* origin/topic/johanna/tls13-details:
Update SSL documentation.
support the newer TLS 1.3 key_share extension.
Include all data of the server-hello random
Parse pre-shared-key extension.
Added a small portability fix for the gmt_unix_time byte-swapping.
* 'rdp_client_security' of https://github.com/neslog/zeek:
Adding comments specific to client security data in record definition.
Cleaning up indentations and return true.
Adding record to init-bare
Adding client_security_data to the analyzer.
I added a unit test.
By using a consistent timestamp. That avoids rare chances of sqlite
output from rounding the current time into such a form that happens
to bypass the timestamp canonifier script (whenever it happened to
land on a whole or tenth second).
* "bro_is_terminating" is now "zeek_is_terminating"
* "bro_version" is now "zeek_version"
The old function names still exist for now, but are deprecated.
These are no longer loaded by default due to the performance impact they
cause simply by being loaded (they have event handlers for commonly
generated events) and they aren't generally useful enough to justify it.
* origin/topic/timw/159-coerce-counts:
GHI-155: set the type of a vector based on the variable's type, not the value's type
GH-159: Allow coercion of numeric values into other types
Allow passing a location to BroObj::Warning and BroObj::Error.
Add CLion directories to gitignore
Move #define outside of max_type for clarity
* origin/topic/vlad/rdp_bluekeep:
RDP: Update existing baselines with new client_channels field
RDP: Add parsing and logging of channels requested by the client. Can determine capabilities requested by the client, as well as attacks such as CVE-2019-0708
* 'table-error' of https://github.com/ZekeMedley/zeek:
Check table yield type on assignment.
Also extended the type checking to include sets as well as the full
table type (yield type as well as index types).
* 'topic/christian/inputframework-reporter-filenames' of https://github.com/ckreibich/zeek:
Add input file name to additional ASCII reader warning messages
Due to string representation of Broker vectors changing (they now
use parentheses instead of square brackets).
Related to https://github.com/zeek/broker/issues/43
* origin/topic/timw/173-port-ranges:
GH-173: Support ranges of values for value_list elements in the signature parser
GH-173: Modify the signature parser so ID components (such as variable names) can't start with numbers
* origin/topic/johanna/clone:
Add leak-checks for new copy operations
Finish implementation of copy method.
Checkpoint - all non-opaque-types can be cloned.
Reimplement copy().
Fixed a couple leaks during merge.
Otherwise, setting Reporter::errors_to_stderr=F causes important
error messages to be lost (and this setting is the default for
ZeekCtl). E.g. now that we terminate if there's errors during
zeek_init, GH-369 shows that the only error message given was
"fatal error: errors occurred while initializing", which is not
helpful in determining the actual issue.
Broker::subscribe() after Broker::peer() may result in losing messages,
always best to do the reverse order.
Also possibly improved chance of unstable unit test output order.
* origin/topic/jsiwek/dns-mgr-fixes:
Fix timing out DNS lookups that were already resolved
Remove an unhelpful/optimistic DNS_Mgr optimization
Fix DNS_Mgr priority_queue usage
Remove dead code from DNS_Mgr
Improve DNS_Mgr I/O loop: prevent starvation due to busy Broker
Fix a ref counnting bug in DNS_Mgr
* origin/topic/robin/gh-239:
Undo a change to btest.cfg from a recent commit
Updating submodule.
Fix zeek-wrapper
Update for renaming BroControl to ZeekControl.
Updating submodule.
GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev.
* origin/topic/johanna/243:
Fix missing include file on Linux
Deprecations: Update NEWS, and tie up a few loose ends.
Remove support for using &&/|| with patterns.
Remove RemoteSerializer and related code/types.
Remove PersistenceSerializer.
Remove synchrnized and persistent attributes.
Looked like a possible race condition in how the test was structured: an
endpoint sees its peer got lost and likewise exits immediately before
having a chance to process events the peer had sent just before exiting.
Fix is to reverse which endpoint initiates the termination sequence so
we can be sure we see the required events.
