1.5.2 | 2023-03-10 10:51:12 +0100

  * Release 1.5.2.

1.5.1-2 | 2023-03-10 10:51:00 +0100

  * Fix arg mixup in call `protocol_gap`. (Benjamin Bannier, Corelight)

    We seem to have passed arguments in the wrong order which unfortunately
    compiled successfully due to implicit conversions.

1.5.1 | 2023-03-06 16:41:49 +0100

  * Always finalize removed analyzers. (Benjamin Bannier, Corelight)

    Zeek will eventually call `Done` on e.g., removed analyzers. At that
    point analyzers might still have unprocessed state on their yielded
    fibers, so explicitly `Finish` them to force flushing of that state.

1.5.0-6 | 2023-02-22 15:45:14 +0100

  * GH-123: Remove unnecessary symlink. (Robin Sommer, Corelight)

1.5.0-4 | 2023-02-22 15:09:56 +0100

  * Include zeek-version.h if it exists, zeek/zeek#2776. (Arne Welzel, Corelight)

1.5.0-2 | 2023-02-22 13:09:11 +0100

  * Set `reupload_on_changes` for ccache caches. (Benjamin Bannier, Corelight)

1.4.2-74 | 2023-02-14 16:25:25 +0100

  * Avoid repeated redundant calls to `globals` in generated code. (Benjamin Bannier, Corelight)

1.4.2-72 | 2023-02-14 12:47:22 +0100

  * Remove unnecessary copying when iterating collections. (Benjamin Bannier, Corelight)

1.4.2-70 | 2023-02-13 12:13:34 +0100

  * GH-181: Allow more file system operations to fail. (Benjamin Bannier, Corelight)

    We previously would use the HILTI filesystem API in a couple places
    without taking into account that operation might fail e.g., due to
    insufficient file system permissions. Since we did not explicitly handle
    the errors this lead to an exception escape into the calling process (in
    this case Zeek) which didn't anticipate that either and just aborted.

    With this patch we now should probably handle these cases gracefully as
    well so no more exceptions escape from file system errors.

    Closes #181.

1.4.2-68 | 2023-02-03 16:32:03 +0100

  * Add explicit dependency of spicyz on its runtime files. (Benjamin Bannier, Corelight)

    If spicy-plugin is built as part of Zeek we want to be able to use a
    simple dependency on `spicy` when declaring Spicy analyzers in the Zeek
    tree (this is in fact exactly what the macro `spicy_add_analyzer` does).
    In order for `spicy` to work when built into Zeek we need its runtime
    dependencies like e.g., `zeek_rt.hlt` in place before using it.

    This patch adds an explicit dependency of `spicyz` on
    `copy-zeek-spicy-dist-files` which achieves just that.

1.4.2-66 | 2023-02-03 16:02:28 +0100

  * GH-162: Support hook arguments in EVT files. (Robin Sommer, Corelight)

    Some built-in unit hooks allow to receive parameters. To enable access
    to them inside EVT files, we now support the same syntax there as with
    `on ...` declarations in Spicy source code. For example, to gain
    access to the error message with `%error`:

        on SSH::Banner::%error(msg: string) -> event MyScript::my_event(msg);

1.4.2-64 | 2023-02-03 12:13:57 +0100

  * GH-177: Allow duplicate Zeek-side type registration as long as
    types match. (Robin Sommer, Corelight)

1.4.2-62 | 2023-02-03 12:12:55 +0100

  * Update src/plugin/plugin.cc (Robin Sommer, Corelight)

    Co-authored-by: Benjamin Bannier <bbannier@users.noreply.github.com>

  * GH-177: Allow duplicate Zeek-side type registration as long as types match. (Robin Sommer, Corelight)

    Closes #177.

  * Make it possible to test against a certain Spicy branch. (Benjamin Bannier, Corelight)

1.4.2-57 | 2023-01-31 10:29:56 +0100

  * Teach the plugin to create Zeek types automatically. (Robin
    Sommer, Corelight).

    One can now `export` types in EVT files to have the plugin
    instantiate a corresponding Zeek type automatically, without
    needing to declare it explicitly in a Zeek script. We did this
    already for public `enum` types. The new `export` keyword
    generalizes that for (almost) all types that can be passed to
    Zeek. This is particularly helpful for units, where previously one
    would have had to type out a corresponding `record` type.

