Upcoming patch release bug fixes

[jsiwek]

A collection of bugs/backports to potentially address in upcoming patch releases (e.g. 4.0.x). They get marked done when they are confirmed/backported into a release branch (e.g. release/4.0).

Zeek 7.0.2

• [] https://github.com/zeek/zeek/pull/3854 / https://github.com/zeek/zeek/pull/3920 (missed for 7.0.1)

Zeek 6.0.7

[jsiwek]

Past releases:

Zeek 7.0.1

• [x] https://github.com/zeek/zeek/pull/3864
• [x] https://github.com/zeek/zeek/pull/3859
• [x] https://github.com/zeek/zeek/pull/3897
• [x] https://github.com/zeek/zeek/pull/3896
• [x] https://github.com/zeek/zeek/pull/3903
• [x] https://github.com/zeek/zeek/issues/3894
• [x] https://github.com/zeek/zeek/pull/3891
• [x] https://github.com/zeek/zeek-aux/issues/57

Zeek 6.0.6

• [x] https://github.com/zeek/zeek/pull/3864
• [x] https://github.com/zeek/zeek/pull/3897
• [x] https://github.com/zeek/zeek/pull/3903

Zeek 6.0.5

• [x] https://github.com/zeek/zeek/pull/3710
• [x] https://github.com/zeek/pysubnettree/pull/38 (requires bump in zeekctl)
• [x] https://github.com/zeek/broker/pull/422

Zeek 6.2.1

• [x] https://github.com/zeek/broker/pull/398
• [x] https://github.com/zeek/zeek/pull/3706
• [x] https://github.com/zeek/zeek/pull/3693
• [x] https://github.com/zeek/zeek/pull/3691
• [x] https://github.com/zeek/zeek/pull/3690

Zeek 6.0.4

• [x] https://github.com/zeek/zeek/pull/3621
• [x] https://github.com/google/highwayhash/pull/122 (would be nice, but I'm not sure when that's merged)
• [x] https://github.com/zeek/zeek/pull/3706
• [x] https://github.com/zeek/zeek/pull/3693
• [x] https://github.com/zeek/zeek/pull/3691
• [x] https://github.com/zeek/broker/pull/398
• [x] https://github.com/zeek/zeek/pull/3690

Zeek 6.1.1

• [x] https://github.com/zeek/package-manager/issues/171
• [x] https://github.com/zeek/zeek/pull/3428 (TBD, but seems reasonable and was user-reported and user-fixed)
• [x] https://github.com/zeek/zeek/pull/3454 (TBD)
• [x] https://github.com/zeek/zeek/pull/3423
• [x] https://github.com/zeek/zeek/pull/3465
• [x] https://github.com/zeek/zeek/pull/3469
• [x] https://github.com/zeek/broker/pull/382
• [x] https://github.com/zeek/zeekctl/pull/61 (zeekctl not functioning on Fedora 39)
• [x] https://github.com/zeek/zeek/pull/3511
• [x] https://github.com/zeek/cmake/pull/104 (community found)
• [x] https://github.com/zeek/cmake/pull/103 (slightly annoying for CXX_LINK users)
• [x] https://github.com/zeek/zeek/pull/3537
• [x] https://github.com/zeek/zeek/pull/3541
• [x] https://github.com/zeek/zeek/pull/3565

Zeek 6.0.3

• [x] https://github.com/zeek/zeek/pull/3428 (TBD, but seems reasonable and was user-reported and user-fixed)
• [x] https://github.com/zeek/zeek/pull/3454 (TBD)
• [x] https://github.com/zeek/zeek/pull/3423
• [x] https://github.com/zeek/zeek/pull/3465
• [x] https://github.com/zeek/zeek/pull/3469
• [x] https://github.com/zeek/broker/pull/382
• [x] https://github.com/zeek/zeekctl/pull/61 (zeekctl not functioning on Fedora 39)
• [x] https://github.com/zeek/zeek/pull/3511
• [x] https://github.com/zeek/cmake/pull/104 (community found)
• [x] https://github.com/zeek/cmake/pull/103 (slightly annoying for CXX_LINK users)
• [x] https://github.com/zeek/zeek/pull/3537
• [x] https://github.com/zeek/zeek/pull/3541
• [x] https://github.com/zeek/zeek/pull/3565

Zeek 6.0.2

• [x] https://github.com/zeek/zeek/pull/3292
• [x] https://github.com/zeek/cmake/pull/92
• [x] https://github.com/zeek/zeek/pull/3302 (https://github.com/corelight/zeekjs/pull/72, https://github.com/corelight/zeekjs/pull/73, https://github.com/corelight/zeekjs/pull/74)
• [x] https://github.com/zeek/zeek/issues/3309 (and follow-up https://github.com/zeek/zeek/pull/3336)
• [x] https://github.com/zeek/zeek/issues/3342
• [x] zeek/spicy#1557
• [x] #3323
• [x] https://github.com/zeek/zeek/pull/3394
• [x] https://github.com/zeek/zeek/pull/3393 / https://github.com/zeek/zeek/pull/3401
• [x] https://github.com/zeek/zeek/pull/3400

