.cc b/security/zeek/files/patch-src_input_readers_raw_Raw.cc
> deleted file mode 100644
> index 7ed81f816406..000000000000
> --- a/security/zeek/files/patch-src_input_readers_raw_Raw.cc
> +++ /dev/null
> @@ -1,146 +0,0 @@
> ---- src/input/readers/raw/Raw.cc.orig 2022-07-05 19:35:27 UTC
> -+++ src/input/readers/raw/Raw.cc
> -@@ -2,15 +2,15 @@
> -
> - #include "zeek/input/readers/raw/Raw.h"
> -
> --#include <errno.h>
> - #include <fcntl.h>
> --#include <signal.h>
> --#include <stdio.h>
> --#include <stdlib.h>
> - #include <sys/stat.h>
> - #include <sys/types.h>
> - #include <sys/wait.h>
> - #include <unistd.h>
> -+#include <cerrno>
> -+#include <csignal>
> -+#include <cstdio>
> -+#include <cstdlib>
> -
> - #include "zeek/input/readers/raw/Plugin.h"
> - #include "zeek/input/readers/raw/raw.bif.h"
> -@@ -36,6 +36,7 @@ Raw::Raw(ReaderFrontend* frontend)
> - firstrun = true;
> - mtime = 0;
> - ino = 0;
> -+ dev = 0;
> - forcekill = false;
> - offset = 0;
> - separator.assign((const char*)BifConst::InputRaw::record_separator->Bytes(),
> -@@ -282,10 +283,27 @@ bool Raw::OpenInput()
> - file = std::unique_ptr<FILE, int (*)(FILE*)>(fopen(fname.c_str(), "r"), fclose);
> - if ( ! file )
> - {
> -+ if ( Info().mode == MODE_STREAM )
> -+ // Wait for file to appear
> -+ return true;
> -+
> - Error(Fmt("Init: cannot open %s", fname.c_str()));
> - return false;
> - }
> -
> -+ if ( Info().mode == MODE_STREAM )
> -+ {
> -+ struct stat sb;
> -+ if ( fstat(fileno(file.get()), &sb) == -1 )
> -+ {
> -+ // This is unlikely to fail
> -+ Error(Fmt("Could not get fstat for %s", fname.c_str()));
> -+ return false;
> -+ }
> -+ ino = sb.st_ino;
> -+ dev = sb.st_dev;
> -+ }
> -+
> - if ( ! SetFDFlags(fileno(file.get()), F_SETFD, FD_CLOEXEC) )
> - Warning(Fmt("Init: cannot set close-on-exec for %s", fname.c_str()));
> - }
> -@@ -346,6 +364,7 @@ bool Raw::DoInit(const ReaderInfo& info, int num_field
> - fname = info.source;
> - mtime = 0;
> - ino = 0;
> -+ dev = 0;
> - execute = false;
> - firstrun = true;
> - int want_fields = 1;
> -@@ -574,25 +593,61 @@ bool Raw::DoUpdate()
> -
> - mtime = sb.st_mtime;
> - ino = sb.st_ino;
> -+ dev = sb.st_dev;
> - // file changed. reread.
> - //
> - // fallthrough
> - }
> -
> - case MODE_MANUAL:
> -- case MODE_STREAM:
> -- if ( Info().mode == MODE_STREAM && file )
> -- {
> -- clearerr(file.get()); // remove end of file evil bits
> -- break;
> -- }
> --
> - CloseInput();
> - if ( ! OpenInput() )
> - return false;
> -
> - break;
> -
> -+ case MODE_STREAM:
> -+ // Clear possible EOF condition
> -+ if ( file )
> -+ clearerr(file.get());
> -+
> -+ // Done if reading from a pipe
> -+ if ( execute )
> -+ break;
> -+
> -+ // Check if the file has changed
> -+ struct stat sb;
> -+ if ( stat(fname.c_str(), &sb) == -1 )
> -+ // File was removed
> -+ break;
> -+
> -+ // Is it the same file?
> -+ if ( file && sb.st_ino == ino && sb.st_dev == dev )
> -+ break;
> -+
> -+ // File was replaced
> -+ FILE* tfile;
> -+ tfile = fopen(fname.c_str(), "r");
> -+ if ( ! tfile )
> -+ break;
> -+
> -+ // Stat newly opened file
> -+ if ( fstat(fileno(tfile), &sb) == -1 )
> -+ {
> -+ // This is unlikely to fail
> -+ Error(Fmt("Could not fstat %s", fname.c_str()));
> -+ fclose(tfile);
> -+ return false;
> -+ }
> -+ if ( file )
> -+ file.reset(nullptr);
> -+ file = std::unique_ptr<FILE, int (*)(FILE*)>(tfile, fclose);
> -+ ino = sb.st_ino;
> -+ dev = sb.st_dev;
> -+ offset = 0;
> -+ bufpos = 0;
> -+ break;
> -+
> - default:
> - assert(false);
> - }
> -@@ -604,6 +659,10 @@ bool Raw::DoUpdate()
> - {
> - if ( stdin_towrite > 0 )
> - WriteToStdin();
> -+
> -+ if ( ! file && Info().mode == MODE_STREAM )
> -+ // Wait for file to appear
> -+ break;
> -
> - int64_t length = GetLine(file.get());
> - // printf("Read %lld bytes\n", length);
> diff --git a/security/zeek/files/patch-src_input_readers_raw_Raw.h b/security/zeek/files/patch-src_input_readers_raw_Raw.h
> deleted file mode 100644
> index a4fdd306443f..000000000000
> --- a/security/zeek/files/patch-src_input_readers_raw_Raw.h
> +++ /dev/null
> @@ -1,10 +0,0 @@
> ---- src/input/readers/raw/Raw.h.orig 2022-07-05 21:28:35 UTC
> -+++ src/input/readers/raw/Raw.h
> -@@ -55,6 +55,7 @@ class Raw : public ReaderBackend (private)
> - bool firstrun;
> - time_t mtime;
> - ino_t ino;
> -+ dev_t dev;
> -
> - // options set from the script-level.
