Merge remote-tracking branch 'origin/master' into topic/vladg/kerberos

2025-10-04 15:48:19 +00:00 · 2014-11-04 13:12:12 -05:00 · 2014-11-04 13:12:12 -05:00 · 0bd45d54c8
commit 0bd45d54c8
parent bcdeef6012 9045288ad3
36 changed files with 253 additions and 58 deletions
--- a/43
+++ b/43
@ -1,4 +1,47 @@
 2.3-278 | 2014-11-03 18:55:18 -0800
  * Add new curves from draft-ietf-tls-negotiated-ff-dhe to SSL
    analysis. (Johanna Amann)
 2.3-274 | 2014-10-31 17:45:25 -0700
  * Adding call to new binpac::init() function. (Robin Sommer)
 2.3-272 | 2014-10-31 16:29:42 -0700
  * Fix segfault if when statement's RHS is unitialized. Addresses
    BIT-1176. (Jon Siwek)
  * Fix checking vector indices via "in". Addresses BIT-1280.  (Jon
    Siwek)
 2.3-268 | 2014-10-31 12:12:22 -0500
  * BIT-1283: Fix crash when using &encrypt. (Jon Siwek)
 2.3-267 | 2014-10-31 10:35:02 -0500
  * BIT-1284: Allow arbitrary when statement timeout expressions
    (Jon Siwek)
 2.3-266 | 2014-10-31 09:21:28 -0500
  * BIT-1166: Add configure options to fine tune local state dirs used
    by BroControl. (Jon Siwek)
 2.3-264 | 2014-10-30 13:25:57 -0500
  * Fix some minor Coverity Scan complaints. (Jon Siwek)
 2.3-263 | 2014-10-28 15:09:10 -0500
  * Fix checking of fwrite return values (Johanna Amann)
 2.3-260 | 2014-10-27 12:54:17 -0500
  * Fix errors/warnings when compiling with -std=c++11 (Jon Siwek)
 2.3-259 | 2014-10-27 10:04:04 -0500
  * Documentation fixes. (Vicente Jimenez Aguilar and Stefano Azzalini)
--- a/2
+++ b/2
@ -1 +1 @@
-2.3-259
+2.3-278
--- a/aux/binpac
+++ b/aux/binpac
@ -1 +1 @@
-Subproject commit c8e017b4b1893cf254fc2bc8eedd86b852a2e654
+Subproject commit 77a86591dcf89d7252d3676d3f1199d6c927d073
--- a/aux/broctl
+++ b/aux/broctl
@ -1 +1 @@
-Subproject commit 2b13bfcc941018c76f74b81a6e74e5e4e723c747
+Subproject commit 39e865dec9611b9b53b609cbc8df519cebae0a1e
--- a/16
+++ b/16
@ -24,6 +24,13 @@ Usage: $0 [OPTION]... [VAR=VALUE]...
    --prefix=PREFIX        installation directory [/usr/local/bro]
    --scriptdir=PATH       root installation directory for Bro scripts
                           [PREFIX/share/bro]
    --localstatedir=PATH   when using BroControl, path to store log files
                           and run-time data (within log/ and spool/ subdirs)
                           [PREFIX]
    --spooldir=PATH        when using BroControl, path to store run-time data
                           [PREFIX/spool]
    --logdir=PATH          when using BroControl, path to store log file
                           [PREFIX/logs]
    --conf-files-dir=PATH  config files installation directory [PREFIX/etc]
  Optional Features:
@ -144,6 +151,15 @@ while [ $# -ne 0 ]; do
            append_cache_entry BRO_ETC_INSTALL_DIR PATH $optarg
            user_set_conffilesdir="true"
            ;;
        --localstatedir=*)
            append_cache_entry BRO_LOCAL_STATE_DIR  PATH   $optarg
            ;;
        --spooldir=*)
            append_cache_entry BRO_SPOOL_DIR  PATH   $optarg
            ;;
        --logdir=*)
            append_cache_entry BRO_LOG_DIR  PATH   $optarg
            ;;
        --enable-debug)
            append_cache_entry ENABLE_DEBUG         BOOL   true
            ;;
--- a/pkg/make-deb-packages
+++ b/pkg/make-deb-packages
@ -16,6 +16,7 @@ the 'dpkg-dev' package, please install it first.
 }
 prefix=/opt/bro
 localstatedir=/var/opt/bro
 # During the packaging process, `dpkg-shlibs` will fail if used on a library
 # that links to other internal/project libraries unless an RPATH is used or
@ -31,7 +32,7 @@ cd ..