    The EVT syntax for this capability is: `export SPICY_ID [as
    Zeek_ID];`, with the optional `as ...` part allowing to map the
    Spicy type to a different Zeek-side ID.

    We retain the automatic exporting of public `enum` types for
    backwards compatibility, at least for now. Non-public enums can
    now be exported as well through the new keyword.

    More documentation on this is forthcoming in the manual.

1.4.2-45 | 2023-01-31 10:27:33 +0100

  * Small README tweaks. (Robin Sommer, Corelight)

  * Fence usage of new Spicy API with version check. (Robin Sommer, Corelight)

  * Remove more code that we no longer need without JIT. (Robin Sommer, Corelight)

  * Remove Markdown from plugin's version message. (Robin Sommer, Corelight)

1.4.2-39 | 2023-01-28 10:58:30 +0100

  * GH-154: Remove JIT support from plugin. (Robin Sommer, Corelight)

    This removes the plugin's capability to compile `*.{spicy,evt,hlt}`
    files on the fly. Analyzers now always need to be pre-compiled with
    `spicyz`.

  * Link plugin only against Spicy runtime libraries. (Robin Sommer, Corelight)

  * Disentangle plugin and compiler code trees. (Robin Sommer, Corelight)

    This moves the plugin code a level down in `include/` and `src/`, and
    separates the two components so that they don't depend on each other
    anymore, both in terms of functionality and code.

1.4.2-32 | 2023-01-27 15:39:28 +0100

  * Port the new `-x` option from `spicyc` to `spicyz`. (Robin Sommer, Corelight)

  * Switch to using Spicy's new `accept_input`/`decline_input` hooks. (Robin Sommer, Corelight)

  * Deprecate `zeek::confirm_protocol()` and `zeek::reject_protocol()`
    in the favor of the Spicy-wide `spicy::accept_input` and
    `spicy::decline_input()`. (Robin Sommer, Corelight)

  * When generating C++ output, unique symbol names by including provided prefix. (Robin Sommer, Corelight)

  * Trigger HILTI runtime's module pre-init phase from plugin. (Robin Sommer, Corelight)

1.4.2-25 | 2023-01-27 12:43:26 +0100

  * Add a script-level constant indicating Spicy availability. (Robin Sommer, Corelight)

    This enables Zeek scripts to test for availability of Spicy through
    `@ifdef ( Spicy::available )`.

1.4.2-23 | 2023-01-27 12:19:58 +0100

  * GH-160: Adapt to Spicy's changes to exception hierarchy. (Robin Sommer, Corelight)

    We now consistently report runtime errors (including actual
    parsing errors) as analyzer violations that will be reported in
    `dpd.log` and, starting eith Zeek 5.2, in `analyzer.log`. We now
    also log excerpts of the offending data there.

  * Report file analysis errors through Zeek's new file violation API available since 5.2.

  * Add BTest alternative for running tests when plugin is built into Zeek. (Robin Sommer, Corelight)

  * Switch to new Spicy API for accessing the HLTO scope. (Robin Sommer, Corelight)

  * For CI, factor out the download URL for the Spicy artifact to use. (Robin Sommer, Corelight)

1.4.2-16 | 2023-01-24 16:18:27 +0100

  * Revert moving Zeek includes out of `zeek-compat.h`. (Robin Sommer,
    Corelight)

1.4.2-14 | 2023-01-09 17:29:42 +0100

  * Push includes from `zeek-compat.h` into actual users. (Benjamin Bannier, Corelight)

  * Update clang-format to sort zeek headers after zeek-spicy headers. (Benjamin Bannier, Corelight)

  * Remove unneeded compat functions and types. (Benjamin Bannier, Corelight)

  * Add explicit Zeek version requirement to package meta. (Benjamin Bannier, Corelight)

  * Bump GH actions. (Benjamin Bannier, Corelight)

  * GH-153: Remove support for zeek-4.x. (Benjamin Bannier, Corelight)

1.4.2-7 | 2023-01-05 18:29:40 +0100

  * GH-150: Only add plugin directory to library paths if not building standalone. (Benjamin Bannier, Corelight)

1.4.2-5 | 2023-01-05 15:42:56 +0100

  * Adjust plugin for changes for zeek/spicy#1326. (Benjamin Bannier, Corelight)

1.4.2-3 | 2022-12-08 12:07:29 +0100

  * Rewrite CI so we can run against zeek-5. (Benjamin Bannier, Corelight)

  * Bump pre-commit hooks. (Benjamin Bannier, Corelight)

1.4.2 | 2022-12-04 17:17:04 +0100

  * GH-1304: Adjust test for fixed gap recovery behavior in Spicy. (Benjamin Bannier, Corelight)

1.4.1 | 2022-11-07 09:57:00 +0100

  * Quote CMake string to ensure correct argument count. (Nic Boet)

1.4.0 | 2022-10-26 14:53:45 +0200

  * Release 1.4.0.