> - std::string separator;
> diff --git a/security/zeek/pkg-plist b/security/zeek/pkg-plist
> index bfae01ab3d1e..2077fe07d674 100644
> --- a/security/zeek/pkg-plist
> +++ b/security/zeek/pkg-plist
> @@ -4,10 +4,6 @@
> %%ZEEKCTL%%@postexec chown -R %%ZEEKUSER%%:%%ZEEKGROUP%% %D/spool/installed-scripts-do-not-touch
> bin/bifcl
> bin/binpac
> -bin/bro
> -bin/bro-config
> -bin/bro-cut
> -bin/broctl
> %%ZEEKCTL%%bin/capstats
> bin/gen-zam
> %%SPICY%%bin/hilti-config
> @@ -22,9 +18,10 @@ bin/paraglob-test
> %%SPICY%%bin/spicyz
> %%ZEEKCTL%%bin/trace-summary
> bin/zeek
> +bin/zeek-archiver
> +bin/zeek-client
> bin/zeek-config
> bin/zeek-cut
> -bin/zeek-wrapper
> %%ZEEKCTL%%bin/zeekctl
> %%ZEEKCTL%%@sample etc/networks.cfg.sample
> %%ZEEKCTL%%@sample etc/node.cfg.sample
> @@ -53,12 +50,10 @@ include/broker/detail/abstract_backend.hh
> include/broker/detail/algorithms.hh
> include/broker/detail/appliers.hh
> include/broker/detail/assert.hh
> -include/broker/detail/blob.hh
> include/broker/detail/comparable.hh
> include/broker/detail/die.hh
> include/broker/detail/filesystem.hh
> include/broker/detail/flare.hh
> -include/broker/detail/has_network_info.hh
> include/broker/detail/hash.hh
> include/broker/detail/inspect_enum.hh
> include/broker/detail/make_backend.hh
> @@ -77,7 +72,6 @@ include/broker/detail/sink_driver.hh
> include/broker/detail/source_driver.hh
> include/broker/detail/sqlite_backend.hh
> include/broker/detail/store_state.hh
> -include/broker/detail/subscription.hh
> include/broker/detail/type_traits.hh
> include/broker/domain_options.hh
> include/broker/endpoint.hh
> @@ -178,6 +172,7 @@ include/broker/zeek.hh
> %%SPICY%%include/hilti/ast/declarations/type.h
> %%SPICY%%include/hilti/ast/detail/operator-registry.h
> %%SPICY%%include/hilti/ast/detail/visitor.h
> +%%SPICY%%include/hilti/ast/doc-string.h
> %%SPICY%%include/hilti/ast/expression.h
> %%SPICY%%include/hilti/ast/expressions/all.h
> %%SPICY%%include/hilti/ast/expressions/assign.h
> @@ -370,6 +365,7 @@ include/broker/zeek.hh
> %%SPICY%%include/hilti/rt/doctest.h
> %%SPICY%%include/hilti/rt/exception.h
> %%SPICY%%include/hilti/rt/extension-points.h
> +%%SPICY%%include/hilti/rt/fiber-check-stack.h
> %%SPICY%%include/hilti/rt/fiber.h
> %%SPICY%%include/hilti/rt/filesystem.h
> %%SPICY%%include/hilti/rt/fmt.h
> @@ -385,8 +381,11 @@ include/broker/zeek.hh
> %%SPICY%%include/hilti/rt/library.h
> %%SPICY%%include/hilti/rt/linker.h
> %%SPICY%%include/hilti/rt/logging.h
> +%%SPICY%%include/hilti/rt/profiler-state.h
> +%%SPICY%%include/hilti/rt/profiler.h
> %%SPICY%%include/hilti/rt/result.h
> %%SPICY%%include/hilti/rt/safe-int.h
> +%%SPICY%%include/hilti/rt/safe-math.h
> %%SPICY%%include/hilti/rt/test/utils.h
> %%SPICY%%include/hilti/rt/threading.h
> %%SPICY%%include/hilti/rt/type-info.h
> @@ -479,6 +478,7 @@ include/paraglob/serializer.h
> %%SPICY%%include/spicy/compiler/detail/codegen/productions/look-ahead.h
> %%SPICY%%include/spicy/compiler/detail/codegen/productions/resolved.h
> %%SPICY%%include/spicy/compiler/detail/codegen/productions/sequence.h
> +%%SPICY%%include/spicy/compiler/detail/codegen/productions/skip.h
> %%SPICY%%include/spicy/compiler/detail/codegen/productions/switch.h
> %%SPICY%%include/spicy/compiler/detail/codegen/productions/type-literal.h
> %%SPICY%%include/spicy/compiler/detail/codegen/productions/unit.h
> @@ -494,6 +494,7 @@ include/paraglob/serializer.h
> %%SPICY%%include/spicy/global.h
> %%SPICY%%include/spicy/rt/autogen/config.h
> %%SPICY%%include/spicy/rt/base64.h
> +%%SPICY%%include/spicy/rt/configuration.h
> %%SPICY%%include/spicy/rt/debug.h
> %%SPICY%%include/spicy/rt/driver.h
> %%SPICY%%include/spicy/rt/filter.h
> @@ -517,8 +518,13 @@ include/zeek/3rdparty/ConvertUTF.h
> include/zeek/3rdparty/bro_inet_ntop.h
> include/zeek/3rdparty/bsd-getopt-long.h
> include/zeek/3rdparty/doctest.h
> +include/zeek/3rdparty/ghc/filesystem.hpp