Zeek 6.0.1

• [x] https://github.com/zeek/zeek/pull/3152
• [x] Nice-to-have: https://github.com/zeek/zeek/issues/3153
• [x] Nice-to-have: https://github.com/zeek/cmake/pull/84
• [x] https://github.com/zeek/zeek/pull/3165
• [x] https://github.com/zeek/zeek/pull/3173
• [x] https://github.com/zeek/zeek/issues/3175
• [x] https://github.com/zeek/zeek/pull/3158
• [x] https://github.com/zeek/zeek/pull/3206 (reported/found by user on Slack)
• [x] https://github.com/zeek/zeek/pull/3213 (same as #3206 but for TCP, thanks Johanna)
• [x] https://github.com/zeek/zeek/pull/3226
• [x] https://github.com/zeek/zeek/issues/3028 (if considered safe and worth it - reported to be hit by users on Slack)
• [x] https://github.com/zeek/zeek/issues/3242
• [x] https://github.com/zeek/zeek/pull/3269
• [x] https://github.com/zeek/zeek/pull/3273

[timwoj]

Zeek 3.0.14

• [x] Fix null-pointer dereference when encountering an invalid enum name in a config/input file that tries to read it into a set[enum] https://github.com/zeek/zeek/issues/1487 https://github.com/zeek/zeek/pull/1488

Zeek 3.0.13

• [x] MIME sub-entities overwriting top-level header values cause misleading SMTP log https://github.com/zeek/zeek/pull/1365 https://github.com/zeek/zeek/issues/1352
• [x] Fix major_subsys_version field in pe_optional_header event https://github.com/zeek/zeek/pull/1401
• [x] Fix ASCII Input reader's treatment of input files containing null-bytes https://github.com/zeek/zeek/issues/1398 https://github.com/zeek/zeek/commit/a636f8edbd903d3710ec4d7e06b8bb0d68d8aab9

Zeek 3.2.4

• [x] MIME sub-entities overwriting top-level header values cause misleading SMTP log https://github.com/zeek/zeek/pull/1365 https://github.com/zeek/zeek/issues/1352
• [x] Fix major_subsys_version field in pe_optional_header event https://github.com/zeek/zeek/pull/1401
• [x] Fix ASCII Input reader's treatment of input files containing null-bytes https://github.com/zeek/zeek/issues/1398 https://github.com/zeek/zeek/commit/a636f8edbd903d3710ec4d7e06b8bb0d68d8aab9

Zeek 3.0.12

• [x] Incorrect ICMP Neighbor Discovery Option length calculation https://github.com/zeek/zeek/issues/1225 https://github.com/zeek/zeek/pull/1228

• [x] Fix SMB2 response status parsing https://github.com/zeek/zeek/pull/1311 https://github.com/zeek/zeek/commit/0b8535b879f1028d556b415ddccded27762e47c2 https://github.com/zeek/zeek/commit/07c4662dc4552ecd4d5b237de331c7b9ab369080

• [x] Fix excessive connection_status_update events for ICMP connections https://github.com/zeek/zeek/pull/1322

Zeek 3.2.3

• [x] Fix EDNS ECS option parsing bugs (stack-overflow / security issue) https://github.com/zeek/zeek/commit/01f1344bcbb9d40b2b2fd9c6220c72e0011a1620

• [x] Incorrect ICMP Neighbor Discovery Option length calculation https://github.com/zeek/zeek/issues/1225 https://github.com/zeek/zeek/pull/1228

• [x] Fix memory leak in deprecated Analyzer::ConnectionEvent() https://github.com/zeek/zeek/pull/1294

• [x] Fix SMB2 response status parsing https://github.com/zeek/zeek/pull/1311 https://github.com/zeek/zeek/commit/0b8535b879f1028d556b415ddccded27762e47c2 https://github.com/zeek/zeek/commit/07c4662dc4552ecd4d5b237de331c7b9ab369080

• [x] Fix excessive connection_status_update events for ICMP connections https://github.com/zeek/zeek/pull/1322

Zeek 3.0.11

• [x] Fix incorrect RSTOS0 conn_state determinations https://github.com/zeek/zeek/issues/1164 https://github.com/zeek/zeek/pull/1166

• [x] Fix multipart MIME leak of sub-part found after closing-boundary https://github.com/zeek/zeek/commit/98ae204fc0623984405fc3b2ed9eab8cc50d3ac3

Zeek 3.2.2

• [x] Fix incorrect RSTOS0 conn_state determinations https://github.com/zeek/zeek/issues/1164 https://github.com/zeek/zeek/pull/1166

• [x] Fix multipart MIME leak of sub-part found after closing-boundary https://github.com/zeek/zeek/commit/98ae204fc0623984405fc3b2ed9eab8cc50d3ac3

Zeek 3.0.10

• [x] Fix compilation due to use of C++17 nested namespaces https://github.com/zeek/zeek/commit/54ac0b47dc3ee8866a5bf37f3e094f75c69d3a08

Zeek 3.0.9

• [x] Fix Input Framework 'change' events for 'set' destinations https://github.com/zeek/zeek/issues/1083 https://github.com/zeek/zeek/pull/1087

• [x] Fix reported body-length of HTTP messages w/ sub-entities https://github.com/zeek/zeek/pull/1107

Zeek 3.2.1

• [x] Exclude installing "zeek -> ." include dir symlink https://github.com/zeek/zeek/commit/bc3df067376ea80232f57393e69c84a6e045212d

• [x] Fix build for PowerPC architecture https://github.com/zeek/zeek/issues/1150 https://github.com/zeek/zeek/commit/e8efab541b49e8202c3896f9219334788e45d40e https://github.com/zeek/zeek/commit/05f7e3fa4353a30a8b105c551f5cacb4f7ff49aa

• [x] Fix ftp data-channel minimization function not returning a value https://github.com/zeek/zeek/issues/1120

• [x] Fix zeek -NN not printing canonical file analyzer names https://github.com/zeek/zeek/pull/1136

