Merge remote-tracking branch 'origin/topic/jsiwek/fix-pe-major-subsys'

* origin/topic/jsiwek/fix-pe-major-subsys:
  Fix `major_subsys_version` field in `pe_optional_header` event

CHANGES

@@ -1,4 +1,11 @@
 
+4.1.0-dev.228 | 2021-02-16 11:10:40 -0800
+
+  * Fix `major_subsys_version` field in `pe_optional_header` event
+
+    It was incorrectly set the same as the `minor_subsys_version` field
+    of the `PE::OptionalHeader` record. (Jon Siwek, Corelight)
+
 4.1.0-dev.225 | 2021-02-12 14:40:14 -0800
 
   * Fix CentOS 8 CI Dockerfile (Jon Siwek, Corelight)

VERSION

@@ -1 +1 @@
-4.1.0-dev.225
+4.1.0-dev.228

src/file_analysis/analyzer/pe/pe-analyzer.pac

@@ -146,7 +146,7 @@ refine flow File += {
 			oh->Assign(13, zeek::val_mgr->Count(${h.os_version_minor}));
 			oh->Assign(14, zeek::val_mgr->Count(${h.major_image_version}));
 			oh->Assign(15, zeek::val_mgr->Count(${h.minor_image_version}));
-			oh->Assign(16, zeek::val_mgr->Count(${h.minor_subsys_version}));
+			oh->Assign(16, zeek::val_mgr->Count(${h.major_subsys_version}));
 			oh->Assign(17, zeek::val_mgr->Count(${h.minor_subsys_version}));
 			oh->Assign(18, zeek::val_mgr->Count(${h.size_of_image}));
 			oh->Assign(19, zeek::val_mgr->Count(${h.size_of_headers}));