> +include/zeek/3rdparty/ghc/fs_fwd.hpp
> +include/zeek/3rdparty/ghc/fs_impl.hpp
> +include/zeek/3rdparty/ghc/fs_std.hpp
> +include/zeek/3rdparty/ghc/fs_std_fwd.hpp
> +include/zeek/3rdparty/ghc/fs_std_impl.hpp
> include/zeek/3rdparty/modp_numtoa.h
> -include/zeek/3rdparty/nb_dns.h
> include/zeek/3rdparty/patricia.h
> include/zeek/3rdparty/rapidjson/include/rapidjson/allocators.h
> include/zeek/3rdparty/rapidjson/include/rapidjson/cursorstreamwrapper.h
> @@ -560,6 +566,7 @@ include/zeek/3rdparty/rapidjson/include/rapidjson/uri.h
> include/zeek/3rdparty/rapidjson/include/rapidjson/writer.h
> include/zeek/3rdparty/setsignal.h
> include/zeek/3rdparty/sqlite3.h
> +include/zeek/3rdparty/zeek_inet_ntop.h
> include/zeek/Anon.h
> include/zeek/Attr.h
> include/zeek/Base64.h
> @@ -612,7 +619,6 @@ include/zeek/Pipe.h
> include/zeek/PolicyFile.h
> include/zeek/PrefixTable.h
> include/zeek/PriorityQueue.h
> -include/zeek/Queue.h
> include/zeek/RE.h
> include/zeek/RandTest.h
> include/zeek/Reassem.h
> @@ -626,8 +632,8 @@ include/zeek/ScannedFile.h
> include/zeek/Scope.h
> include/zeek/ScriptCoverageManager.h
> include/zeek/ScriptProfile.h
> +include/zeek/ScriptValidation.h
> include/zeek/SerializationFormat.h
> -include/zeek/Sessions.h
> include/zeek/SmithWaterman.h
> include/zeek/Span.h
> include/zeek/Stats.h
> @@ -690,8 +696,7 @@ include/zeek/analyzer/protocol/dns/DNS.h
> include/zeek/analyzer/protocol/dns/events.bif.h
> include/zeek/analyzer/protocol/file/File.h
> include/zeek/analyzer/protocol/file/events.bif.h
> -include/zeek/analyzer/protocol/finger/Finger.h
> -include/zeek/analyzer/protocol/finger/events.bif.h
> +include/zeek/analyzer/protocol/finger/legacy/Finger.h
> include/zeek/analyzer/protocol/ftp/FTP.h
> include/zeek/analyzer/protocol/ftp/events.bif.h
> include/zeek/analyzer/protocol/ftp/functions.bif.h
> @@ -705,7 +710,6 @@ include/zeek/analyzer/protocol/gssapi/gssapi.pac
> include/zeek/analyzer/protocol/http/HTTP.h
> include/zeek/analyzer/protocol/http/events.bif.h
> include/zeek/analyzer/protocol/http/functions.bif.h
> -include/zeek/analyzer/protocol/icmp/ICMP.h
> include/zeek/analyzer/protocol/ident/Ident.h
> include/zeek/analyzer/protocol/ident/events.bif.h
> include/zeek/analyzer/protocol/imap/IMAP.h
> @@ -937,11 +941,10 @@ include/zeek/analyzer/protocol/ssl/tls-handshake-protocol.pac
> include/zeek/analyzer/protocol/ssl/tls-handshake-signed_certificate_timestamp.pac
> include/zeek/analyzer/protocol/ssl/tls-handshake.pac
> include/zeek/analyzer/protocol/ssl/types.bif.h
> -include/zeek/analyzer/protocol/syslog/Syslog.h
> -include/zeek/analyzer/protocol/syslog/events.bif.h
> -include/zeek/analyzer/protocol/syslog/syslog-analyzer.pac
> -include/zeek/analyzer/protocol/syslog/syslog-protocol.pac
> -include/zeek/analyzer/protocol/syslog/syslog.pac
> +include/zeek/analyzer/protocol/syslog/legacy/Syslog.h
> +include/zeek/analyzer/protocol/syslog/legacy/syslog-analyzer.pac
> +include/zeek/analyzer/protocol/syslog/legacy/syslog-protocol.pac
> +include/zeek/analyzer/protocol/syslog/legacy/syslog.pac
> include/zeek/analyzer/protocol/tcp/ContentLine.h
> include/zeek/analyzer/protocol/tcp/TCP.h
> include/zeek/analyzer/protocol/tcp/TCP_Endpoint.h
> @@ -950,7 +953,6 @@ include/zeek/analyzer/protocol/tcp/TCP_Reassembler.h
> include/zeek/analyzer/protocol/tcp/events.bif.h
> include/zeek/analyzer/protocol/tcp/functions.bif.h
> include/zeek/analyzer/protocol/tcp/types.bif.h
> -include/zeek/analyzer/protocol/udp/UDP.h
> include/zeek/analyzer/protocol/xmpp/XMPP.h
> include/zeek/analyzer/protocol/xmpp/events.bif.h
> include/zeek/analyzer/protocol/xmpp/xmpp-analyzer.pac
> @@ -968,10 +970,8 @@ include/zeek/broker/comm.bif.h
> include/zeek/broker/data.bif.h
> include/zeek/broker/messaging.bif.h
> include/zeek/broker/store.bif.h
> -%%SPICY%%include/zeek/builtin-plugins/spicy-plugin/consts.bif.h