1.3.20-18 | 2022-10-26 14:47:20 +0200

  * Enforce matching versions between analyzers, plugin, and Spicy.
    (Robin Sommer, Corelight)

    - Embed a C function into plugin that encodes its version in the
      name and make analyzers link against it. This will make them
      fail to load if the plugin's version doesn't match what they
      were compiled against.

    - Link against recently added, Spicy-side version function to
      prevent prevent the plugin from loading when the Spicy version
      has changed without a rebuild of the plugin.

  * Remove `--optimize` flag, just as Spicy itself did. (Robin Sommer,
    Corelight)

  * Update README. (Robin Sommer, Corelight)

1.3.20-10 | 2022-10-15 22:07:12 +0200

  * Add support for replacing and toggling packet analyzers. Requires
    Zeek >= 5.2 (current master at the time of this commit). (Robin
    Sommer)

1.3.20-8 | 2022-10-15 22:05:59 +0200

  * Fix spelling of Zeek-side tags for packet analyzers. (Robin
    Sommer, Corelight)

    They used to turn out as `ANALYZER_SPICY__FOO`. Now they are
    `ANALYZER_SPICY_FOO`.

    We also unify how the derivation of the Zeek-side name happens
    across all three types of analyzers. On the Spicy side, analyzer
    names now remain in their original spelling (i.e., `Spicy::Foo`
    instead of `Spicy_Foo`). On the Zeek-side, the name for packet
    analyzers is now `Spicy_Foo` instead of `Spicy::Foo` (that was the
    case for protocol/file analyzers already).

    On the Zeek side, the removal of the double-underscore and the
    name change for packet analyzer is user-visible and could break
    some scripts. It'll most likely be encountered in logs and, more
    importantly, in scripts configuring a packet analyzer through
    calls to `register_packet_analyzer_by_name()` and
    `try_register_packet_analyzer_by_name()`. Calls to the former will
    need to have double-underscores removed, and calls to the latter
    will need to switch from `Spicy::Foo` to `Spicy_Foo`.

  * Allow to use Zeek-side `ANALYZER_*` tags in JIT mode. (Robin
    Sommer, Corelight)

    We had an inconsistency between pre -compiled HLTO files and
    JITing an analyzer by giving Zeek the `*.{evt, spicy}` files
    directly: in the latter case, a Zeek script wasn't able to use the
    `ANALYZER_*` tags, because they weren't defined at script load
    time yet. The reason is that they got registered only once the
    HILTI-side module initialization ran, which for JITed analyzers is
    later than for HLTOs.

    Note that there's still an ordering requirement: the EVT file
    needs to be loaded before the Zeek script using the tag. However,
    that's the same for HLTOs, so that's consistent at least.

  * Add hooks to glue compiler to receive notifications about new
    analyzers. (Robin Sommer, Corelight)

    This enables users of the glue compiler to provide callbacks to
    execute when the glue compiler learns about a new analyzer. We'll
    use this in a subsequent commit.

1.3.20-3 | 2022-10-15 22:02:08 +0200

  * GH-137: Fix analyzer replacement. (Robin Sommer)

    Replacing a Zeek-side analyzer didn't work if (a) the Spicy plugin was
    built into Zeek (like Zeek does by default now), (b) the plugin was
    initialized after that Zeek-side analyzer (which happened with names
    lexicographically sorting after "Spicy"), and (c) the HLTO was loaded
    from the module search path (instead of from the command line).