 ( cd build && make package )
 # Full Bro package
-./configure --prefix=${prefix} --pkg-name-prefix=Bro --binary-package
+./configure --prefix=${prefix} --localstatedir=${localstatedir} --pkg-name-prefix=Bro --binary-package
 ( cd build && make package )
 # Broccoli
@ -42,6 +43,6 @@ cd ../..
 # Broctl
 cd aux/broctl
-./configure --prefix=${prefix} --binary-package
+./configure --prefix=${prefix} --localstatedir=${localstatedir} --binary-package
 ( cd build && make package && mv *.deb ../../../build/ )
 cd ../..
--- a/pkg/make-rpm-packages
+++ b/pkg/make-rpm-packages
@ -15,6 +15,7 @@ the 'rpm-build' package, please install it first.
 }
 prefix=/opt/bro
 localstatedir=/var/opt/bro
 cd ..
@ -24,7 +25,7 @@ cd ..
 ( cd build && make package )
 # Full Bro package
-./configure --prefix=${prefix} --pkg-name-prefix=Bro --binary-package
+./configure --prefix=${prefix} --localstatedir=${localstatedir} --pkg-name-prefix=Bro --binary-package
 ( cd build && make package )
 # Broccoli
@ -35,6 +36,6 @@ cd ../..
 # Broctl
 cd aux/broctl
-./configure --prefix=${prefix} --binary-package
+./configure --prefix=${prefix} --localstatedir=${localstatedir} --binary-package
 ( cd build && make package && mv *.rpm ../../../build/ )
 cd ../..
--- a/scripts/base/protocols/ssl/consts.bro
+++ b/scripts/base/protocols/ssl/consts.bro
@ -158,6 +158,12 @@ export {
 		[26] = "brainpoolP256r1",
 		[27] = "brainpoolP384r1",
 		[28] = "brainpoolP512r1",
 		# draft-ietf-tls-negotiated-ff-dhe-02
 		[256] = "ffdhe2432",
 		[257] = "ffdhe3072",
 		[258] = "ffdhe4096",
 		[259] = "ffdhe6144",
 		[260] = "ffdhe8192",
 		[0xFF01] = "arbitrary_explicit_prime_curves",
 		[0xFF02] = "arbitrary_explicit_char2_curves"
 	} &default=function(i: count):string { return fmt("unknown-%d", i); };
--- a/src/Brofiler.cc
+++ b/src/Brofiler.cc
@ -96,7 +96,7 @@ bool Brofiler::WriteStats()
 	map<pair<string, string>, uint64 >::const_iterator it;
 	for ( it = usage_map.begin(); it != usage_map.end(); ++it )
 		{
-		fprintf(f, "%"PRIu64"%c%s%c%s\n", it->second, delim,
+		fprintf(f, "%" PRIu64"%c%s%c%s\n", it->second, delim,
 				it->first.first.c_str(), delim, it->first.second.c_str());
 		}
--- a/src/DNS_Mgr.cc
+++ b/src/DNS_Mgr.cc
@ -214,7 +214,7 @@ DNS_Mapping::DNS_Mapping(FILE* f)
 	char req_buf[512+1], name_buf[512+1];
 	int is_req_host;
-	if ( sscanf(buf, "%lf %d %512s %d %512s %d %d %"PRIu32, &creation_time,
+	if ( sscanf(buf, "%lf %d %512s %d %512s %d %d %" PRIu32, &creation_time,
 	     &is_req_host, req_buf, &failed, name_buf, &map_type, &num_addrs,
 	     &req_ttl) != 8 )
 		return;
@ -360,7 +360,7 @@ void DNS_Mapping::Clear()
 void DNS_Mapping::Save(FILE* f) const
 	{
-	fprintf(f, "%.0f %d %s %d %s %d %d %"PRIu32"\n", creation_time, req_host != 0,
+	fprintf(f, "%.0f %d %s %d %s %d %d %" PRIu32"\n", creation_time, req_host != 0,
 		req_host ? req_host : req_addr.AsString().c_str(),
 		failed, (names && names[0]) ? names[0] : "*",
 		map_type, num_addrs, req_ttl);
--- a/src/Expr.cc
+++ b/src/Expr.cc
@ -636,7 +636,7 @@ Val* BinaryExpr::Eval(Frame* f) const
 		return v_result;
 		}
-	if ( is_vec1 || is_vec2 )