> -%%SPICY%%include/zeek/builtin-plugins/spicy-plugin/events.bif.h
> -%%SPICY%%include/zeek/builtin-plugins/spicy-plugin/functions.bif.h
> -%%SPICY%%include/zeek/builtin-plugins/spicy-plugin/lib/zeek-spicy
> +include/zeek/communityid.bif.func_h
> +include/zeek/communityid.bif.netvar_h
> include/zeek/const.bif.func_h
> include/zeek/const.bif.netvar_h
> include/zeek/digest.h
> @@ -1000,12 +1000,6 @@ include/zeek/file_analysis/analyzer/pe/pe-file-idata.pac
> include/zeek/file_analysis/analyzer/pe/pe-file-types.pac
> include/zeek/file_analysis/analyzer/pe/pe-file.pac
> include/zeek/file_analysis/analyzer/pe/pe.pac
> -include/zeek/file_analysis/analyzer/unified2/Unified2.h
> -include/zeek/file_analysis/analyzer/unified2/events.bif.h
> -include/zeek/file_analysis/analyzer/unified2/types.bif.h
> -include/zeek/file_analysis/analyzer/unified2/unified2-analyzer.pac
> -include/zeek/file_analysis/analyzer/unified2/unified2-file.pac
> -include/zeek/file_analysis/analyzer/unified2/unified2.pac
> include/zeek/file_analysis/analyzer/x509/OCSP.h
> include/zeek/file_analysis/analyzer/x509/X509.h
> include/zeek/file_analysis/analyzer/x509/X509Common.h
> @@ -1093,13 +1087,18 @@ include/zeek/packet_analysis/protocol/ip/IPBasedAnalyzer.h
> include/zeek/packet_analysis/protocol/ip/SessionAdapter.h
> include/zeek/packet_analysis/protocol/iptunnel/IPTunnel.h
> include/zeek/packet_analysis/protocol/linux_sll/LinuxSLL.h
> +include/zeek/packet_analysis/protocol/linux_sll2/LinuxSLL2.h
> +include/zeek/packet_analysis/protocol/llc/LLC.h
> include/zeek/packet_analysis/protocol/mpls/MPLS.h
> include/zeek/packet_analysis/protocol/nflog/NFLog.h
> +include/zeek/packet_analysis/protocol/novell_802_3/Novell_802_3.h
> include/zeek/packet_analysis/protocol/null/Null.h
> +include/zeek/packet_analysis/protocol/pbb/PBB.h
> include/zeek/packet_analysis/protocol/ppp_serial/PPPSerial.h
> include/zeek/packet_analysis/protocol/pppoe/PPPoE.h
> include/zeek/packet_analysis/protocol/root/Root.h
> include/zeek/packet_analysis/protocol/skip/Skip.h
> +include/zeek/packet_analysis/protocol/snap/SNAP.h
> include/zeek/packet_analysis/protocol/tcp/Stats.h
> include/zeek/packet_analysis/protocol/tcp/TCP.h
> include/zeek/packet_analysis/protocol/tcp/TCPSessionAdapter.h
> @@ -1152,6 +1151,7 @@ include/zeek/script_opt/TempVar.h
> include/zeek/script_opt/UsageAnalyzer.h
> include/zeek/script_opt/UseDefs.h
> include/zeek/script_opt/ZAM/BuiltIn.h
> +include/zeek/script_opt/ZAM/BuiltInSupport.h
> include/zeek/script_opt/ZAM/Compile.h
> include/zeek/script_opt/ZAM/Inst-Gen.h
> include/zeek/script_opt/ZAM/IterInfo.h
> @@ -1162,6 +1162,17 @@ include/zeek/script_opt/ZAM/ZOp.h
> include/zeek/session/Key.h
> include/zeek/session/Manager.h
> include/zeek/session/Session.h
> +include/zeek/spicy/cookie.h
> +include/zeek/spicy/file-analyzer.h
> +include/zeek/spicy/manager.h
> +include/zeek/spicy/packet-analyzer.h
> +include/zeek/spicy/port-range.h
> +include/zeek/spicy/protocol-analyzer.h
> +include/zeek/spicy/runtime-support.h
> +include/zeek/spicy/spicy.bif.h
> +include/zeek/spicy/spicyz/config.h
> +include/zeek/spicy/spicyz/driver.h
> +include/zeek/spicy/spicyz/glue-compiler.h
> include/zeek/stats.bif.func_h
> include/zeek/stats.bif.netvar_h
> include/zeek/strings.bif.func_h
> @@ -1189,8 +1200,10 @@ include/zeek/types.bif.netvar_h
> include/zeek/util.h
> include/zeek/zeek-affinity.h
> include/zeek/zeek-bif.h
> +include/zeek/zeek-config-paths.h
> include/zeek/zeek-config.h
> include/zeek/zeek-setup.h
> +include/zeek/zeek-version.h
> include/zeek/zeek.bif.func_h
> include/zeek/zeek.bif.netvar_h
> include/zeek/zeek.pac
> @@ -1211,97 +1224,89 @@ lib/cmake/Broker/BrokerTargets-release.cmake
> lib/cmake/Broker/BrokerTargets.cmake
> lib/libbinpac.so
> lib/libbinpac.so.0
> -lib/libbinpac.so.0.59
> +lib/libbinpac.so.0.61
> lib/libbroker.a
> %%SPICY%%lib/libhilti-rt-debug.a
> %%SPICY%%lib/libhilti-rt.a
> -%%SPICY%%lib/libhilti.a
