CHANGES

1.8.0-16 | 2024-01-22 10:05:00 -0700

  * Make BIFs just return ValPtr directly instead of BifReturnVal (Tim Wojtulewicz, Corelight)

1.8.0-14 | 2023-11-06 13:32:55 -0700

  * Update .git-blame-ignore-revs (Tim Wojtulewicz, Corelight)

  * Reformat Bifcl in Spicy style (Tim Wojtulewicz, Corelight)

1.8.0-11 | 2023-08-03 09:36:59 -0700

  * Remove usage of FindRequiredPackage (Tim Wojtulewicz, Corelight)

1.8.0-9 | 2023-07-02 14:51:55 -0700

  * Add /J flag on Windows to force unsigned char (Tim Wojtulewicz, Corelight)

  * Pass -funsigned-char flag during compilation (Tim Wojtulewicz, Corelight)

1.8.0-6 | 2023-06-22 11:02:37 -0700

  * Force -std=c++17 mode for cmake targets, remove use of RequireCXX17.cmake (Tim Wojtulewicz, Corelight)

  * Require CMake 3.15.0 to build, similar to the recent changes to zeek and broker (Tim Wojtulewicz, Corelight)

1.8.0-2 | 2023-05-31 14:24:15 +0200

  * Remove vendored CMake files from repo (Tim Wojtulewicz, Corelight)

1.8.0 | 2023-05-23 10:52:35 -0700

  * Update submodule(s) [nomail] [skip ci] (Tim Wojtulewicz, Corelight)

1.7.0-11 | 2023-04-19 19:28:13 +0200

  * Render runtime type checks for var_args bifs (Arne Welzel, Corelight)

    Currently, Zeek disables any static type checking for var_arg bifs.
    However, the generated preamble for var_args bifs assume that
    typed positional arguments are correctly typed and blindly calls
    the type converters on them. This easily triggers abort()s at runtime
    currently when a script mistakenly uses the wrong types for var_arg
    bifs. For example, calling publish_rr() with a port instead of a string
    causes a hard-abort with Zeek 5.0.8.

        $ zeek -e 'Cluster::publish_rr(Cluster::Pool(), 80/tcp)'
        fatal error in <no location>: Val::CONVERTER (port/string) (80/tcp)
        Aborted (core dumped)

    Extend bifcl so that for var_arg functions and the types that bifcl understands,
    we render a runtime type check and explicit early return to avoid the abort().
    For any/other types, the implementer of the bif continuous to be responsible
    for type checking.

    This isn't solving the var_args situation generally, but avoids some
    ad-hoc fixes trickling in current bif implementations.

    Some references:

    https://github.com/zeek/zeek/issues/1523
    https://github.com/zeek/zeek/issues/2425
    https://github.com/zeek/zeek/issues/2935
    https://github.com/zeek/zeek/pull/2950

  * GH-25: builtin-func.l: Allow more than just one additional component (Arne Welzel, Corelight)

    I'm not sure why this was restricted to only two components,
    the following appears functional in Zeek scripts.

        module A::B::C;

        export {
          type MyRecord: record {
            a: string;
          };
        }

    Closes #25.

1.7.0-7 | 2023-02-27 09:33:13 -0700

  * Other minor cleanups (Tim Wojtulewicz, Corelight)

  * Use bools for boolean comparisons (Tim Wojtulewicz, Corelight)

  * Use nullptrs for pointer initializations (Tim Wojtulewicz, Corelight)

1.7.0-3 | 2023-02-22 07:33:15 -0700

  * Include stdint.h early to prevent redefinition of int type macros (Tim Wojtulewicz)

  * Remove argument from BIFCL_LSAN_DISABLE macro to fix warning on Windows (Tim Wojtulewicz)

1.7.0 | 2023-02-01 15:42:00 -0700

  * Tag version 1.7.0 (Tim Wojtulewicz, Corelight)

1.6.2-28 | 2022-12-14 14:54:23 -0700

  * Adjust CodeQL setup to bifcl (Christian Kreibich, Corelight)

    First real foray into CodeQL and I'm pretty underwhelmed. The warnings are
    either noise or in bison-generated code, which would be nice to whitelist,
    except CodeQL gives no way to exclude files for compiled code, and you cannot
    control alerts in-code. So the only mechanisms remaining are crude wholesale
    suppression via the config file, and dismissal in the UI, for which there are
    insufficient options (I went for "won't fix" for these).

1.6.2-21 | 2022-10-26 08:47:22 -0700

  * Only adding subdir if running standalone (Tomer Lev)

  * Adding support for libunistd. Also adding pragma guard for the right arch (Tomer Lev)

  * Add libunistd submodule [nomail] [skip ci] (Tim Wojtulewicz, Corelight)

1.6.2-17 | 2022-10-24 08:08:44 -0700

  * Add pre-commit github workflow (Tim Wojtulewicz, Corelight)

  * Add pre-commit configuration and run it on everything (Tim Wojtulewicz, Corelight)

  * Add clang-format and run it on everything (Tim Wojtulewicz, Corelight)

1.6.2-12 | 2022-10-18 14:27:38 -0700

  * Bumped cmake submodule commit (Tomer Lev)

  * Adapted bifcl to compile with MSVC for Windows environment. (Elad Solomon)

1.6.2-9 | 2022-10-13 13:58:34 -0500

  * Use full path to filename in #line directives in generated code (Tim Wojtulewicz, Corelight)

    This fixes the DWARF information gets output by the compiler, and allows debuggers
    to use the full path name to display contextual information when a session stops
    inside of BIF code.