+	if ( IsVector(Type()->Tag()) && (is_vec1 || is_vec2) )
 		{ // fold vector against scalar
 		VectorVal* vv = (is_vec1 ? v1 : v2)->AsVectorVal();
 		VectorVal* v_result = new VectorVal(Type()->AsVectorType());
@ -4703,8 +4703,14 @@ Val* InExpr::Fold(Val* v1, Val* v2) const
 	     v2->Type()->Tag() == TYPE_SUBNET )
 		return new Val(v2->AsSubNetVal()->Contains(v1->AsAddr()), TYPE_BOOL);
-	TableVal* vt = v2->AsTableVal();
+	Val* res;
-	if ( vt->Lookup(v1, false) )
+
 	if ( is_vector(v2) )
 		res = v2->AsVectorVal()->Lookup(v1);
 	else
 		res = v2->AsTableVal()->Lookup(v1, false);
 	if ( res )
 		return new Val(1, TYPE_BOOL);
 	else
 		return new Val(0, TYPE_BOOL);
--- a/src/File.cc
+++ b/src/File.cc
@ -527,7 +527,7 @@ void BroFile::SetAttrs(Attributes* arg_attrs)
 		if ( ef->AttrExpr() )
 			InitEncrypt(ef->AttrExpr()->ExprVal()->AsString()->CheckString());
 		else
-			InitEncrypt(log_encryption_key->AsString()->CheckString());
+			InitEncrypt(opt_internal_string("log_encryption_key")->CheckString());
 		}
 	if ( attrs->FindAttr(ATTR_RAW_OUTPUT) )
@ -708,10 +708,10 @@ void BroFile::InitEncrypt(const char* keyfile)
 	secret_len = htonl(secret_len);
-	if ( ! (fwrite("BROENC1", 7, 1, f) &&
+	if ( fwrite("BROENC1", 7, 1, f) < 1 ||
-		fwrite(&secret_len, sizeof(secret_len), 1, f) &&
+		fwrite(&secret_len, sizeof(secret_len), 1, f) < 1 ||
-		fwrite(secret, ntohl(secret_len), 1, f) &&
+		fwrite(secret, ntohl(secret_len), 1, f) < 1 ||
-		fwrite(iv, iv_len, 1, f)) )
+		fwrite(iv, iv_len, 1, f) < 1 )
 		{
 		reporter->Error("can't write header to log file %s: %s",
 				name, strerror(errno));
@ -736,7 +736,7 @@ void BroFile::FinishEncrypt()
 		int outl;
 		EVP_SealFinal(cipher_ctx, cipher_buffer, &outl);
-		if ( outl && ! fwrite(cipher_buffer, outl, 1, f) )
+		if ( outl && fwrite(cipher_buffer, outl, 1, f) < 1 )
 			{
 			reporter->Error("write error for %s: %s",
 					name, strerror(errno));
@ -777,7 +777,7 @@ int BroFile::Write(const char* data, int len)
 				return 0;
 				}
-			if ( outl && ! fwrite(cipher_buffer, outl, 1, f) )
+			if ( outl && fwrite(cipher_buffer, outl, 1, f) < 1 )
 				{
 				reporter->Error("write error for %s: %s",
 						name, strerror(errno));
@ -792,8 +792,7 @@ int BroFile::Write(const char* data, int len)
 		return 1;
 		}
-	len = fwrite(data, 1, len, f);
+	if ( fwrite(data, len, 1, f) < 1 )
 	if ( len <= 0 )
 		return false;
 	if ( rotate_size && current_size < rotate_size && current_size + len >= rotate_size )
--- a/src/Flare.cc
+++ b/src/Flare.cc
@ -22,7 +22,7 @@ static void bad_pipe_op(const char* which)
 void Flare::Fire()
 	{
-	char tmp;
+	char tmp = 0;
 	for ( ; ; )
 		{
--- a/src/H3.h
+++ b/src/H3.h
@ -110,7 +110,7 @@ public:
 		T result = 0;
 		// loop optmized with Duff's Device
-		register unsigned n = (size + 7) / 8;
+		unsigned n = (size + 7) / 8;
 		switch ( size % 8 ) {
 		case 0: do { result ^= byte_lookup[offset++][*p++];
 		case 7:      result ^= byte_lookup[offset++][*p++];
--- a/src/Reassem.cc
+++ b/src/Reassem.cc
@ -182,7 +182,7 @@ DataBlock* Reassembler::AddAndCheck(DataBlock* b, uint64 seq, uint64 upper,
 	{
 	if ( DEBUG_reassem )
 		{