> +%%SPICY%%lib/libhilti.so
> lib/libparaglob.a
> %%SPICY%%lib/libspicy-rt-debug.a
> %%SPICY%%lib/libspicy-rt.a
> -%%SPICY%%lib/libspicy.a
> -%%SPICY%%lib/zeek-spicy/cmake/FindSpicy.cmake
> -%%SPICY%%lib/zeek-spicy/cmake/FindZeek.cmake
> -%%SPICY%%lib/zeek-spicy/cmake/ZeekSpicyAnalyzerSupport.cmake
> -%%SPICY%%lib/zeek-spicy/include/zeek-spicy/autogen/config.h
> -%%SPICY%%lib/zeek-spicy/include/zeek-spicy/cookie.h
> -%%SPICY%%lib/zeek-spicy/include/zeek-spicy/debug.h
> -%%SPICY%%lib/zeek-spicy/include/zeek-spicy/driver.h
> -%%SPICY%%lib/zeek-spicy/include/zeek-spicy/file-analyzer.h
> -%%SPICY%%lib/zeek-spicy/include/zeek-spicy/packet-analyzer.h
> -%%SPICY%%lib/zeek-spicy/include/zeek-spicy/plugin.h
> -%%SPICY%%lib/zeek-spicy/include/zeek-spicy/protocol-analyzer.h
> -%%SPICY%%lib/zeek-spicy/include/zeek-spicy/runtime-support.h
> -%%SPICY%%lib/zeek-spicy/include/zeek-spicy/zeek-compat.h
> -%%SPICY%%lib/zeek-spicy/include/zeek-spicy/zeek-reporter.h
> -%%SPICY%%lib/zeek-spicy/spicy/zeek.spicy
> -%%SPICY%%lib/zeek-spicy/spicy/zeek_file.spicy
> -%%SPICY%%lib/zeek-spicy/spicy/zeek_rt.hlt
> -%%SPICY%%lib/zeek-spicy/tests/Scripts/canonify-zeek-log
> -%%SPICY%%lib/zeek-spicy/tests/Scripts/canonify-zeek-log-sorted
> -%%SPICY%%lib/zeek-spicy/tests/Scripts/diff-remove-abspath
> -%%SPICY%%lib/zeek-spicy/tests/Scripts/diff-remove-timestamps
> -%%SPICY%%lib/zeek-spicy/tests/Scripts/diff-sort
> -%%SPICY%%lib/zeek-spicy/tests/Scripts/spicy-version
> -%%SPICY%%lib/zeek-spicy/tests/Scripts/zeek-version
> -%%SPICY%%lib/zeek-spicy/tests/random.seed
> -%%NETMAP%%lib/zeek/plugins/Zeek_Netmap/COPYING
> -%%NETMAP%%lib/zeek/plugins/Zeek_Netmap/__bro_plugin__
> -%%NETMAP%%lib/zeek/plugins/Zeek_Netmap/lib/Zeek-Netmap.%%LCASE_OPSYS%%-%%ARCH%%.so
> -%%NETMAP%%lib/zeek/plugins/Zeek_Netmap/scripts/__load__.zeek
> -%%NETMAP%%lib/zeek/plugins/Zeek_Netmap/scripts/init.zeek
> -%%NETMAP%%lib/zeek/plugins/Zeek_Netmap/zeekctl/netmap.py
> +%%SPICY%%lib/libspicy.so
> lib/zeek/python/SubnetTree.py
> lib/zeek/python/_SubnetTree.so
> lib/zeek/python/broker/__init__.py
> lib/zeek/python/broker/_broker.so
> lib/zeek/python/broker/zeek.py
> -%%ZEEKCTL%%lib/zeek/python/zeekctl/BroControl/__init__.py
> -%%ZEEKCTL%%lib/zeek/python/zeekctl/BroControl/cmdresult.py
> -%%ZEEKCTL%%lib/zeek/python/zeekctl/BroControl/config.py
> -%%ZEEKCTL%%lib/zeek/python/zeekctl/BroControl/plugin.py
> -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/__init__.py
> -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/cmdresult.py
> -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/config.py
> -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/control.py
> -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/cron.py
> -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/doc.py
> -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/events.py
> -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/exceptions.py
> -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/execute.py
> -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/install.py
> -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/lock.py
> -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/node.py
> -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/options.py
> -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/plugin.py
> -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/pluginreg.py
> -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/printdoc.py
> -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/ssh_runner.py
> -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/state.py
> -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/util.py
> -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/utilcurses.py
> -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/version.py
> -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/zeekcmd.py