  * Catch attempts to replace an analyzer with one of a different
    kind. (Robin Sommer)

1.3.20 | 2022-10-14 20:55:34 +0200

  * GH-142: Fix forwarding of struct fields into Zeek event handlers. (Benjamin Bannier, Corelight)

1.3.19 | 2022-10-04 10:37:42 +0200

  * Fix broken format string in debug log. (Benjamin Bannier, Corelight)

1.3.18 | 2022-09-06 09:30:51 +0200

  * GH-132: Prevent passing an invalid session when reporting analyzer violation. (Benjamin Bannier, Corelight)

1.3.17-4 | 2022-08-29 10:04:12 +0200

  * GH-128: Switch bro_int_t to zeek_int_t (Arne Welzel, Corelight)

  * Adjust tests for files.log changes in zeek-5.1. (Benjamin Bannier, Corelight)

1.3.17 | 2022-07-13 09:43:39 +0200

  * Add `CXX_LINK` option to `spicy_add_analyzer` CMake macro. (Benjamin Bannier, Corelight)

  * Add `--cxx-link` flag to `spicyz`. (Benjamin Bannier, Corelight)

1.3.16-3 | 2022-07-12 11:46:19 +0200

  * Add `zeek::weird()` library function to report a Zeek-side
    "weird". (Robin Sommer, Corelight)

  * GH-101: Change how parse errors are reported. (Robin Sommer,
    Corelight)

    Instead of writing them to `weird.log`, they now go through the
    DPD confirmation/violation pipeline for protocol and packet
    analyzers. For file analyzers, we ignore them because Zeek
    currently doesn't have an appropinte reporting mechanism. We also
    track all parse errors inside the debug output so that there's a
    way to confirm what's happening. We now also implicitly raise a
    protocol violation for any parse errors that we couldn't recover
    from.

1.3.16 | 2022-06-28 12:06:41 +0200

  * Pass through value of `-T` spicyz option also to compiler. (Benjamin Bannier, Corelight)

1.3.15 | 2022-06-27 12:55:10 +0200

  * GH-119: Prevent dead symlinks ending up in Zeek binary packaging. (Benjamin Bannier, Corelight)

1.3.14 | 2022-06-24 13:59:17 +0200

  * Add support for loading C++ source files with `spicyz`. (Benjamin Bannier, Corelight)

1.3.13 | 2022-06-07 12:20:28 +0200

  * GH-117: Fix linking against static archives. (Benjamin Bannier, Corelight)

1.3.12 | 2022-06-02 15:50:31 +0200

  * Bump zeek-4.2 CI to zeek-4.2.1. (Benjamin Bannier, Corelight)

  * GH-112: Readd support for `protocol_confirmation`. (Benjamin Bannier, Corelight)

1.3.11-5 | 2022-06-02 14:26:27 +0200

  * Cache JIT results with ccache in CI. (Benjamin Bannier, Corelight)

  * Remove unused CI setup for macos. (Benjamin Bannier, Corelight)

1.3.11-2 | 2022-05-31 20:08:59 +0200

  * Mark spicy_analyzer_for_mime_type with &is_used (Tim Wojtulewicz, Corelight)

1.3.11 | 2022-05-18 11:11:26 +0200

  * Disable Zeek bundled Spicy in CI. (Benjamin Bannier, Corelight)

  * Make names of generated hooks deterministic. (Benjamin Bannier, Corelight)

1.3.10 | 2022-04-29 11:27:21 +0200

  * Fix plugin path plugin as a builtin Zeek plugin. (Benjamin Bannier, Corelight)

  * GH-1164: Initialize language support in newer Spicy. (Benjamin Bannier, Corelight)

  * Make plugin description proper reStructuredText. (Benjamin Bannier, Corelight)

1.3.9-21 | 2022-04-20 09:38:22 +0200

  * Add `terminate_session()` capability to flush all Zeek-side state
    for the current connection. (@luxanna91)

1.3.9-19 | 2022-04-19 15:46:32 +0200

  * Update plugin for Zeek >= 4.2. (Robin Sommer, Corelight)

  * GH-44: Remove support for Zeek 3.x. The required minimum Zeek
    version is now 4.0. (Robin Sommer, Corelight)

 *  GH-44: Rename plugin from _Zeek::Spicy to Zeek::Spicy. This was
    just a work-around in place for Zeek 3.x. (Robin Sommer,
    Corelight)

  * Fix bug triggering an internal error when no
    `{protocol,analyzer}_confirmation` event handler was defined.
    (Robin Sommer, Corelight)

  * Add Zeek 4.2 to CI, remove Zeek 3.0 from CI. (Robin Sommer,
    Corelight)

1.3.9-9 | 2022-04-14 14:56:35 +0200

  * Do not emit events in bare mode. (Benjamin Bannier, Corelight)

    We previously would emit events even in bare mode. With this patch
    we now take advantage of Zeek's new `bare_mode` function if
    available to detect whether we are not in bare mode and only emit
    events in that case. If that function is unavailable we keep the
    old behavior.