-		DEBUG_MSG("%.6f Reassembler::AddAndCheck seq=%"PRIu64", upper=%"PRIu64"\n",
+		DEBUG_MSG("%.6f Reassembler::AddAndCheck seq=%" PRIu64", upper=%" PRIu64"\n",
 		          network_time, seq, upper);
 		}
--- a/src/RemoteSerializer.cc
+++ b/src/RemoteSerializer.cc
@ -707,7 +707,7 @@ RemoteSerializer::PeerID RemoteSerializer::Connect(const IPAddr& ip,
 	const size_t BUFSIZE = 1024;
 	char* data = new char[BUFSIZE];
 	snprintf(data, BUFSIZE,
-	         "%"PRI_PTR_COMPAT_UINT",%s,%s,%"PRIu16",%"PRIu32",%d", p->id,
+	         "%" PRI_PTR_COMPAT_UINT",%s,%s,%" PRIu16",%" PRIu32",%d", p->id,
 	         ip.AsString().c_str(), zone_id.c_str(), port, uint32(retry),
 	         use_ssl);
@ -1267,7 +1267,7 @@ bool RemoteSerializer::Listen(const IPAddr& ip, uint16 port, bool expect_ssl,
 	const size_t BUFSIZE = 1024;
 	char* data = new char[BUFSIZE];
-	snprintf(data, BUFSIZE, "%s,%"PRIu16",%d,%d,%s,%"PRIu32,
+	snprintf(data, BUFSIZE, "%s,%" PRIu16",%d,%d,%s,%" PRIu32,
 	         ip.AsString().c_str(), port, expect_ssl, ipv6, zone_id.c_str(),
 	         (uint32) retry);
@ -4075,7 +4075,7 @@ bool SocketComm::Connect(Peer* peer)
 		const size_t BUFSIZE = 1024;
 		char* data = new char[BUFSIZE];
-		snprintf(data, BUFSIZE, "%s,%"PRIu32, peer->ip.AsString().c_str(),
+		snprintf(data, BUFSIZE, "%s,%" PRIu32, peer->ip.AsString().c_str(),
 		         peer->port);
 		if ( ! SendToParent(MSG_CONNECTED, peer, data) )
@ -4190,7 +4190,7 @@ bool SocketComm::Listen()
 		     setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) < 0 )
 			Error(fmt("can't set IPV6_V6ONLY, %s", strerror(errno)));
-		if ( bind(fd, res->ai_addr, res->ai_addrlen) < 0 )
+		if ( ::bind(fd, res->ai_addr, res->ai_addrlen) < 0 )
 			{
 			Error(fmt("can't bind to %s:%s, %s", l_addr_str.c_str(),
 			          port_str, strerror(errno)));
@ -4287,7 +4287,7 @@ bool SocketComm::AcceptConnection(int fd)
 	const size_t BUFSIZE = 1024;
 	char* data = new char[BUFSIZE];
-	snprintf(data, BUFSIZE, "%s,%"PRIu32, peer->ip.AsString().c_str(),
+	snprintf(data, BUFSIZE, "%s,%" PRIu32, peer->ip.AsString().c_str(),
 	         peer->port);
 	if ( ! SendToParent(MSG_CONNECTED, peer, data) )
--- a/src/SerializationFormat.cc
+++ b/src/SerializationFormat.cc
@ -541,19 +541,19 @@ bool XMLSerializationFormat::Write(uint16 v, const char* tag)
 bool XMLSerializationFormat::Write(uint32 v, const char* tag)
 	{
-	const char* tmp = fmt("%"PRIu32, v);
+	const char* tmp = fmt("%" PRIu32, v);
 	return WriteElem(tag, "uint32", tmp, strlen(tmp));
 	}
 bool XMLSerializationFormat::Write(uint64 v, const char* tag)
 	{
-	const char* tmp = fmt("%"PRIu64, v);
+	const char* tmp = fmt("%" PRIu64, v);
 	return WriteElem(tag, "uint64", tmp, strlen(tmp));
 	}
 bool XMLSerializationFormat::Write(int64 v, const char* tag)
 	{
-	const char* tmp = fmt("%"PRId64, v);
+	const char* tmp = fmt("%" PRId64, v);
 	return WriteElem(tag, "int64", tmp, strlen(tmp));
 	}
--- a/src/Sessions.cc
+++ b/src/Sessions.cc
@ -544,7 +544,7 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
 			if ( proto_typ != 0x0800 && proto_typ != 0x86dd )
 				{
 				// Not IPv4/IPv6 payload.