• [x] Fix closing timestamp of rotated log files in supervised-cluster mode https://github.com/zeek/zeek/commit/99d9a3a48c9c2469d6bc8f58add43901ab901901

Zeek 3.0.8

• [x] Fix DHCP Client ID Option misformat for Hardware Type 0 https://github.com/zeek/zeek/pull/1003

• [x] Fix/allow copying/cloning of opaque of Broker::Store https://github.com/zeek/zeek/pull/1028

• [x] Fix ConnPolling memory over-use https://github.com/zeek/zeek/pull/1035

• [x] Fix compress_path not normalizing some paths correctly https://github.com/zeek/zeek/issues/1041 https://github.com/zeek/zeek/pull/1050 https://github.com/zeek/zeek/commit/38cd56a3dba076c625045c2b433b5f956ed118c9

• [x] Fix integer conversion error for Tag subtypes/enums https://github.com/zeek/zeek/issues/1062 https://github.com/zeek/zeek/pull/1064

• [x] Fix bro_prng() results not staying within modulus https://github.com/zeek/zeek/issues/1076 https://github.com/zeek/zeek/commit/0f4eb9af0265a256a567ba4203950269b4b52d28

• [x] Prevent providing a 0 seed to bro_prng() since the LCG parameters don't allow that https://github.com/zeek/zeek/issues/1076 https://github.com/zeek/zeek/commit/887b53b7f330ad93b090d6be0c4733690a58ff89

Zeek 3.1.5

• [x] Fix DHCP Client ID Option misformat for Hardware Type 0 https://github.com/zeek/zeek/pull/1003

• [x] Fix/allow copying/cloning of opaque of Broker::Store https://github.com/zeek/zeek/pull/1028

• [x] Fix ConnPolling memory over-use https://github.com/zeek/zeek/pull/1035

• [x] Fix compress_path not normalizing some paths correctly https://github.com/zeek/zeek/issues/1041 https://github.com/zeek/zeek/pull/1050

• [x] Fix integer conversion error for Tag subtypes/enums https://github.com/zeek/zeek/issues/1062 https://github.com/zeek/zeek/pull/1064

• [x] Fix bro_prng() results not staying within modulus https://github.com/zeek/zeek/issues/1076 https://github.com/zeek/zeek/commit/0f4eb9af0265a256a567ba4203950269b4b52d28

• [x] Prevent providing a 0 seed to bro_prng() since the LCG parameters don't allow that https://github.com/zeek/zeek/issues/1076 https://github.com/zeek/zeek/commit/887b53b7f330ad93b090d6be0c4733690a58ff89

• [x] Fix mishandling of getrandom() to seed RNG (caused unrandom/deterministic RNG -- opposite of what's desired/intended) https://github.com/zeek/zeek/issues/1076 https://github.com/zeek/zeek/commit/dba764386b38a5b4ac974eb74f142c6ae107acb0

Zeek 3.0.7

• [x] Limit rate of logging MaxMind DB diagnostic messages https://github.com/zeek/zeek/pull/963

• [x] Fix wrong return value type for topk_get_top() BIF https://github.com/zeek/zeek/pull/996

• [x] Fix opaque Broker types lacking a Type after (de)serialization https://github.com/zeek/zeek/pull/984

• [x] Fix lack of descriptive printing for intervals converted from double_to_interval() https://github.com/zeek/zeek/pull/994/commits/e17487e79910fee1bb7ced30446dda0fdf4bcae4

• [x] Fix some cases of known-services not being logged https://github.com/zeek/zeek/pull/965 https://github.com/zeek/zeek/commit/2f918ed9b24ae3aca2a7c36bf5b539e0a49b2f96

Zeek 3.1.4

• [x] Fix compilation on Fedora 32 (GCC 10.0.1) https://github.com/zeek/zeek/commit/695457fe44c4adfbf2edab955fee0074ef365980

• [x] Fix crash when using some deprecated environment variables https://github.com/zeek/zeek/commit/1c08be1c0f89e9a8437ee230fbdbcd306485847b

• [x] Fix use on CentOS 6 (Linux kernel < 3.8) https://github.com/mheily/libkqueue/commit/8707307ec5e09792782916205fb8de4f52ed24bb

• [x] Limit rate of logging MaxMind DB diagnostic messages https://github.com/zeek/zeek/pull/963

• [x] Fix wrong return value type for topk_get_top() BIF https://github.com/zeek/zeek/pull/996

• [x] Fix opaque Broker types lacking a Type after (de)serialization https://github.com/zeek/zeek/pull/984

• [x] Fix lack of descriptive printing for intervals converted from double_to_interval() https://github.com/zeek/zeek/pull/994/commits/e17487e79910fee1bb7ced30446dda0fdf4bcae4

• [x] Fix some cases of known-services not being logged https://github.com/zeek/zeek/pull/965 https://github.com/zeek/zeek/commit/2f918ed9b24ae3aca2a7c36bf5b539e0a49b2f96