  * GH-95: Add support for passing Spicy `structs` to Zeek as records.
    (Benjamin Bannier, Corelight)

  * Fix handling of absent attributes. (Benjamin Bannier, Corelight)

  * Add test for tuple conversion Zeek record. (Benjamin Bannier,
    Corelight)

  * Do not reconfigure already configured CMake project. (Benjamin
    Bannier, Corelight)

  * Give an explicit return type to `protocol_begin`. (Benjamin
    Bannier, Corelight)

1.3.9 | 2022-03-15 15:05:26 +0100

  * GH-97: Add `zeek::conn_id()` runtime function to access Zeek's
    connection tuple. (Robin Sommer, Corelight)

1.3.8 | 2022-03-10 15:54:49 +0100

  * Add test for analyzer recovery from gaps. (Benjamin Bannier, Corelight)

  * Extract gaps in `record-spicy-batch.zeek`. (Benjamin Bannier, Corelight)

  * Pass on even undelivered data. (Benjamin Bannier, Corelight)

    On the Spicy side this will lead to gap chunks to be created will cannot
    be read, but could be used to resynchronize the input.

  * Pass on even data from partial connections. (Benjamin Bannier, Corelight)

    This could trigger parse errors down the line, or if the parser can
    recover, potentially allow it to continue parsing even the partial data.

1.3.7 | 2022-02-02 11:18:53 +0100

  * GH-91: Ignore additional calls protocol_begin() with the same
    analyzer. (Robin Sommer, Corelight)

  * GH-92: Support forwarding to Zeek TCP-level application data from
    a UDP analyzer. (Robin Sommer, Corelight)

1.3.6 | 2021-12-22 10:33:28 +0100

  * GH-86: Extend file analysis API functions to support feeding data
    into multiple files concurrently. (Robin Sommer, Corelight)

    We stay backwards-compatible to the old single-file API by making
    the IDs optional and operating on the most recently created file
    if not specified.

  * Switch file analysis state to stack of files currently in flight. (Robin Sommer, Corelight)

    This commit prepares for feeding data into multiple files concurrently
    by switchting the internal state from representing just a single file to
    a stack of all files currently in flight.

    We do not yet actually make use of the new structure; for now we
    continue to support just a single file from the API perspective.
    Concurrent analysis will be added in the next commit.

1.3.5-2 | 2021-12-22 08:08:10 +0100

  * Make docstring for `network_time` renderable. (Benjamin Bannier, Corelight)

    The previous docstring had incorrect markup so it was absent from the
    generated documentation.

1.3.5 | 2021-12-20 11:11:05 +0100

  * GH-87: Fix `&cxxname` for `file_data_in_at_offset`. (Benjamin Bannier, Corelight)

    We were using an incorrect name for the `&cxxname` of this function
    which caused linker errors; now with the correct name the function can
    be used.

    We also add a basic test for this.

1.3.4-2 | 2021-12-13 10:44:38 +0100

  * Remove duplicate declaration of `file_end`. (Benjamin Bannier, Corelight)

    While this duplicate declaration is inconsequential on the Spicy side, it
    causes issues when generating docs.

1.3.4 | 2021-12-10 10:49:54 +0100

  * GH-76: Add runtime functions to pass data back into Zeek's
    protocol analysis. (Robin Sommer, Corelight)

    This allows to feed data from Spicy into dynamically instantiated
    child analyzers on the Zeek side that will process the input
    through Zeek's standard protocol analysis pipeline (including
    performing DPD if desired).

    The new functions are:

        function protocol_begin(analyzer: optional<string> = Null)
        function protocol_data_in(is_orig: bool, data: bytes) : void
        function protocol_gap(is_orig: bool, offset: uint64, len: uint64) : void
        function protocol_end() : void

    See https://docs.zeek.org/projects/spicy/en/latest/zeek.html#spicy-protocol-begin
    for more.