-				Weird(fmt("unknown_gre_protocol_%"PRIu16, proto_typ), ip_hdr,
+				Weird(fmt("unknown_gre_protocol_%" PRIu16, proto_typ), ip_hdr,
 				      encapsulation);
 				return;
 				}
--- a/src/Stats.cc
+++ b/src/Stats.cc
@ -160,7 +160,7 @@ void ProfileLogger::Log()
 	file->Write(fmt("%.06f Connections expired due to inactivity: %d\n",
 		network_time, killed_by_inactivity));
-	file->Write(fmt("%.06f Total reassembler data: %"PRIu64"K\n", network_time,
+	file->Write(fmt("%.06f Total reassembler data: %" PRIu64"K\n", network_time,
 		Reassembler::TotalMemoryAllocation() / 1024));
 	// Signature engine.
--- a/src/Trigger.cc
+++ b/src/Trigger.cc
@ -131,18 +131,19 @@ Trigger::Trigger(Expr* arg_cond, Stmt* arg_body, Stmt* arg_timeout_stmts,
 		arg_frame->SetDelayed();
 		}
-	Val* timeout = arg_timeout ? arg_timeout->ExprVal() : 0;
+	Val* timeout_val = arg_timeout ? arg_timeout->Eval(arg_frame) : 0;
 	// Make sure we don't get deleted if somebody calls a method like
 	// Timeout() while evaluating the trigger. 
 	Ref(this);
-	if ( ! Eval() && timeout )
+	if ( ! Eval() && timeout_val )
 		{
-		timer = new TriggerTimer(timeout->AsInterval(), this);
+		timer = new TriggerTimer(timeout_val->AsInterval(), this);
 		timer_mgr->Add(timer);
 		}
 	Unref(timeout_val);
 	Unref(this);
 	}
@ -206,7 +207,7 @@ bool Trigger::Eval()
 		return false;
 		}
-	if ( v->IsZero() )
+	if ( ! v || v->IsZero() )
 		{
 		// Not true. Perhaps next time...
 		DBG_LOG(DBG_NOTIFIERS, "%s: trigger condition is false", Name());
--- a/src/analyzer/Analyzer.cc
+++ b/src/analyzer/Analyzer.cc
@ -598,7 +598,7 @@ SupportAnalyzer* Analyzer::FirstSupportAnalyzer(bool orig)
 void Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
 				uint64 seq, const IP_Hdr* ip, int caplen)
 	{
-	DBG_LOG(DBG_ANALYZER, "%s DeliverPacket(%d, %s, %"PRIu64", %p, %d) [%s%s]",
+	DBG_LOG(DBG_ANALYZER, "%s DeliverPacket(%d, %s, %" PRIu64", %p, %d) [%s%s]",
 			fmt_analyzer(this).c_str(), len, is_orig ? "T" : "F", seq, ip, caplen,
 			fmt_bytes((const char*) data, min(40, len)), len > 40 ? "..." : "");
 	}
@ -612,7 +612,7 @@ void Analyzer::DeliverStream(int len, const u_char* data, bool is_orig)
 void Analyzer::Undelivered(uint64 seq, int len, bool is_orig)
 	{
-	DBG_LOG(DBG_ANALYZER, "%s Undelivered(%"PRIu64", %d, %s)",
+	DBG_LOG(DBG_ANALYZER, "%s Undelivered(%" PRIu64", %d, %s)",
 			fmt_analyzer(this).c_str(), seq, len, is_orig ? "T" : "F");
 	}
--- a/src/analyzer/protocol/http/HTTP.cc
+++ b/src/analyzer/protocol/http/HTTP.cc
@ -416,7 +416,7 @@ void HTTP_Entity::SubmitHeader(mime::MIME_Header* h)
 		int64_t len = l - f + 1;
 		if ( DEBUG_http )
-			DEBUG_MSG("Content-Range length = %"PRId64"\n", len);
+			DEBUG_MSG("Content-Range length = %" PRId64"\n", len);
 		if ( len > 0 )
 			{
@ -1060,7 +1060,7 @@ void HTTP_Analyzer::Undelivered(uint64 seq, int len, bool is_orig)
 		{
 		if ( msg )
 			msg->SubmitEvent(mime::MIME_EVENT_CONTENT_GAP,
-				fmt("seq=%"PRIu64", len=%d", seq, len));
+				fmt("seq=%" PRIu64", len=%d", seq, len));
 		}
 	// Check if the content gap falls completely within a message body