Zeek 3.0.6

• [x] Fix unusable subscriber.poll() method in Broker Python bindings https://github.com/zeek/broker/pull/110
• [x] Fix missing default function for Kerberos constant-lookup-tables https://github.com/zeek/zeek/pull/918
• [x] Fix uninitialized field access in ssl/log-hostcerts-only.zeek https://github.com/zeek/zeek/pull/916
• [x] Fix cloning of TypeType values https://github.com/zeek/zeek/pull/933
• [x] Fix buffer over-read in Ident analyzer https://github.com/zeek/zeek/pull/925
• [x] Remove misleading error message on empty bloomfilter lookup https://github.com/zeek/zeek/pull/930
• [x] Fix misc/stats.zeek skipping log entry on termination https://github.com/zeek/zeek/commit/ccdaf5f111936d9c7e6c23995eab1e5f41872894
• [x] Fix SSL scripting error leading to uninitialized field access https://github.com/zeek/zeek/commit/b749dda5205f1b01aeee03c5874acae7c543f0c5
• [x] Fix POP3 analyzer global buffer over-read https://github.com/zeek/zeek/commit/280bf567865d8ff6353f85d8863a6bc85dd9afd1
• [x] Fix potential stack overflows due to use of Variable-Length-Arrays Parts of https://github.com/zeek/zeek/pull/912
  • BIFs bytestring_to_hexstr() and hexstr_to_bytestring()
  • socks-analyzer.pac: array_to_string()
  • SMB, NTLM, and RDP analyzers use of utf16_bytestring_to_utf8_val()
  • smb-strings.pac: uint8s_to_stringval() and extract_string()

Zeek 3.1.3

• [x] Fix unusable subscriber.poll() method in Broker Python bindings https://github.com/zeek/broker/pull/110
• [x] Fix missing default function for Kerberos constant-lookup-tables https://github.com/zeek/zeek/pull/918
• [x] Fix uninitialized field access in ssl/log-hostcerts-only.zeek https://github.com/zeek/zeek/pull/916
• [x] Fix cloning of TypeType values https://github.com/zeek/zeek/pull/933
• [x] Fix buffer over-read in Ident analyzer https://github.com/zeek/zeek/pull/925
• [x] Remove misleading error message on empty bloomfilter lookup https://github.com/zeek/zeek/pull/930
• [x] Fix misc/stats.zeek skipping log entry on termination https://github.com/zeek/zeek/commit/ccdaf5f111936d9c7e6c23995eab1e5f41872894
• [x] Fix SSL scripting error leading to uninitialized field access https://github.com/zeek/zeek/commit/b749dda5205f1b01aeee03c5874acae7c543f0c5
• [x] Fix POP3 analyzer global buffer over-read https://github.com/zeek/zeek/commit/280bf567865d8ff6353f85d8863a6bc85dd9afd1
• [x] Fix potential stack overflows due to use of Variable-Length-Arrays Parts of https://github.com/zeek/zeek/pull/912
  • BIFs bytestring_to_hexstr() and hexstr_to_bytestring()
  • socks-analyzer.pac: array_to_string()
  • SMB, NTLM, and RDP analyzers use of utf16_bytestring_to_utf8_val()
  • smb-strings.pac: uint8s_to_stringval() and extract_string()
• [x] Offline pcap processing no longer initializes network_time before first events after zeek_init get dispatched https://github.com/zeek/zeek/commit/1b190906c7c2e26dad058176ac969f513e5e391f
• [x] Ensure time moves forward when suspending a pcap file IO source https://github.com/zeek/zeek/pull/950

Zeek 3.0.5

This release is the same as v3.0.4, but additionally fixes compilation on various platforms with older compiler, e.g. GCC 4.8.x (see patch at 3ad1976)

Zeek 3.1.2

• [x] Fix use-after-free in Zeek lambda functions with uninitialized locals https://github.com/zeek/zeek/issues/845
• [x] Fix buffer overflow due to tables/records created at parse-time not rebuilt on record redef https://github.com/zeek/zeek/pull/860
• [x] Fix SMB NegotiateContextList parsing https://github.com/zeek/zeek/pull/869
• [x] Fix binpac flowbuffer frame length parsing doing too much bounds checking https://github.com/zeek/zeek/pull/873
• [x] Fix parsing ERSPAN III optional sub-header https://github.com/zeek/zeek/commit/42dc2906afaa3b07aebb8dd8474d1fc8510e8d50
• [x] Fix bug in intel indicator normalization https://github.com/zeek/zeek/pull/883
• [x] Fix connection duration thresholding https://github.com/zeek/zeek/pull/899
• [x] Fix using patterns as table/set indices https://github.com/zeek/zeek/pull/902
• [x] Fix X509Common.h header include for external plugins https://github.com/zeek/zeek/commit/c83567246ee9d86ca695787821172e3ebe00884a
• [x] Fix incorrect targeting of node-specific Broker/Cluster messages https://github.com/zeek/zeek/commit/ce9183a2ed776e3815ecb3e7b89eb0a7e43852b2 https://github.com/zeek/broker/commit/0d04bf43131ade7000506711cbe43c068dab2471
• [x] Fix stack overflow in POP3 analyzer https://github.com/zeek/zeek/commit/bb3250c28ea6600ec82dd4d98186d15de1572901

Zeek 3.0.4

• [x] Fix use-after-free in Zeek lambda functions with uninitialized locals https://github.com/zeek/zeek/issues/845
• [x] Fix buffer overflow due to tables/records created at parse-time not rebuilt on record redef https://github.com/zeek/zeek/pull/860
• [x] Fix SMB NegotiateContextList parsing https://github.com/zeek/zeek/pull/869
• [x] Fix binpac flowbuffer frame length parsing doing too much bounds checking https://github.com/zeek/zeek/pull/873
• [x] Fix parsing ERSPAN III optional sub-header https://github.com/zeek/zeek/commit/42dc2906afaa3b07aebb8dd8474d1fc8510e8d50
• [x] Fix bug in intel indicator normalization https://github.com/zeek/zeek/pull/883
• [x] Fix connection duration thresholding https://github.com/zeek/zeek/pull/899
• [x] Fix X509Common.h header include for external plugins https://github.com/zeek/zeek/commit/c83567246ee9d86ca695787821172e3ebe00884a
• [x] Fix incorrect targeting of node-specific Broker/Cluster messages https://github.com/zeek/zeek/commit/ce9183a2ed776e3815ecb3e7b89eb0a7e43852b2 https://github.com/zeek/broker/commit/0d04bf43131ade7000506711cbe43c068dab2471
• [x] Fix stack overflow in POP3 analyzer https://github.com/zeek/zeek/commit/bb3250c28ea6600ec82dd4d98186d15de1572901