  * Fix include order. (Robin Sommer, Corelight)

  * Prevent linking against unexpected HILTI/Spicy libraries. (Robin
    Sommer, Corelight)

  * Add display of version numbers when Zeek versions don't match.
    (Robin Sommer, Corelight)

1.3.3-7 | 2021-12-10 09:19:39 +0100

  * Move pre-commit CI check to GH action. (Benjamin Bannier, Corelight)

  * GH-81: Wrap different Zeek tag types (Benjamin Bannier, Corelight)

    As of zeek-4.2 `Tag` types in Zeek got unified. This leads to issues for
    us since we e.g., overload by `Tag` type, or need to be able to handle
    individual `Tag` types differently.

    This patch introduces wrapper types around Zeek `Tag` types.

1.3.3-4 | 2021-11-30 12:47:39 +0100

  * Use pre-commit-provisioned clang-format. (Benjamin Bannier, Corelight)

1.3.3-2 | 2021-11-22 09:44:03 +0100

  * GH-78: Reduce amount of ifdef'd code in headers. (Benjamin Bannier, Corelight)

1.3.3 | 2021-11-19 17:26:58 +0100

  * GH-77: Support `$packet` in EVT files to provide meta data on the
    currently processed packets. (Robin Sommer, Corelight)

    Similar to now `$conn` and `$file` works for protocol/file analyzers,
    `$packet` can be used in EVT files to have packet analyzers pass
    information about the current packet on to Zeek-land. On the Zeek-side,
    `$packet` turns into an instance of Zeek's existing `raw_pkt_hdr` record
    type, with its fields filled in to the degree they have been parsed yet
    (e.g., for a packet analyzer running on top of IP, the IP header
    information will be available).

  * Move `HAVE_PACKET_ANALYZERS` into `config.h`. (Robin Sommer, Corelight)

  * Fix test for current development versions of Zeek. (Robin Sommer,
    Corelight)

  * Fix a couple of existing tests. (Robin Sommer, Corelight)

1.3.2 | 2021-11-09 10:52:20 +0100

  * GH-54: Reset environment variables which might affect CMake builds for zkg. (Benjamin Bannier, Corelight)

1.3.1 | 2021-10-19 14:56:02 +0200

  * GH-71: Bump minimum required Spicy version. (Benjamin Bannier, Corelight)

1.3.0 | 2021-09-29 09:13:09 +0200

  * Release 1.3.0.

1.2.3-26 | 2021-09-29 09:12:55 +0200

  * Fix comment placement. (Benjamin Bannier, Corelight)

  * Add docstrings to CMake functions and macros. (Benjamin Bannier, Corelight)

  * Break overlong strings. (Benjamin Bannier, Corelight)

  * Add COMMENT to targets where possible. (Benjamin Bannier, Corelight)

  * Locally disable cmake-lint for required argument check. (Benjamin Bannier, Corelight)

  * Reformat CMake files with cmake-format. (Benjamin Bannier, Corelight)

  * Update pre-commit hooks. (Benjamin Bannier, Corelight)

1.2.3-18 | 2021-09-22 12:38:28 +0200

  * GH-18: Exercise clang-tidy in CI. (Benjamin Bannier, Corelight)

  * Address `performance` issues flagged by `clang-tidy`. (Benjamin Bannier, Corelight)

  * Add clang-tidy configuration. (Benjamin Bannier, Corelight)

  * Add clang-tidy to image. (Benjamin Bannier, Corelight)

  * Run compiler via ccache if possible. (Benjamin Bannier, Corelight)

  * Remove Bash constructs in Dockerfile. (Benjamin Bannier, Corelight)

1.2.3-11 | 2021-09-22 10:28:11 +0200

  * Add missing header. (Benjamin Bannier, Corelight)

1.2.3-10 | 2021-09-21 12:13:54 +0200

  * Add two options to spicyz. (Robin Sommer, Corelight)

        -g | --disable-optimizations    Disable HILTI-side optimizations of the generated code.
             --skip-validation          Don't validate ASTs (for debugging only).