--- a/src/analyzer/protocol/smtp/SMTP.cc
+++ b/src/analyzer/protocol/smtp/SMTP.cc
@ -21,7 +21,9 @@ static const char* smtp_cmd_word[] = {
 #include "SMTP_cmd.def"
 };
-#define SMTP_CMD_WORD(code) ((code >= 0) ? smtp_cmd_word[code] : "(UNKNOWN)")
+static const char* unknown_cmd = "(UNKNOWN)";
 #define SMTP_CMD_WORD(code) ((code >= 0) ? smtp_cmd_word[code] : unknown_cmd)
 SMTP_Analyzer::SMTP_Analyzer(Connection* conn)
@ -83,7 +85,7 @@ void SMTP_Analyzer::Undelivered(uint64 seq, int len, bool is_orig)
 	if ( len <= 0 )
 		return;
-	const char* buf = fmt("seq = %"PRIu64", len = %d", seq, len);
+	const char* buf = fmt("seq = %" PRIu64", len = %d", seq, len);
 	int buf_len = strlen(buf);
 	Unexpected(is_orig, "content gap", buf_len, buf);
@ -422,7 +424,6 @@ void SMTP_Analyzer::NewReply(const int reply_code)
 	if ( state == SMTP_AFTER_GAP && reply_code > 0 )
 		{
 		state = SMTP_GAP_RECOVERY;
 		const char* unknown_cmd = SMTP_CMD_WORD(-1);
 		RequestEvent(strlen(unknown_cmd), unknown_cmd, 0, "");
 		/*
 		if ( line_after_gap )
--- a/src/analyzer/protocol/snmp/snmp-analyzer.pac
+++ b/src/analyzer/protocol/snmp/snmp-analyzer.pac
@ -84,7 +84,7 @@ StringVal* asn1_oid_to_val(const ASN1Encoding* oid)
 		if ( i > 0 )
 			{
 			rval += ".";
-			snprintf(tmp, sizeof(tmp), "%"PRIu64, subidentifier_values[i]);
+			snprintf(tmp, sizeof(tmp), "%" PRIu64, subidentifier_values[i]);
 			rval += tmp;
 			}
 		else
--- a/src/analyzer/protocol/tcp/TCP.cc
+++ b/src/analyzer/protocol/tcp/TCP.cc
@ -1901,7 +1901,7 @@ void TCP_ApplicationAnalyzer::DeliverPacket(int len, const u_char* data,
 						const IP_Hdr* ip, int caplen)
 	{
 	Analyzer::DeliverPacket(len, data, is_orig, seq, ip, caplen);
-	DBG_LOG(DBG_ANALYZER, "TCP_ApplicationAnalyzer ignoring DeliverPacket(%d, %s, %"PRIu64", %p, %d) [%s%s]",
+	DBG_LOG(DBG_ANALYZER, "TCP_ApplicationAnalyzer ignoring DeliverPacket(%d, %s, %" PRIu64", %p, %d) [%s%s]",
 			len, is_orig ? "T" : "F", seq, ip, caplen,
 			fmt_bytes((const char*) data, min(40, len)), len > 40 ? "..." : "");
 	}
@ -2053,7 +2053,7 @@ int TCPStats_Endpoint::DataSent(double /* t */, uint64 seq, int len, int caplen,
 			num_rxmit_bytes += len;
 			}
-		DEBUG_MSG("%.6f rexmit %"PRIu64" + %d <= %"PRIu64" data_in_flight = %d\n",
+		DEBUG_MSG("%.6f rexmit %" PRIu64" + %d <= %" PRIu64" data_in_flight = %d\n",
 		 	network_time, seq, len, max_top_seq, data_in_flight);
 		if ( tcp_rexmit )
--- a/src/analyzer/protocol/tcp/TCP_Reassembler.cc
+++ b/src/analyzer/protocol/tcp/TCP_Reassembler.cc
@ -188,7 +188,7 @@ void TCP_Reassembler::Undelivered(uint64 up_to_seq)
 	if ( DEBUG_tcp_contents )
 		{
-		DEBUG_MSG("%.6f Undelivered: IsOrig()=%d up_to_seq=%"PRIu64", last_reassm=%"PRIu64", "
+		DEBUG_MSG("%.6f Undelivered: IsOrig()=%d up_to_seq=%" PRIu64", last_reassm=%" PRIu64", "
 		          "endp: FIN_cnt=%d, RST_cnt=%d, "
 		          "peer: FIN_cnt=%d, RST_cnt=%d\n",
 		          network_time, IsOrig(), up_to_seq, last_reassem_seq,
@ -219,7 +219,7 @@ void TCP_Reassembler::Undelivered(uint64 up_to_seq)
 		{