> -%%ZEEKCTL%%lib/zeek/python/zeekctl/ZeekControl/zeekctl.py
> -%%ZEEKCTL%%lib/zeek/python/zeekctl/plugins/TestPlugin.py
> -%%ZEEKCTL%%lib/zeek/python/zeekctl/plugins/lb_custom.py
> -%%ZEEKCTL%%lib/zeek/python/zeekctl/plugins/lb_myricom.py
> -%%ZEEKCTL%%lib/zeek/python/zeekctl/plugins/lb_pf_ring.py
> -%%ZEEKCTL%%lib/zeek/python/zeekctl/plugins/ps.py
> -%%ZEEKCTL%%lib/zeek/python/zeekctl/plugins/zeek_port_warning.py
> +lib/zeek/python/zeekclient/__init__.py
> +lib/zeek/python/zeekclient/brokertypes.py
> +lib/zeek/python/zeekclient/cli.py
> +lib/zeek/python/zeekclient/config.py
> +lib/zeek/python/zeekclient/consts.py
> +lib/zeek/python/zeekclient/controller.py
> +lib/zeek/python/zeekclient/events.py
> +lib/zeek/python/zeekclient/logs.py
> +lib/zeek/python/zeekclient/ssl.py
> +lib/zeek/python/zeekclient/types.py
> +lib/zeek/python/zeekclient/utils.py
> +lib/zeek/python/zeekctl/BroControl/__init__.py
> +lib/zeek/python/zeekctl/BroControl/cmdresult.py
> +lib/zeek/python/zeekctl/BroControl/config.py
> +lib/zeek/python/zeekctl/BroControl/plugin.py
> +lib/zeek/python/zeekctl/ZeekControl/__init__.py
> +lib/zeek/python/zeekctl/ZeekControl/cmdresult.py
> +lib/zeek/python/zeekctl/ZeekControl/config.py
> +lib/zeek/python/zeekctl/ZeekControl/control.py
> +lib/zeek/python/zeekctl/ZeekControl/cron.py
> +lib/zeek/python/zeekctl/ZeekControl/doc.py
> +lib/zeek/python/zeekctl/ZeekControl/events.py
> +lib/zeek/python/zeekctl/ZeekControl/exceptions.py
> +lib/zeek/python/zeekctl/ZeekControl/execute.py
> +lib/zeek/python/zeekctl/ZeekControl/install.py
> +lib/zeek/python/zeekctl/ZeekControl/lock.py
> +lib/zeek/python/zeekctl/ZeekControl/node.py
> +lib/zeek/python/zeekctl/ZeekControl/options.py
> +lib/zeek/python/zeekctl/ZeekControl/plugin.py
> +lib/zeek/python/zeekctl/ZeekControl/pluginreg.py
> +lib/zeek/python/zeekctl/ZeekControl/printdoc.py
> +lib/zeek/python/zeekctl/ZeekControl/ssh_runner.py
> +lib/zeek/python/zeekctl/ZeekControl/state.py
> +lib/zeek/python/zeekctl/ZeekControl/util.py
> +lib/zeek/python/zeekctl/ZeekControl/utilcurses.py
> +lib/zeek/python/zeekctl/ZeekControl/version.py
> +lib/zeek/python/zeekctl/ZeekControl/zeekcmd.py
> +lib/zeek/python/zeekctl/ZeekControl/zeekctl.py
> +lib/zeek/python/zeekctl/plugins/TestPlugin.py
> +lib/zeek/python/zeekctl/plugins/lb_custom.py
> +lib/zeek/python/zeekctl/plugins/lb_myricom.py
> +lib/zeek/python/zeekctl/plugins/lb_pf_ring.py
> +lib/zeek/python/zeekctl/plugins/ps.py
> +lib/zeek/python/zeekctl/plugins/zeek_port_warning.py
> +lib/zeek/python/zeekctl/plugins/zzz_af_packet.py
> %%ZEEKCTL%%man/man1/trace-summary.1.gz
> man/man1/zeek-cut.1.gz
> man/man8/zeek.8.gz
> %%ZEEKCTL%%man/man8/zeekctl.8.gz
> +share/btest/data/Scripts/README
> +share/btest/data/Scripts/canonify-zeek-log
> +share/btest/data/Scripts/canonify-zeek-log-sorted
> +share/btest/data/Scripts/diff-remove-abspath
> +share/btest/data/Scripts/diff-remove-timestamps
> +share/btest/data/Scripts/diff-sort
> +share/btest/data/Scripts/run-zeek
> +share/btest/data/Scripts/spicy-version
> +share/btest/data/Scripts/zeek-version
> share/btest/data/random.seed
> share/btest/scripts/diff-canonifier
> share/btest/scripts/diff-canonifier-external
> +share/btest/scripts/diff-canonifier-spicy
> share/btest/scripts/diff-clean-doctest
> share/btest/scripts/diff-remove-abspath
> share/btest/scripts/diff-remove-fields
> share/btest/scripts/diff-remove-file-ids
> share/btest/scripts/diff-remove-fractions
> share/btest/scripts/diff-remove-openclose-timestamps
> +share/btest/scripts/diff-remove-spicy-abspath
> share/btest/scripts/diff-remove-timestamps
> share/btest/scripts/diff-remove-timestamps-and-sort
> share/btest/scripts/diff-remove-uids
> @@ -1311,6 +1316,9 @@ share/btest/scripts/diff-sort
> share/btest/scripts/diff-sort-and-remove-abspath
> share/btest/scripts/diff-sort-conn-service
> share/btest/scripts/diff-sort-set-elements