Zeek 3.1.1

• [x] run-time script errors do not pop global frame/call stack 36557f3086c95f079aa3e69c26a34adeb493c73f
• [x] wrong bro symlink in binary packaging mode b324fecc0d247830189ef895dae77531af6bc9dd
• [x] potential high CPU load due to race in Broker data stores https://github.com/zeek/broker/pull/97
• [x] install full rapidjson include tree, otherwise some external plugins may not compile 0d97d3f0c44fb506942b6df72f75a8613d8164ab

Zeek 3.0.3

• [x] run-time script errors do not pop global frame/call stack 36557f3086c95f079aa3e69c26a34adeb493c73f
• [x] wrong bro symlink in binary packaging mode b324fecc0d247830189ef895dae77531af6bc9dd
• [x] potential high CPU load due to race in Broker data stores https://github.com/zeek/broker/pull/97

Zeek v3.0.2

• [x] paraglob v0.3.1
  • [x] use-after-free in paraglob: zeek/paraglob@d65dd0a
  • [x] invalid memory read in paraglob: zeek/paraglob@ac86ce76ac86f0ca9cd43aad74bb7b6043319fb1
  • [x] paraglob compile failure due to non-standard VLA usage: https://github.com/zeek/paraglob/commit/903b5cf852c6d92cd885fef838e92386d8ee58f2
• [x] Broker v1.2.5
  • [x] improve Broker python binding Event validity checks: https://github.com/zeek/broker/commit/2d9f4742618116e8591a37fe6c16ea2eef7269cf via https://github.com/zeek/broker/pull/86
  • [x] misleading Broker debug/error output: https://github.com/zeek/broker/pull/84/commits/0d136d187fef2b720ce3a85d7df34ab166f0edfd
• [x] backport the Cirrus CI config (for better coverage of macOS/FreeBSD): cd9fec7bdbf3b039627ac636ca01c0d5e82a1061, 52f97c7e457017d05790e01ff134ef6e00c2f027, 84e3bc7aca0234b8d5d6db7b55e246334a2da005
• [x] malloc/delete mismatch in JSON formatting: c0d6eb9efbc133c320a963729e99251d4b6952e3
• [x] leak in OCSP parsing when using OpenSSL 1.1: 2fbcf23f767797d321d7239f5260d16a25b16eb1
• [x] leak in Kerberos ticket decryption: 53fadb2bb0e9a165dac3899290282236f770be68
• [x] leak when table-based input stream overwrites old entry: 3742e5601c7390aacd1f8ce59b054e0090d7524a
• [x] leak in packet filter functions: a961f0b4c4ad5a365d2078acbacaf6a380997013
• [x] leak in system_env() BIF: 273eb19ff5780d8d823631f906fb2fcf2e81b312
• [x] leak of Log::Filter "config" field: bf05add5423cdeedddad21c07b08a3a65ce98431
• [x] leak in Reporter::get_weird_sampling_whitelist() BIF: 3b6a2a5f4ebb04dda32f7f35fad4ed603d226a6d
• [x] leaks in input framework error-handling cases: 6f5f7df9705e7eff95b88203b2b4ee95d52d55b8
• [x] leak when a plugin prevents a log write operation: 09578c6176e5be2f794ebbfc323ef517e45131e9
• [x] leaks due to reference-counting issues in lambdas/closures: 44d922c4b5
  • [x] possibly further lambda/closure issues will be patched via #725 (PR #735) (fix not reviewed yet)
  • [x] possible other lambda/closure issues via #734 (no fix yet)
• [x] NTLM field access scripting error: 80469a1fde28ba4413843c43fb9a88c38e651a3c via #728
• [x] Plugin API returning reference to temporary: ae9e79969e9d2a9de659dbc1fc81a2c94c67f54c
• [x] file analysis scripting error via #737: d9ed76c90a899b852d9b33adc96cf1a6741b6dba
• [x] fix error handling in decode_base64(): e34562df4870eb0fc380f8e99b16f1d21a0fd472
  • [x] exposed by above, handle invalid Base64 in FTP ADAT via #739: 1db7a222a02e30bf8faefd6140cb68d2f65a0b72
• [x] inconsistent &priority for Log::create_stream() calls: 7a748526c05f473dd9a1f03db14421c88bf16cb4 via #746
• [x] fix SMB transaction data string handling: c75519ca8869448efc488598090f96d63352312f via #747
• [x] skip file analysis for zero-length data coming form SSL/TLS analysis: f939bcad7e433fe61c560a05bfc12731b08315d1 via #748 (weirds also added in merge commit ad18014bed5d72ae246ab4a66e4bf78cd619bfe7)
• [x] improve FTP word/whitespace handling: fce4bb3f5018d41dcbc9526820df682367059c67 via #749
• [x] improve Kerberos address and event handling: 069eedb736e4e50666373cc490339b04ccc84b1b via #753
• [x] binpac cross-compilation configuration fix: d33613c2a5e2c76412b2bd7be462a133432f24b9 via #768
• [x] fix miss-formatted input lines preventing future file parsing: #777 (nice-to-have, but strictly needed, so skipped as the backporting list this release got a bit long)
• [x] fix indefinite log buffering: 43e54c7930a1286447d97a7f4696232b54d1491c via #781
• [x] ssh analyzer assertion/leak 98c50531bca01f7f1aea71530b62aa41b6be0dc4 via #792
• [x] Dictionary::Clear() didn't reset number of entries: 1e499b08318ec87afd9956ad518c91c6390e0c21
• [x] leak in DNS TSIG parsing: dd377fffba04ab3fdd4601befd59a10090c48aeb
• [x] leak when creating input streams which use &type_column: 51970c256b159a2bb16eb70b3200878533bf2bf9

