Merge branch 'master' into topic/jsiwek/coverity

CHANGES

@@ -1,4 +1,16 @@
 
+2.1-1368 | 2013-09-19 20:07:57 -0700
+
+  * Add more links in the GeoLocation document (Daniel Thayer)
+
+2.1-1364 | 2013-09-19 15:12:08 -0700
+
+  * Add links to Intelligence Framework documentation. (Daniel Thayer)
+    
+  * Update Mozilla root CA list. (Bernhard Amann, Jon Siwek)
+
+  * Update documentation of required packages. (Daniel Thayer)
+
 2.1-1359 | 2013-09-18 15:01:50 -0700
 
   * Make client and server random available on script-level. Addresses

VERSION

@@ -1 +1 @@
-2.1-1359
+2.1-1368

aux/binpac

@@ -1 +1 @@
-Subproject commit 75e6906efb23036ea5a11936487498761a5f7eab
+Subproject commit eeb19daacc9f12bc4e7c885fa70e71f856a90b1f

aux/bro-aux

@@ -1 +1 @@
-Subproject commit 3e1c8bf5f34868759d578f2afc6707fd1797f958
+Subproject commit eb24e628648c7d7b931bdb57d38ab32c28296e72

aux/btest

@@ -1 +1 @@
-Subproject commit 13a7718b475d670ae22c1914ac1c26bd11be46b6
+Subproject commit 3918bd9f5f99863faec2501e5bc7839ffb17bdc9

configure

@@ -49,9 +49,9 @@ Usage: $0 [OPTION]... [VAR=VALUE]...
     --with-flex=PATH       path to flex executable
     --with-bison=PATH      path to bison executable
     --with-perl=PATH       path to perl executable
+    --with-libmagic=PATH   path to libmagic install root
 
   Optional Packages in Non-Standard Locations:
-    --with-libmagic=PATH   path to libmagic install root
     --with-geoip=PATH      path to the libGeoIP install root
     --with-perftools=PATH  path to Google Perftools install root
     --with-python=PATH     path to Python interpreter

doc/frameworks/geoip.rst

@@ -67,8 +67,8 @@ functionality:
 
     function lookup_location(a:addr): geo_location
 
-There is also the ``geo_location`` data structure that is returned
-from the ``lookup_location`` function:
+There is also the :bro:see:`geo_location` data structure that is returned
+from the :bro:see:`lookup_location` function:
 
 .. code:: bro
 

doc/frameworks/intel.rst

@@ -59,15 +59,15 @@ intelligence framework has distribution mechanisms which will push
 data out to all of the nodes that need it.
 
 Here is an example of the intelligence data format.  Note that all
-whitespace separators are literal tabs and fields containing only a
-hyphen are considered to be null values.::
+whitespace field separators are literal tabs and fields containing only a
+hyphen are considered to be null values. ::
 
 	#fields	indicator	indicator_type	meta.source	meta.desc	meta.url
 	1.2.3.4	Intel::ADDR	source1	Sending phishing email	http://source1.com/badhosts/1.2.3.4
 	a.b.com	Intel::DOMAIN	source2	Name used for data exfiltration	-
 
-For more examples of built in `indicator_type` values, please refer to the
-autogenerated documentation for the intelligence framework.
+For a list of all built-in `indicator_type` values, please refer to the
+documentation of :bro:see:`Intel::Type`.
 
 To load the data once files are created, use the following example
 code to define files to load with your own file names of course::
@@ -87,7 +87,7 @@ When some bit of data is extracted (such as an email address in the
 "From" header in a message over SMTP), the Intelligence Framework
 needs to be informed that this data was discovered and it's presence
 should be checked within the intelligence data set.  This is
-accomplished through the Intel::seen function.
+accomplished through the :bro:see:`Intel::seen` function.
 
 Typically users won't need to work with this function due to built in
 hook scripts that Bro ships with that will "see" data and send it into
@@ -95,8 +95,8 @@ the intelligence framework.  A user may only need to load the entire
 package of hook scripts as a module or pick and choose specific
 scripts to load.  Keep in mind that as more data is sent into the
 intelligence framework, the CPU load consumed by Bro will increase
-depending on how many times the Intel::seen function is being called
-which is heavily traffic dependent.
+depending on how many times the :bro:see:`Intel::seen` function is
+being called which is heavily traffic dependent.
 
 The full package of hook scripts that Bro ships with for sending this
 "seen" data into the intelligence framework can be loading by adding
@@ -110,12 +110,12 @@ Intelligence Matches
 Against all hopes, most networks will eventually have a hit on
 intelligence data which could indicate a possible compromise or other
 unwanted activity.  The Intelligence Framework provides an event that
-is generated whenever a match is discovered named Intel::match (TODO:
-make a link to inline docs).  Due to design restrictions placed upon
+is generated whenever a match is discovered named :bro:see:`Intel::match`.
+Due to design restrictions placed upon
 the intelligence framework, there is no assurance as to where this
 event will be generated.  It could be generated on the worker where
-the data was seen or on the manager.  When the Intel::match event is
+the data was seen or on the manager.  When the ``Intel::match`` event is
 handled, only the data given as event arguments to the event can be
 assured since the host where the data was seen may not be where
-Intel::match is handled.
+``Intel::match`` is handled.
 

doc/install/install.rst

@@ -29,13 +29,15 @@ before you begin:
     * Libpcap                           (http://www.tcpdump.org)
     * OpenSSL libraries                 (http://www.openssl.org)
     * BIND8 library
-    * Libmagic
+    * Libmagic 5.04 or greater
     * Libz
     * Bash (for BroControl)
 
 To build Bro from source, the following additional dependencies are required:
 
     * CMake 2.6.3 or greater            (http://www.cmake.org)
+    * Make
+    * C/C++ compiler
     * SWIG                              (http://www.swig.org)
     * Bison (GNU Parser Generator)
     * Flex  (Fast Lexical Analyzer)