  * Update to new Spicy-side AST API. (Robin Sommer, Corelight)

1.2.3-8 | 2021-09-20 10:45:16 +0200

  * Share ccache cache in CI where possible. (Benjamin Bannier, Corelight)

  * Fix issues flags by pre-commit hooks. (Benjamin Bannier, Corelight)

  * Fix which files clang-format pre-commit hook runs on. (Benjamin Bannier, Corelight)

  * Add Cirrus CI task exercising pre-commit. (Benjamin Bannier, Corelight)

  * Add clang-format to CI container image. (Benjamin Bannier, Corelight)

1.2.3-2 | 2021-09-15 11:44:18 +0200

  * GH-63: Revert setting a specific branch for Zeek master Cirrus CI job. (Benjamin Bannier, Corelight)

1.2.3 | 2021-09-13 20:01:12 +0200

  * Actually take analyzer name into account when installing scripts. (Benjamin Bannier, Corelight)

1.2.2 | 2021-09-13 09:26:30 +0200

  * GH-53: Expose Zeek's `network_time` in Spicy. (Benjamin Bannier, Corelight)

    This adds a Spicy function `zeek::network_time` which returns Zeek's
    current `network_time` as a Spicy `time`.

1.2.1-2 | 2021-09-13 09:25:21 +0200

  * GH-60: Extend `spicy_add_analyzer` to allow installing additional Zeek scripts. (Benjamin Bannier, Corelight)

    This patch changes `spicy_add_analyzer` to also support specifying
    scripts which should be installed with the plugin. For that we change
    the function to now support named arguments (`NAME`, `SOURCES`, and
    `SCRIPTS`). For now we continue to support the previous format where
    arguments were all unnamed, however this form does not support
    installing scripts.

1.2.1 | 2021-09-07 09:11:12 +0200

  * GH-56: Fix parsing of evt files not ending in newlines. (Benjamin Bannier, Corelight)

1.2.0 | 2021-07-30 16:07:33 +0200

  * Bump minimum Spicy version to 1.2.0. (Benjamin Bannier, Corelight)

1.1.1-18 | 2021-07-17 13:53:19 +0200

  * GH-42: Trigger a notice of file analyzer recursion limit.
    (Benjamin Bannier, Corelight)

  * Update `update-changes` config for new VERSION location. (Robin
    Sommer, Corelight)

1.1.1-15 | 2021-07-17 10:04:53 +0200

  * Reorganize plugin structure to work with Zeek's new
    ``--include-plugins`` option for building the plugin statically
    into Zeek. (Robin Sommer, Corelight)

  * Remove support of Spicy in-tree build, and general cleanup. (Robin
    Sommer, Corelight)

  * Rename the environment variables `SPICY_MODULE_PATH` and
    `SPICY_PLUGIN_OPTIONS` to `ZEEK_SPICY_MODULE_PATH` and
    `ZEEK_SPICY_PLUGIN_OPTIONS`, respectively. (Robin Sommer,
    Corelight)

  * Extend `--print-*` options of `spicyz`. (Robin Sommer, Corelight)

  * Install selected CMake and testing files along with the plugin for
    use by analyzer packages. (Robin Sommer, Corelight)

1.1.1-5 | 2021-07-14 15:54:35 +0200

  * Limit parsers available in EVT files to any coming from the same
    HLTO file. This makes it possible to reuse parsers across HTLOs
    without getting into conflicts. Previously, whether this would
    work was dependent on loading order. (Robin Sommer, Corelight)

  * Make plugin version available to other projects. (Robin Sommer,
    Corelight)

  * Remove outdated parsers from repository. (Benjamin Bannier,
    Corelight)

1.1.1 | 2021-05-31 11:50:02 +0200

  * Make parallel build and test opt-out instead of opt-in. (Benjamin Bannier,
    Corelight)

1.1.0 | 2021-05-27 10:36:38 +0200

  * Add option `Spicy::max_file_depth` to limit maximum recursion of
    file analysis. Default is 5. (Robin Sommer, Corelight)

  * Extend `zeek_file::file_begin() to return the Zeek-side ID of the
    new file. (Robin Sommer, Corelight)

  * Update for current Zeek master. (Robin Sommer, Corelight)

1.0.0 | 2021-05-20 09:25:17 +0200

  * GH-35: Make enums' `Undef` available to Zeek scripts. (Robin
    Sommer, Corelight)

0.99.6 | 2021-04-29 08:55:29 +0000

  * Rework initializing of file meta data. The previous change for
    file-in-file analysis had caused a regression for files coming out
    of connection analysis. (Robin Sommer, Corelight)

  * Fix format string. (Robin Sommer, Corelight)

0.99.5 | 2021-04-28 13:49:42 +0000

  * GH-32: Rename VERSION file to avoid a naming conflict on macOS.
    (Robin Sommer, Corelight)