> +share/btest/scripts/spicy/diff-remove-abspath
> +share/btest/scripts/spicy/diff-remove-timestamps
> +share/btest/scripts/spicy/diff-sort
> %%SPICY%%share/hilti/hilti.hlt
> %%SPICY%%share/spicy/filter.spicy
> %%SPICY%%share/spicy/spicy-driver-host.cc
> @@ -1322,6 +1330,7 @@ share/btest/scripts/diff-sort-set-elements
> %%DATADIR%%/base/bif/bloom-filter.bif.zeek
> %%DATADIR%%/base/bif/cardinality-counter.bif.zeek
> %%DATADIR%%/base/bif/comm.bif.zeek
> +%%DATADIR%%/base/bif/communityid.bif.zeek
> %%DATADIR%%/base/bif/const.bif.zeek
> %%DATADIR%%/base/bif/data.bif.zeek
> %%DATADIR%%/base/bif/event.bif.zeek
> @@ -1355,7 +1364,6 @@ share/btest/scripts/diff-sort-set-elements
> %%DATADIR%%/base/bif/plugins/Zeek_FileExtract.events.bif.zeek
> %%DATADIR%%/base/bif/plugins/Zeek_FileExtract.functions.bif.zeek
> %%DATADIR%%/base/bif/plugins/Zeek_FileHash.events.bif.zeek
> -%%DATADIR%%/base/bif/plugins/Zeek_Finger.events.bif.zeek
> %%DATADIR%%/base/bif/plugins/Zeek_GSSAPI.events.bif.zeek
> %%DATADIR%%/base/bif/plugins/Zeek_GTPv1.events.bif.zeek
> %%DATADIR%%/base/bif/plugins/Zeek_GTPv1.functions.bif.zeek
> @@ -1440,18 +1448,12 @@ share/btest/scripts/diff-sort-set-elements
> %%DATADIR%%/base/bif/plugins/Zeek_SSL.events.bif.zeek
> %%DATADIR%%/base/bif/plugins/Zeek_SSL.functions.bif.zeek
> %%DATADIR%%/base/bif/plugins/Zeek_SSL.types.bif.zeek
> -%%SPICY%%%%DATADIR%%/base/bif/plugins/Zeek_Spicy.consts.bif.zeek
> -%%SPICY%%%%DATADIR%%/base/bif/plugins/Zeek_Spicy.events.bif.zeek
> -%%SPICY%%%%DATADIR%%/base/bif/plugins/Zeek_Spicy.functions.bif.zeek
> -%%DATADIR%%/base/bif/plugins/Zeek_Syslog.events.bif.zeek
> %%DATADIR%%/base/bif/plugins/Zeek_TCP.events.bif.zeek
> %%DATADIR%%/base/bif/plugins/Zeek_TCP.functions.bif.zeek
> %%DATADIR%%/base/bif/plugins/Zeek_TCP.types.bif.zeek
> %%DATADIR%%/base/bif/plugins/Zeek_Teredo.events.bif.zeek
> %%DATADIR%%/base/bif/plugins/Zeek_Teredo.functions.bif.zeek
> %%DATADIR%%/base/bif/plugins/Zeek_UDP.events.bif.zeek
> -%%DATADIR%%/base/bif/plugins/Zeek_Unified2.events.bif.zeek
> -%%DATADIR%%/base/bif/plugins/Zeek_Unified2.types.bif.zeek
> %%DATADIR%%/base/bif/plugins/Zeek_VXLAN.events.bif.zeek
> %%DATADIR%%/base/bif/plugins/Zeek_X509.events.bif.zeek
> %%DATADIR%%/base/bif/plugins/Zeek_X509.functions.bif.zeek
> @@ -1460,6 +1462,7 @@ share/btest/scripts/diff-sort-set-elements
> %%DATADIR%%/base/bif/plugins/Zeek_XMPP.events.bif.zeek
> %%DATADIR%%/base/bif/plugins/__load__.zeek
> %%DATADIR%%/base/bif/reporter.bif.zeek
> +%%DATADIR%%/base/bif/spicy.bif.zeek
> %%DATADIR%%/base/bif/stats.bif.zeek
> %%DATADIR%%/base/bif/store.bif.zeek
> %%DATADIR%%/base/bif/strings.bif.zeek
> @@ -1481,6 +1484,8 @@ share/btest/scripts/diff-sort-set-elements
> %%DATADIR%%/base/files/x509/log-ocsp.zeek
> %%DATADIR%%/base/files/x509/main.zeek
> %%DATADIR%%/base/frameworks/analyzer/__load__.zeek
> +%%DATADIR%%/base/frameworks/analyzer/dpd.zeek
> +%%DATADIR%%/base/frameworks/analyzer/logging.zeek
> %%DATADIR%%/base/frameworks/analyzer/main.zeek
> %%DATADIR%%/base/frameworks/broker/__load__.zeek
> %%DATADIR%%/base/frameworks/broker/log.zeek
> @@ -1502,7 +1507,6 @@ share/btest/scripts/diff-sort-set-elements
> %%DATADIR%%/base/frameworks/control/__load__.zeek
> %%DATADIR%%/base/frameworks/control/main.zeek
> %%DATADIR%%/base/frameworks/dpd/__load__.zeek
> -%%DATADIR%%/base/frameworks/dpd/main.zeek
> %%DATADIR%%/base/frameworks/files/__load__.zeek
> %%DATADIR%%/base/frameworks/files/magic/__load__.zeek
> %%DATADIR%%/base/frameworks/files/magic/archive.sig
> @@ -1580,6 +1584,10 @@ share/btest/scripts/diff-sort-set-elements
> %%DATADIR%%/base/frameworks/signatures/main.zeek
> %%DATADIR%%/base/frameworks/software/__load__.zeek
> %%DATADIR%%/base/frameworks/software/main.zeek
> +%%DATADIR%%/base/frameworks/spicy/__load__.zeek
> +%%DATADIR%%/base/frameworks/spicy/init-bare.zeek
> +%%DATADIR%%/base/frameworks/spicy/init-framework.zeek