[timwoj]

Zeek 4.0.8

• [x] ARP, Modbus, IP packet conversion, and DNS security issues

Zeek 4.0.7

• [x] https://github.com/zeek/zeek/issues/1751 (backport from 4.2)
• [x] DNS Security Issue

Zeek 4.2.2

• [x] DNS Security Issue

Zeek 4.0.6

• [x] https://github.com/zeek/zeek/pull/2040
• [x] https://github.com/zeek/zeek/pull/2020 (just the first commit https://github.com/zeek/zeek/commit/18fe9d84f602c90724dcec0e349789932ab9f931)
• [x] https://github.com/zeek/zeek/pull/2055

Zeek 4.2.1

• [x] https://github.com/zeek/zeek/pull/2042
• [x] https://github.com/zeek/zeek/pull/2020 (just the first commit 18fe9d84f602c90724dcec0e349789932ab9f931)
• [x] https://github.com/zeek/zeek/pull/2024
• [x] https://github.com/zeek/zeek/pull/2025
• [x] https://github.com/zeek/zeek/pull/2050
• [x] https://github.com/zeek/zeek/pull/2043
• [x] https://github.com/zeek/zeek/pull/2040
• [x] https://github.com/zeek/gen-zam/pull/1 (directly in src/script_opt/ZAM/Gen-ZAM.cc, since not yet in a submodule)
• [x] https://github.com/zeek/zeek/pull/2055

Zeek 4.0.5

• [x] Make update-traces fail when the curl invocation fails https://github.com/zeek/zeek/pull/1579
• [x] #1809
• [x] #1817
• [x] https://github.com/zeek/zeek/pull/1877
• [x] https://github.com/zeek/zeek/pull/1569
• [x] https://github.com/zeek/zeek/pull/1924

Zeek 4.0.4

• [x] Bump Highwayhash submodule to fix FreeBSD 14 build problem https://github.com/zeek/zeek/pull/1680
• [x] Ensure that time gets updated every read loop if reading live traffic https://github.com/zeek/zeek/pull/1690
• [x] Fix a potential infinite loop in RotationTimer https://github.com/zeek/zeek/pull/1711
• [x] Fix crash when running zeekctl status with StatusCmdShowAll = 1 configured https://github.com/zeek/zeek/pull/1734
• [x] Fix a potential evasion of the HTTP analyzer https://github.com/zeek/zeek/pull/1691
• [x] Fix ignore_checksum_nets not working with multiple subnets https://github.com/zeek/zeek/pull/1778 https://github.com/zeek/zeek/commit/802dfd80c13c9c882a68dd9c41e67e8451c59031
• [x] https://github.com/zeek/zeek/issues/1753

Zeek 4.1.1

• [x] Fix looping over vectors with holes https://github.com/zeek/zeek/pull/1765
• [x] Fix ignore_checksum_nets not working with multiple subnets https://github.com/zeek/zeek/pull/1778 https://github.com/zeek/zeek/commit/802dfd80c13c9c882a68dd9c41e67e8451c59031
• [x] Ensure that time gets updated every read loop if reading live traffic https://github.com/zeek/zeek/pull/1690
• [x] Fix crash when running zeekctl status with StatusCmdShowAll = 1 configured https://github.com/zeek/zeek/pull/1734
• [x] https://github.com/zeek/zeek/issues/1753

Zeek 4.0.3

• [x] Bump Highwayhash to fix FreeBSD build problem

  1591

• [x] Deprecate Stepping Stone events https://github.com/zeek/zeek/pull/1604
• [x] Robustness improvements to the input framework's handling of unset fields

  1605

• [x] Crash related to broker python bindings when running zeekctl https://github.com/zeek/broker/issues/187 https://github.com/zeek/zeek/pull/1646 https://github.com/zeek/broker/pull/191

Zeek 4.0.2

• [x] Fix heap-use-after-free after clear_table() on a table that uses expiration attributes https://github.com/zeek/zeek/commit/d51bd4bc4675d4d7234da0d11e31dbede5efe17c
• [x] Add fatal error for if table/Dictionary state ever becomes invalid since the behavior becomes unexpected/unclear at that point (e.g. when table bucket positions become large enough to overflow their 16-bit storage due to aggressive expiration-check settings preventing the re-positioning items) https://github.com/zeek/zeek/commit/292e3e18a3691d835b2d52ab8462a90ae47b0ae7
• [x] Fix potential Undefined Behavior in decode_netbios_name() and decode_netbios_name_type() BIFs (the later also has a potential heap-buffer-overread). https://github.com/zeek/zeek/pull/1533
• [x] Add missing "zeek/" to header includes, which can prevent external plugins from compiling against Zeek source-tree (e.g. via ./configure --zeek-dist=) https://github.com/zeek/zeek/pull/1549
• [x] Fix reading empty set[enum] values and any vector of enum values from config files https://github.com/zeek/zeek/issues/1555 https://github.com/zeek/zeek/issues/1558 https://github.com/zeek/zeek/issues/1559
• [x] Fix type-checks related to list-type equality https://github.com/zeek/zeek/issues/1296 https://github.com/zeek/zeek/pull/1358
• [x] Build --enable-mobile-ipv6 on CI https://github.com/zeek/zeek/pull/1526
• [x] Replace toupper() usages in netbios decoding BIFs https://github.com/zeek/zeek/pull/1563
• [x] Add some extra length checking when parsing mobile ipv6 packets https://github.com/zeek/zeek/commit/54271657a838fc0ed822e2c75e0c1f5593877cef

