From 875c8ea21dc4fcedb56e1576eacc40d54b834064 Mon Sep 17 00:00:00 2001
From: Arne Welzel <arne.welzel@corelight.com>
Date: Mon, 12 Aug 2024 10:20:48 +0200
Subject: [PATCH 1/3] Remove port usage in evt file.

This has been removed in Zeek 7.1. Zeek's base scripts will register
the replaced analyzer.
---
 analyzer/analyzer.evt | 1 -
 1 file changed, 1 deletion(-)

diff --git a/analyzer/analyzer.evt b/analyzer/analyzer.evt
index 1048cf0..507fcb5 100644
--- a/analyzer/analyzer.evt
+++ b/analyzer/analyzer.evt
@@ -3,7 +3,6 @@
 protocol analyzer spicy::HTTP over TCP:
     parse originator with HTTP::Requests,
     parse responder with HTTP::Replies,
-    port 80/tcp,
     replaces HTTP;
 
 import Zeek_HTTP;

From 34b0e4396cd94155abef4ad68366f5fe6edf6ff0 Mon Sep 17 00:00:00 2001
From: Arne Welzel <arne.welzel@corelight.com>
Date: Mon, 12 Aug 2024 10:25:58 +0200
Subject: [PATCH 2/3] Remove dpd.sig.

With replaces being "fixed" with Zeek 7.0 and later, we do not need to
ship a custom dpd.sig anymore. The enable "HTTP" line in Zeek's HTTP dpd.sig
will actually enable/instantiate the Spicy analyzer now.
---
 analyzer/__load__.zeek |  1 -
 analyzer/dpd.sig       | 17 -----------------
 2 files changed, 18 deletions(-)
 delete mode 100644 analyzer/dpd.sig

diff --git a/analyzer/__load__.zeek b/analyzer/__load__.zeek
index 4f02c79..e69de29 100644
--- a/analyzer/__load__.zeek
+++ b/analyzer/__load__.zeek
@@ -1 +0,0 @@
-@load-sigs ./dpd.sig
diff --git a/analyzer/dpd.sig b/analyzer/dpd.sig
deleted file mode 100644
index 1feb49c..0000000
--- a/analyzer/dpd.sig
+++ /dev/null
@@ -1,17 +0,0 @@
-# Copyright (c) 2021 by the Zeek Project. See LICENSE for details.
-
-# Signatures are copied from Zeek.
-
-signature spicy_http_client {
-  ip-proto == tcp
-  payload /^[[:space:]]*(OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT|PROPFIND|PROPPATCH|MKCOL|COPY|MOVE|LOCK|UNLOCK|VERSION-CONTROL|REPORT|CHECKOUT|CHECKIN|UNCHECKOUT|MKWORKSPACE|UPDATE|LABEL|MERGE|BASELINE-CONTROL|MKACTIVITY|ORDERPATCH|ACL|PATCH|SEARCH|BCOPY|BDELETE|BMOVE|BPROPFIND|BPROPPATCH|NOTIFY|POLL|SUBSCRIBE|UNSUBSCRIBE|X-MS-ENUMATTS|RPC_OUT_DATA|RPC_IN_DATA)[[:space:]]*/
-  tcp-state originator
-  enable "spicy_HTTP"
-}
-
-signature spicy_http_server {
-  ip-proto == tcp
-  payload /^HTTP\/[0-9]/
-  tcp-state responder
-  enable "spicy_HTTP"
-}

From 044f5552433043ee4b027a8e5dca0f9fb35bdf3e Mon Sep 17 00:00:00 2001
From: Arne Welzel <arne.welzel@corelight.com>
Date: Mon, 12 Aug 2024 10:32:51 +0200
Subject: [PATCH 3/3] Only test Zeek 7.0 and latest.

---
 .github/workflows/check.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
index f2862c4..3e86d63 100644
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@@ -10,8 +10,7 @@ jobs:
     strategy:
       matrix:
         version:
-          - zeek:6.0
-          - zeek:6.2
+          - zeek:7.0
           - zeek-dev:latest
 
       fail-fast: false