0.99.4 | 2021-04-27 16:12:27 +0000

  * Provide convenience library unit for passing content into Zeek's
    file analysis. After connecting a `zeek_file::File`` to a sink,
    all data sent to the sink will be passed on to Zeek's file
    analysis. (Robin Sommer, Corelight)

  * Support recursive file analysis so that one can now pass files
    back into Zeek that are coming out of other files. (Robin Sommer,
    Corelight)

  * Disable parallelism during tests. (Benjamin Bannier, Corelight)

  * Request less memory for Cirrus CI tasks. (Benjamin Bannier,
    Corelight)

0.99.3-2 | 2021-04-06 10:54:40 +0000

  * Add note on spicyz to README. (Robin Sommer, Corelight)

0.99.3 | 2021-03-26 08:31:38 +0000

  * Declare `spicyz` as an executable for zkg. (Robin Sommer,
    Corelight)

  * Add support for a custom Zeek scripts directory. The path can be
    printed through `spicyz --print-scripts-dir`, it'll be
    `<libdir>/spicy/zeek/scripts`. If ZEEKPATH is not set explicitly,
    the plugin will add this to Zeek's search path. (Robin Sommer,
    Corelight)

  * Relocate the module directory to `<libdir>/spicy/zeek/modules`.
    (Robin Sommer, Corelight)

0.99.2-15 | 2021-03-25 09:30:46 +0100

  * GH-22: Add EVT syntax for port ranges. (Benjamin Bannier, Corelight)

  * CI updates (Benjamin Bannier, Corelight)

    - Cleanup platforms for zeek-4.0.0 as LTS release.
    - Disable JIT parallelism.
    - Install Spicy from upstream package.

0.99.2-4 | 2021-03-17 16:25:28 +0000

  * Silence clang-tidy. (Robin Sommer, Corelight)

0.99.2-2 | 2021-03-17 08:47:07 +0000

  * Fix pre-commit setup. (Robin Sommer, Corelight)

0.99.2 | 2021-03-16 18:55:33 +0000

  * GH-15: Auto-export Spicy-generated events inside the Zeek
    interpreter. (Robin Sommer, Corelight)

  * Fix up a couple of memory issues. (Robin Sommer, Corelight)

  * Avoid conflicts during testing with otherwise installed analyzers.
    (Robin Sommer, Corelight)

0.99.1 | 2021-03-15 15:27:36 +0000

  * Split CI zkg run into separate test and install steps. (Robin
    Sommer, Corelight)

0.99.0-27 | 2021-03-15 13:21:26 +0000

  * Update README. (Robin Sommer, Corelight)

  * Fix memory management bug with Zeek 3.0. (Robin Sommer, Corelight)

0.99.0-23 | 2021-03-13 07:42:01 +0000

  * Tweak script structure for zkg. (Robin Sommer, Corelight)

  * Add Zeek run with zkg packages to CI check (Robin Sommer,
    Corelight)

0.99.0-20 | 2021-03-12 17:14:30 +0000

  * Fix for Zeek-side registration of Spicy events. (Robin Sommer,
    Corelight)

  * GH-5: Revert "Ensure that Spicy events are always exported inside
    Zeek."

0.99.0-15 | 2021-03-12 07:43:18 +0000

  * GH-1: Add BiFs to enable/disable Spicy analyzers. (Robin Sommer, Corelight)

        global enable_protocol_analyzer: function(tag: Analyzer::Tag) : bool;
    global disable_protocol_analyzer : function(tag : Analyzer::Tag) : bool;
    global enable_file_analyzer : function(tag : Files::Tag) : bool;
#requires Zeek> 4.0 global disable_file_analyzer : function(tag : Files::Tag) : bool;
#requires Zeek> 4.0

    *GH -
            5 : Ensure that Spicy events are always exported inside Zeek.(Robin Sommer, Corelight)

                * Clean up plugin's script structure. (Robin Sommer, Corelight)

                      * Fix CMake issues.(Robin Sommer, Corelight)

                          0.99.0 -
            7 |
        2021 - 03 - 11 13 : 02 : 46 +
            0000

                * Fix a couple of CMake issues.(Robin Sommer, Corelight)

                      0.99.0 -
            1 |
        2021 - 03 - 09 12 : 15 : 54 +
            0000

                * Starting CHANGES.