Zeek 4.0.1

• [x] Fix mime type detection bug in IRC/FTP file_transferred event for file data containing null-bytes https://github.com/zeek/zeek/pull/1430
• [x] Fix potential for missing timestamps in SMB logs https://github.com/zeek/zeek/pull/1436
• [x] Remove use of LeakSanitizer API on FreeBSD where it's unsupported https://github.com/zeek/zeek/pull/1440
• [x] Fix incorrect parsing of ERSPAN Type I https://github.com/zeek/zeek/pull/1445 https://github.com/zeek/zeek/commit/f53fb9a22e1ad5aa1ebdf726f241c9cad0ceeb32
• [x] Fix incorrect/overflowed n value for SSL_Heartbeat_Many_Requests notices where number of server heartbeats is greater than number of client heartbeats. https://github.com/zeek/zeek/issues/1454 https://github.com/zeek/zeek/pull/1459 https://github.com/zeek/zeek/commit/c23e3ca1056c03be347da6163a8e447670ce06b1
• [x] Fix missing user_agent existence check in smtp/software.zeek (causes reporter.log error noise, but no functional difference) https://github.com/zeek/zeek/pull/1455 https://github.com/zeek/zeek/commit/83d5b44462722c5571b33eb6bcb0491af90cccc7
• [x] Fix include order of bundled headers to avoid conflicts with pre-existing/system-wide installs https://github.com/zeek/zeek/pull/1465
• [x] Fix musl build (e.g. Void, Alpine, etc.) https://github.com/zeek/zeek/pull/1469 https://github.com/zeek/zeek/commit/2ad482535ee36c99d7f9ea3bcd3077cb9c81bc78
• [x] Fix null-pointer dereference when encountering an invalid enum name in a config/input file that tries to read it into a set[enum] https://github.com/zeek/zeek/issues/1487 https://github.com/zeek/zeek/pull/1488
• [x] Fix build with -DENABLE_MOBILE_IPV6 / ./configure --enable-mobile-ipv6 https://github.com/zeek/zeek/issues/1493 https://github.com/zeek/zeek/pull/1495
• [x] Add check for null packet data in pcap IOSource, which is an observed state in Myricom libpcap that crashes Zeek via null-pointer dereference https://github.com/zeek/zeek/pull/1498
• [x] Allow CRLF line-endings in Zeek scripts and signature files https://github.com/zeek/zeek/issues/1497 https://github.com/zeek/zeek/pull/1499
• [x] Fix armv7 build https://github.com/zeek/zeek/issues/1496 https://github.com/zeek/zeek/issues/1502
• [x] Fix unserialization of set[function], generally now used by connection record removal hooks, and specifically breaking intel.log of Zeek clusters https://github.com/zeek/zeek/issues/1506 https://github.com/zeek/zeek/pull/1513
• [x] Fix indexing of set/table types with a vector https://github.com/zeek/zeek/pull/1514
• [x] Fix precision loss in ASCII logging/printing of large double, time, or interval values https://github.com/zeek/zeek/issues/1450 https://github.com/zeek/zeek/pull/1494
• [x] Improve handling of invalid SIP data before requests https://github.com/zeek/zeek/issues/1507 https://github.com/zeek/zeek/pull/1511
• [x] Fix copy()/cloning vectors that have holes (indices w/ null values) https://github.com/zeek/zeek/commit/180ab3181f7743cf57b74a2840bd1d701679647b Found as part of https://github.com/zeek/zeek/pull/1512

[timwoj]

Zeek 5.0.10

• [x] https://github.com/zeek/zeek/pull/2848 (https://github.com/zeek/zeek/issues/2846) (should've been included in 5.0.8)
• [x] https://github.com/zeek/zeek/pull/3102
• [x] https://github.com/zeek/zeek/pull/3269
• [x] https://github.com/zeek/zeek/pull/3273

Zeek 5.2.2

• [x] https://github.com/zeek/zeek/pull/2948
• [x] https://github.com/zeek/zeek-af_packet-plugin/issues/60 (af-packet)
• [x] https://github.com/zeek/zeek-af_packet-plugin/pull/56 (af-packet, will get when bumping for the above)
• [x] https://github.com/zeek/zeek-docs/pull/184

Zeek 5.0.9

• [x] https://github.com/zeek/zeek/issues/2974 / https://github.com/zeek/spicy/issues/1416
• [x] https://github.com/zeek/zeek/pull/2995
• [x] https://github.com/zeek/zeek/pull/3009
• [x] https://github.com/zeek/zeek-docs/pull/184

Zeek 5.2.1

• [x] https://github.com/zeek/zeek/pull/2831
• [x] https://github.com/zeek/cmake/pull/63
• [x] https://github.com/zeek/zeek/pull/2848 (https://github.com/zeek/zeek/issues/2846)
• [x] https://github.com/zeek/zeek/pull/2839 (ja3 has been fixed, we may ditch this one)
• [x] Bump spicy plugin to v1.5.2+
• [x] https://github.com/zeek/zeek/pull/2870
• [x] https://github.com/zeek/zeek/pull/2859
• [x] https://github.com/zeek/zeek/pull/2778
• [x] https://github.com/zeek/zeek/pull/2912
• [x] https://github.com/zeek/zeek/pull/2907
• [x] https://github.com/zeek/zeek/pull/2913 (TBD, but can be leveraged to significantly lower CPU usage in low-packet-rate environments with non-selectable packet sources)
• [x] https://github.com/zeek/zeek/pull/2927