 		if ( DEBUG_tcp_contents )
 			{
-			DEBUG_MSG("%.6f Undelivered: IsOrig()=%d, seq=%"PRIu64", len=%"PRIu64", "
+			DEBUG_MSG("%.6f Undelivered: IsOrig()=%d, seq=%" PRIu64", len=%" PRIu64", "
 					  "skip_deliveries=%d\n",
 					  network_time, IsOrig(), last_reassem_seq,
 					  up_to_seq - last_reassem_seq,
@ -350,7 +350,7 @@ void TCP_Reassembler::RecordBlock(DataBlock* b, BroFile* f)
 void TCP_Reassembler::RecordGap(uint64 start_seq, uint64 upper_seq, BroFile* f)
 	{
-	if ( f->Write(fmt("\n<<gap %"PRIu64">>\n", upper_seq - start_seq)) )
+	if ( f->Write(fmt("\n<<gap %" PRIu64">>\n", upper_seq - start_seq)) )
 		return;
 	reporter->Error("TCP_Reassembler contents gap write failed");
@ -420,7 +420,7 @@ void TCP_Reassembler::BlockInserted(DataBlock* start_block)
 void TCP_Reassembler::Overlap(const u_char* b1, const u_char* b2, uint64 n)
 	{
 	if ( DEBUG_tcp_contents )
-		DEBUG_MSG("%.6f TCP contents overlap: %"PRIu64" IsOrig()=%d\n", network_time,  n, IsOrig());
+		DEBUG_MSG("%.6f TCP contents overlap: %" PRIu64" IsOrig()=%d\n", network_time,  n, IsOrig());
 	if ( rexmit_inconsistency &&
 	     memcmp((const void*) b1, (const void*) b2, n) &&
@ -465,7 +465,7 @@ int TCP_Reassembler::DataSent(double t, uint64 seq, int len,
 	if ( DEBUG_tcp_contents )
 		{
-		DEBUG_MSG("%.6f DataSent: IsOrig()=%d seq=%"PRIu64" upper=%"PRIu64" ack=%"PRIu64"\n",
+		DEBUG_MSG("%.6f DataSent: IsOrig()=%d seq=%" PRIu64" upper=%" PRIu64" ack=%" PRIu64"\n",
 		          network_time, IsOrig(), seq, upper_seq, ack);
 		}
--- a/src/cq.c
+++ b/src/cq.c
@ -357,7 +357,7 @@ cq_remove(register struct cq_handle *hp, register double pri,
 	/* The priority must be positive and the cookie non-null */
 	if (pri <= 0.0 || cookie == NULL)
-		return (-0);
+		return (0);
 	bp = hp->buckets + PRI2BUCKET(hp, pri);
 	if (! BUCKETINUSE(bp))
@ -370,7 +370,7 @@ cq_remove(register struct cq_handle *hp, register double pri,
 		}
 	if ( ! bp )
-		return (-0);
+		return (0);
 	/* Unlink entry */
 	if ( ! bp2 ) {
--- a/src/iosource/PktSrc.cc
+++ b/src/iosource/PktSrc.cc
@ -506,6 +506,7 @@ bool PktSrc::ApplyBPFFilter(int index, const struct pcap_pkthdr *hdr, const u_ch
 		{
 		Error(fmt("BPF filter %d not compiled", index));
 		Close();
 		return false;
 		}
 	if ( code->MatchesAnything() )
--- a/src/iosource/PktSrc.h
+++ b/src/iosource/PktSrc.h
@ -266,7 +266,11 @@ protected:
 		Properties()
 			{
 			selectable_fd = -1;
 			link_type = -1;
 			hdr_size = -1;
 			netmask = PCAP_NETMASK_UNKNOWN;
 			is_live = false;
 			}
 	};
--- a/src/iosource/pcap/Source.cc
+++ b/src/iosource/pcap/Source.cc
@ -21,6 +21,9 @@ PcapSource::PcapSource(const std::string& path, bool is_live)
 	{
 	props.path = path;
 	props.is_live = is_live;
 	pd = 0;
 	memset(&current_hdr, 0, sizeof(current_hdr));
 	memset(&last_hdr, 0, sizeof(last_hdr));
 	last_data = 0;
 	}
--- a/src/main.cc
+++ b/src/main.cc
@ -775,6 +775,9 @@ int main(int argc, char** argv)
 	// DEBUG_MSG("HMAC key: %s\n", md5_digest_print(shared_hmac_md5_key));
 	init_hash_function();
 	// Must come after hash initialization.