1.6.2-7 | 2022-09-28 10:08:51 +0200

  * GH-15: Keep zeekygen comments close to their definitions (Benjamin
    Bannier, Corelight)

1.6.2-4 | 2022-07-12 13:55:23 -0700

  * Remove remaining uses of Bro naming (Tim Wojtulewicz, Corelight)

  * Deprecate bro_int_t and bro_uint_t (Tim Wojtulewicz, Corelight)

  * Keep make dist from deleting all paths containing 'build' [skip ci] (Tim Wojtulewicz, Corelight)

1.6.2 | 2022-06-01 09:29:50 -0700

  * Release 1.6.2 

1.6.1-3 | 2022-02-07 10:04:10 -0700

  * trimmed & regularized some minor variable naming (Vern Paxson, Corelight)

1.6.1 | 2021-12-10 09:38:56 -0700

  * Update cmake submodule to latest master (Tim Wojtulewicz, Corelight)

1.6.0-2 | 2021-11-23 13:50:42 -0700

  * Allow analyzer to be passed as nullptr for enqueue methods (Tim Wojtulewicz, Corelight)

    This allows the methods to be used in contexts where the analyzer ID
    is not available or when the ID doesn't matter, such as in packet
    analyzers.

1.6.0 | 2021-07-06 08:55:36 -0700

  * Update cmake submodule pointer (Tim Wojtulewicz, Corelight)

1.5.0-14 | 2021-07-06 08:52:10 -0700

  * Updates for building Zeek as a subproject (Seth Hall, Corelight)

1.5.0-12 | 2021-04-29 10:44:10 -0700

  * Rename Session::ConnVal() to Session::GetVal() (Tim Wojtulewicz, Corelight)

1.5.0-10 | 2021-03-17 13:44:12 -0700

  * Prevent use of LeakSanitizer on FreeBSD (Jon Siwek, Corelight)

1.5.0-8 | 2021-01-29 21:05:13 -0800

  * GH-1377: Add missing zeek/ to generated header includes (Jon Siwek, Corelight)

1.5.0-6 | 2021-01-29 16:37:13 -0800

  * Remove v4.1 deprecation warnings (Tim Wojtulewicz, Corelight)

1.5.0-4 | 2021-01-21 10:03:42 -0700

  * support for new FileVal class (Vern Paxson, Corelight)

1.5.0 | 2020-12-04 11:14:48 -0800

  * Release 1.5.0.

1.4.0-19 | 2020-12-02 11:04:01 -0800

  * Update minimum required CMake to 3.5 (Jon Siwek, Corelight)

  * Postpone initialization of constants for subdir BIFs (Jon Siwek, Corelight)

1.4.0-11 | 2020-08-26 11:20:13 -0700

  * Rename bro-bif.h to zeek-bif.h (Tim Wojtulewicz, Corelight)

1.4.0-9 | 2020-08-21 08:30:47 -0700

  * Move __RegisterBif from zeek::detail::plugin to zeek::plugin::detail (Tim Wojtulewicz, Corelight)

  * SOURCE_LOCAL is part of the zeek::util::detail namespace now (Tim Wojtulewicz, Corelight)

1.4.0-6 | 2020-08-01 09:14:45 -0700

  * Move Connection to zeek namespace (Tim Wojtulewicz, Corelight)

  * Move BifReturnVal to zeek::detail namespace (Tim Wojtulewicz, Corelight)

  * Move event code to zeek namespace, rename mgr to event_mgr (Tim Wojtulewicz, Corelight)

  * Move BroFile to zeek namespace, rename to File (Tim Wojtulewicz, Corelight)

  * Move base analyzer classes to zeek namespace (Tim Wojtulewicz, Corelight)

1.4.0 | 2020-07-23 10:10:53 -0700

  * Release 1.4.0

1.3.0-54 | 2020-07-03 23:55:07 -0700

  * Ensure strncpy null-termination (Jon Siwek, Corelight)

  * Fix stringop-truncation compiler warning (Jon Siwek, Corelight)

1.3.0-52 | 2020-07-02 19:22:22 -0700

  * Add zeek:: namespace to val_mgr usage (Tim Wojtulewicz, Corelight)

  * Move BuiltinFunc to zeek namespace (Tim Wojtulewicz, Corelight)

  * Move Frame to the zeek::detail namespace (Tim Wojtulewicz, Corelight)

  * Move all Val classes to the zeek namespaces (Tim Wojtulewicz, Corelight)

  * Move IntrusivePtr to the zeek namespace (Tim Wojtulewicz, Corelight)