Zeek 5.0.8

• [x] https://github.com/zeek/zeek/pull/2831
• [x] https://github.com/zeek/zeekctl/pull/51
• [x] https://github.com/zeek/zeek/pull/2821
• [x] https://github.com/zeek/zeek/issues/2700
• [x] https://github.com/zeek/zeek/pull/2851
• [x] https://github.com/zeek/zeek/pull/2863
• [x] https://github.com/zeek/zeek/pull/2864
• [x] Bump spicy-plugin to v1.3.26+
• [x] https://github.com/zeek/zeek/pull/2835
• [x] https://github.com/zeek/zeek/pull/2870
• [x] https://github.com/zeek/zeek/pull/2718
• [x] https://github.com/zeek/zeek/pull/2778
• [x] https://github.com/zeek/zeek/pull/2912
• [x] https://github.com/zeek/zeek/pull/2907
• [x] https://github.com/zeek/zeek/pull/2859
• [x] https://github.com/zeek/zeek/pull/2913 (TBD, but can be leveraged to significantly lower CPU usage in low-packet-rate environments with non-selectable packet souces)
• [x] https://github.com/zeek/zeek/pull/2927

Zeek 5.0.7

• [x] https://github.com/zeek/zeek/pull/2769
• [x] https://github.com/zeek/zeek/pull/2774
• [x] https://github.com/zeek/zeek/pull/2746
• [x] https://github.com/zeek/zeek/pull/2754
• [x] https://github.com/zeek/zeek/pull/2780
• [x] https://github.com/zeek/zeek/pull/2790

Zeek 5.1.2

• [x] https://github.com/zeek/zeek/pull/2619 (nice-to-have)
• [x] https://github.com/zeek/zeek/pull/2679
• [x] https://github.com/zeek/zeek/pull/2652
• [x] https://github.com/zeek/zeek/pull/2437 (Important perf fix for tunneled mirror traffic - this was somehow missed. It's in 5.0.x already)
• [x] https://github.com/zeek/zeek/pull/2733
• [x] https://github.com/zeek/zeek/issues/2628
• [x] https://github.com/zeek/zeek/pull/2632
• [x] https://github.com/zeek/zeek/pull/2702
• [x] https://github.com/zeek/zeek/pull/2732
• [x] https://github.com/zeek/zeek-docs/pull/168
• [x] https://github.com/zeek/zeek/issues/2454

Zeek 5.0.6

• [x] https://github.com/zeek/zeek/pull/2619 (nice-to-have)
• [x] https://github.com/zeek/zeek/pull/2652
• [x] https://github.com/zeek/zeek-docs/pull/168
• [x] https://github.com/zeek/zeek/pull/2632
• [x] https://github.com/zeek/zeek/issues/2454
• [x] https://github.com/zeek/zeek/pull/2733

Zeek 5.0.5

• [x] Update broker to 2.3.6 to fix Python 3.11 build failures

Zeek 5.1.1

• [x] https://github.com/zeek/zeek/issues/2389 (partially fixed)

Zeek 5.0.4

• [x] https://github.com/zeek/zeek/issues/2389 (partially fixed)

Zeek 5.1

• [x] https://github.com/zeek/zeek/pull/2506
• [x] https://github.com/zeek/broker/pull/283
• [x] https://github.com/zeek/zeek/pull/2478 (Fixes #2386 and #2387)
• [x] https://github.com/zeek/zeek/pull/2531

Zeek 5.0.3

• [x] https://github.com/zeek/broker/pull/283
• [x] https://github.com/zeek/broker/pull/284
• [x] https://github.com/zeek/zeek/pull/2470
• [x] https://github.com/zeek/zeek-docs/commit/ec1e4e7a9ade415ed44ac568b3aabb7b0dc95ef5 (needs to be pulled back into all of the 5.0 releases)
• [x] https://github.com/zeek/zeek/pull/2478 (Fixes #2386 and #2387)
• [x] https://github.com/zeek/zeek/pull/2502
• [x] https://github.com/zeek/zeek/pull/2437
• [x] https://github.com/zeek/zeek/pull/2434
• [x] https://github.com/zeek/zeek/pull/2506
• [x] https://github.com/zeek/zeek/pull/2531

Zeek 5.0.2

• [x] https://github.com/zeek/broker/pull/275
• [x] https://github.com/zeek/broker/pull/278
• [x] https://github.com/zeek/zeek/pull/2253

Zeek 5.0.1

• [x] https://github.com/zeek/zeek/pull/2233
• [x] https://github.com/zeek/zeek/pull/2256
• [x] https://github.com/zeek/zeek/pull/2244
• [x] https://github.com/zeek/zeek/pull/2288
• [x] Remove spammy reporter log message for IP packets: https://github.com/zeek/zeek/commit/40b1452905c0eed4d96300ce1aaf87a08166e396
• [x] https://github.com/zeek/zeek/issues/2334
• [x] https://github.com/zeek/zeek/pull/2364
• [x] https://github.com/zeek/zeek/pull/2368
• [x] https://github.com/zeek/zeek/pull/2372
• [x] ARP, Modbus, IP packet conversion, and DNS security issues