> +%%DATADIR%%/base/frameworks/spicy/main.zeek
> %%DATADIR%%/base/frameworks/sumstats/__load__.zeek
> %%DATADIR%%/base/frameworks/sumstats/cluster.zeek
> %%DATADIR%%/base/frameworks/sumstats/main.zeek
> @@ -1600,6 +1608,8 @@ share/btest/scripts/diff-sort-set-elements
> %%DATADIR%%/base/frameworks/supervisor/api.zeek
> %%DATADIR%%/base/frameworks/supervisor/control.zeek
> %%DATADIR%%/base/frameworks/supervisor/main.zeek
> +%%DATADIR%%/base/frameworks/telemetry/__load__.zeek
> +%%DATADIR%%/base/frameworks/telemetry/main.zeek
> %%DATADIR%%/base/frameworks/tunnels/__load__.zeek
> %%DATADIR%%/base/frameworks/tunnels/main.zeek
> %%DATADIR%%/base/init-bare.zeek
> @@ -1635,13 +1645,21 @@ share/btest/scripts/diff-sort-set-elements
> %%DATADIR%%/base/packet-protocols/iptunnel/main.zeek
> %%DATADIR%%/base/packet-protocols/linux_sll/__load__.zeek
> %%DATADIR%%/base/packet-protocols/linux_sll/main.zeek
> +%%DATADIR%%/base/packet-protocols/linux_sll2/__load__.zeek
> +%%DATADIR%%/base/packet-protocols/linux_sll2/main.zeek
> +%%DATADIR%%/base/packet-protocols/llc/__load__.zeek
> +%%DATADIR%%/base/packet-protocols/llc/main.zeek
> %%DATADIR%%/base/packet-protocols/main.zeek
> %%DATADIR%%/base/packet-protocols/mpls/__load__.zeek
> %%DATADIR%%/base/packet-protocols/mpls/main.zeek
> %%DATADIR%%/base/packet-protocols/nflog/__load__.zeek
> %%DATADIR%%/base/packet-protocols/nflog/main.zeek
> +%%DATADIR%%/base/packet-protocols/novell_802_3/__load__.zeek
> +%%DATADIR%%/base/packet-protocols/novell_802_3/main.zeek
> %%DATADIR%%/base/packet-protocols/null/__load__.zeek
> %%DATADIR%%/base/packet-protocols/null/main.zeek
> +%%DATADIR%%/base/packet-protocols/pbb/__load__.zeek
> +%%DATADIR%%/base/packet-protocols/pbb/main.zeek
> %%DATADIR%%/base/packet-protocols/ppp_serial/__load__.zeek
> %%DATADIR%%/base/packet-protocols/ppp_serial/main.zeek
> %%DATADIR%%/base/packet-protocols/pppoe/__load__.zeek
> @@ -1650,6 +1668,8 @@ share/btest/scripts/diff-sort-set-elements
> %%DATADIR%%/base/packet-protocols/root/main.zeek
> %%DATADIR%%/base/packet-protocols/skip/__load__.zeek
> %%DATADIR%%/base/packet-protocols/skip/main.zeek
> +%%DATADIR%%/base/packet-protocols/snap/__load__.zeek
> +%%DATADIR%%/base/packet-protocols/snap/main.zeek
> %%DATADIR%%/base/packet-protocols/tcp/__load__.zeek
> %%DATADIR%%/base/packet-protocols/tcp/main.zeek
> %%DATADIR%%/base/packet-protocols/teredo/__load__.zeek
> @@ -1684,6 +1704,9 @@ share/btest/scripts/diff-sort-set-elements
> %%DATADIR%%/base/protocols/dns/__load__.zeek
> %%DATADIR%%/base/protocols/dns/consts.zeek
> %%DATADIR%%/base/protocols/dns/main.zeek
> +%%DATADIR%%/base/protocols/finger/__load__.zeek
> +%%DATADIR%%/base/protocols/finger/main.zeek
> +%%DATADIR%%/base/protocols/finger/spicy-events.zeek
> %%DATADIR%%/base/protocols/ftp/__load__.zeek
> %%DATADIR%%/base/protocols/ftp/dpd.sig
> %%DATADIR%%/base/protocols/ftp/files.zeek
> @@ -1715,6 +1738,8 @@ share/btest/scripts/diff-sort-set-elements
> %%DATADIR%%/base/protocols/modbus/main.zeek
> %%DATADIR%%/base/protocols/mqtt/__load__.zeek
> %%DATADIR%%/base/protocols/mqtt/consts.zeek
> +%%DATADIR%%/base/protocols/mqtt/dpd.sig
> +%%DATADIR%%/base/protocols/mqtt/main.zeek
> %%DATADIR%%/base/protocols/mysql/__load__.zeek
> %%DATADIR%%/base/protocols/mysql/consts.zeek
> %%DATADIR%%/base/protocols/mysql/main.zeek
> @@ -1771,6 +1796,7 @@ share/btest/scripts/diff-sort-set-elements
> %%DATADIR%%/base/protocols/syslog/__load__.zeek
> %%DATADIR%%/base/protocols/syslog/consts.zeek
> %%DATADIR%%/base/protocols/syslog/main.zeek
> +%%DATADIR%%/base/protocols/syslog/spicy-events.zeek
> %%DATADIR%%/base/protocols/tunnels/__load__.zeek
> %%DATADIR%%/base/protocols/tunnels/dpd.sig
> %%DATADIR%%/base/protocols/xmpp/__load__.zeek
> @@ -1796,19 +1822,15 @@ share/btest/scripts/diff-sort-set-elements
> %%DATADIR%%/base/utils/thresholds.zeek
> %%DATADIR%%/base/utils/time.zeek
> *** 132 LINES SKIPPED ***