 	binpac::init();
 	ERR_load_crypto_strings();
 	OPENSSL_add_all_algorithms_conf();
 	SSL_library_init();
--- a/testing/btest/Baseline/language.vector-in-operator/out
+++ b/testing/btest/Baseline/language.vector-in-operator/out
@ -0,0 +1,11 @@
 [zero, one, , , , five, , seven]
 vec[0] = zero.exe
 vec[1] = one.exe
 vec[2] = <not set>
 vec[3] = <not set>
 vec[4] = <not set>
 vec[5] = five.exe
 vec[6] = <not set>
 vec[7] = seven.exe
 vec[8] = <not set>
 vec[9] = <not set>
--- a/testing/btest/Baseline/language.when-unitialized-rhs/out
+++ b/testing/btest/Baseline/language.when-unitialized-rhs/out
@ -0,0 +1,38 @@
 error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.when-unitialized-rhs/when-unitialized-rhs.bro, line 9: value used but not set (crashMe)
 error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.when-unitialized-rhs/when-unitialized-rhs.bro, line 14: value used but not set (x)
 1
 2
 3
 4
 5
 6
 7
 8
 9
 10
 2nd when stmt executing, 999
 1st when stmt executing, not anymore you don't
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
--- a/testing/btest/language/vector-in-operator.bro
+++ b/testing/btest/language/vector-in-operator.bro
@ -0,0 +1,17 @@
 # @TEST-EXEC: bro -b %INPUT >out
 # @TEST-EXEC: btest-diff out
 local ten = "0123456789";
 local vec: vector of string = { "zero", "one" };
 local n = 0;
 vec[5] = "five";
 vec[7] = "seven";
 print vec;
 vec = vec + ".exe";
 for ( c in ten )
 	{
 	local is_set: bool = (n in vec);
 	print fmt("vec[%s] = %s", n, is_set ? vec[n] : "<not set>");
 	++n;
 	}
--- a/testing/btest/language/when-unitialized-rhs.bro
+++ b/testing/btest/language/when-unitialized-rhs.bro
@ -0,0 +1,32 @@
 # @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT >out 2>&1
 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out
 global crashMe: function(): string;
 global x: int;
 event bro_init()
 	{
 	when( local result = crashMe() )
 		{
 		print "1st when stmt executing", result;
 		}
 	when( local other_result = x )
 		{
 		print "2nd when stmt executing", other_result;
 		}
 	}
 global conn_count = 0;
 event new_connection(c: connection)
 	{
 	++conn_count;
 	print conn_count;
 	if ( conn_count == 10 )
 		{
 		x = 999;
 		crashMe = function(): string { return "not anymore you don't"; };
 		}
 	}
--- a/testing/btest/language/when.bro
+++ b/testing/btest/language/when.bro
@ -8,13 +8,25 @@
 event bro_init()
 {
-	local h1: addr = 127.0.0.1;
+	local h: addr = 127.0.0.1;
-	when ( local h1name = lookup_addr(h1) )
+	when ( local hname = lookup_addr(h) )
 		{ 
 		print "lookup successful";
 		terminate();
 		}
 	timeout 10sec
 		{
 		print "timeout (1)";
 		}
 	local to = 5sec;
 	# Just checking that timeouts can use arbitrary expressions...
 	when ( local hname2 = lookup_addr(h) ) {}
 	timeout to {}
 	when ( local hname3 = lookup_addr(h) ) {}
 	timeout to + 2sec {}
 	print "done";
 }
		`@ -1 +1 @@`
			`Subproject commit c8e017b4b1893cf254fc2bc8eedd86b852a2e654`				`Subproject commit 77a86591dcf89d7252d3676d3f1199d6c927d073`
		`@ -1 +1 @@`
			`Subproject commit 2b13bfcc941018c76f74b81a6e74e5e4e723c747`				`Subproject commit 39e865dec9611b9b53b609cbc8df519cebae0a1e`