1.3.0-44 | 2020-06-11 23:11:52 -0700

  * Update namespace for *Type classes (Tim Wojtulewicz, Corelight)

  * Update namespace for plugin::Plugin and plugin::BifItem classes (Tim Wojtulewicz, Corelight)

  * Update namespace for __RegisterBif function (Tim Wojtulewicz, Corelight)

1.3.0-39 | 2020-06-03 13:18:47 -0700

  * Use new TimeVal/DoubleVal subclass ctors (Jon Siwek, Corelight)

1.3.0-37 | 2020-06-01 19:24:32 -0700

  * Include Func.h in files during build (Tim Wojtulewicz, Corelight)

1.3.0-35 | 2020-06-01 10:58:45 -0700

  * Change constructor for BroFile args (Jon Siwek, Corelight)

  * Switch zeek::id::lookup to zeek::id::find (Jon Siwek, Corelight)

  * Use zeek::BifEvent:: for enqueue_ functions instead of BifEvent::

    The old BifEvent::generate_ functions were already deprecated (Jon Siwek, Corelight)

  * Deprecate BifFunc:: declarations, replace with zeek::BifFunc::

    Also changes name of function slightly, example: bro_fmt -> fmt_bif. (Jon Siwek, Corelight)

  * Deprecate names in BifConst, replace with zeek::BifConst

    Some Val* types are also replaced with IntrusivePtr (Jon Siwek, Corelight)

  * Deprecate all BroType* in BifType:: namespace

    Replaced with equivalently named IntrusivePtr in zeek::BifType:: (Jon Siwek, Corelight)

  * Change internal_handler() usage (Jon Siwek, Corelight)

  * Renaming/scoping of lookup functions (Jon Siwek, Corelight)

  * Replace deprecated use of internal_const_val() (Jon Siwek, Corelight)

  * Update deprecated use of internal_type() (Jon Siwek, Corelight)

1.3.0-20 | 2020-04-24 16:17:33 -0700

  * Deprecate BifEvent::generate_*, add BifEvent::enqueue_* (Jon Siwek, Corelight)

  * Update deprecated Connection::BuildConnVal usage (Jon Siwek, Corelight)

  * Return nullptr instead of 0 in BIF error conditions (Jon Siwek, Corelight)

  * Update deprecated ValManager::Get usages (Jon Siwek, Corelight)

  * Change BIFs to return a wrapper object

    That allows implicit conversion from either Val* or IntrusivePtr<T> (Jon Siwek, Corelight)

1.3.0-13 | 2020-04-16 13:50:22 -0700

  * Remove use of Variable-Length-Arrays (Jon Siwek, Corelight)

1.3.0-11 | 2020-04-13 14:53:11 -0700

  * Support multiple/alternate event prototype definitions (Jon Siwek, Corelight)

1.3.0-9 | 2020-04-01 13:13:23 -0700

  * Don't pass a TimerMgr to EventMgr::Enqueue() (Jon Siwek, Corelight)

  * Use EventMgr::Enqueue() instead of QueueEventFast() (Jon Siwek, Corelight)

  * Move BIF function arguments from val_list to vector of IntrusivePtr (Jon Siwek, Corelight)

1.3.0-1 | 2020-02-10 12:00:31 -0800

  * Fix header include guards (Jon Siwek, Corelight)

1.3.0 | 2020-02-05 21:28:12 -0800

  * Release 1.3.0

1.2-14 | 2020-01-03 09:53:56 -0700

  * Disable LeakSanitizer

    Related to https://github.com/zeek/zeek/issues/699 (Jon Siwek, Corelight)

1.2-9 | 2019-10-28 17:58:16 -0700

  * Move CMake project() after cmake_minimum_required() (Jon Siwek, Corelight)

  * Move headers into include/ subdir (Jon Siwek, Corelight)

    This avoids potential problems with libc++ 8+ on case-insensitive file
    systems due to inclusion of a new header called <version> which will end
    up conflicting with the VERSION file if the search path includes the
    project root.

1.2 | 2019-06-12 15:01:17 -0700

  * Release 1.2.

1.1-19 | 2019-06-12 15:01:04 -0700

  * Rename directories from bro to zeek (Daniel Thayer)

1.1-16 | 2019-05-20 19:38:17 -0700

  * Rename Bro to Zeek (Daniel Thayer)

  * Update codegen to use faster val_list and event queue API (Jon Siwek, Corelight)

1.1-10 | 2019-04-16 11:48:09 -0700

  * Change file extension of auto-generated script files to .zeek (Daniel Thayer)

  * Use ValManager for creating Vals (Jon Siwek, Corelight)

  * Update submodules to use github.com/zeek (Jon Siwek, Corelight)

1.1 | 2018-08-31 15:23:21 -0500

  * Add Makefile (Jon Siwek, Corelight)

1.0-1 | 2018-07-24 01:58:34 +0000

  * Fix compiler warning. (Robin Sommer, Corelight)

1.0 | 2018-07-24 01:54:16 +0000

  * bifcl is a now a separate project, starting CHANGES.