The GNU and BSD versions of `touch` and `truncate` allow slightly
different arguments, change the tests so they work in both versions.
(cherry picked from commit caaffd0324)
These two builds are struggling to complete due to OOM issues. Reducing the
number of CPUs didn't help, so this temporarily disables Spicy from
building on those hosts to reduce the memory usage.
(cherry picked from commit bbf7f34cdc)
This template was added when the sanitizer builds needed more memory than all
of the other builds. We've since increased the amount of memory that the other
builds use beyond what's requested in this template, so it doesn't make sense
to keep it around.
(cherry picked from commit 4c6c89d863)
For CI and more general BTest execution we already enabled ccache
previously, but developers using a Spicy build out of the build
directory still needed to manually set up caching.
With this patch we enable it for such cases as well via
`zeek-path-dev.*sh`.
(cherry picked from commit e624c7500e)
This also adds 15.4 to the list of distributions that are skipped by
default - let me know if this is not a good idea. I assume that by now
most people will be running 15.5 (15.4 will be EOL in ~3 months).
(cherry picked from commit 4ad2a6ab9a)
* origin/topic/awelzel/smb-unbounded-recent-files-growth:
smb: Fix &read_expire not in effect due to &default=string_set() usage
(cherry picked from commit 5740dbcf20)
* 'topic/xb-anssi/http_signature_body_end_match' of https://github.com/xb-anssi/zeek:
Let signature framework match HTTP body end
Test how the signature framework matches HTTP body
(cherry picked from commit 8a13155a41)
Seems the intention was to always add OPENSSL_INCLUDE_DIR to the
zeek_dynamic_plugin_base target, but finding of the OpenSSL package
and setting OPENSSL_INCLUDE_DIR happens much later, so this was never
functional.
Relates to #3408 - this is the fix for Zeek 6.0.3, #3420 is the
better fix for the future.
* security/topic/timw/6.0.2-patches:
ftp: Do not base seq on number of pending commands
ssl: Prevent unbounded ssl_history growth
ssl: Cap number of alerts parsed from SSL record
X509Common/SCT parsing: Fix memory leak in error case
IEEE802_11: Fix buffer-overflow due to not accounting for the amsdu header
Previously, seq was computed as the result of |pending_commands|+1. This
opened the possibility to override queued commands, as well as logging
the same pending ftp reply multiple times.
For example, when commands 1, 2, 3 are pending, command 1 may be dequeued,
but the incoming command then receives seq 3 and overrides the already
pending command 3. The second scenario happens when ftp_reply() selected
command 3 as pending for logging, but is then followed by many ftp_request()
events. This resulted in command 3's response being logged for every
following ftp_request() over and over again.
Avoid both scenarios by tracking the command sequence as an absolute counter.
The previous fix also made it clear that the ssl_history field may grow
unbounded via the ssl_alert event. Prevent by capping using a configurable
limit (default 100) and raise a weird once reached.
Limit the number of events raised from an SSL record with content_type
alert (21) to a configurable maximum number (default 10). For TLS 1.3,
the limit is set to 1 as specified in the RFC. Add a new weird for the
in cases where the limit is exceeded.
OSS-Fuzz managed to generate a reproducer that raised ~660k ssl_plaintext
and ssl_alert events together given ~810kb of input data. This prevents
it with hopefully no negative side-effect in the real-world.
The fuzzer generated input where data length left was 14 and the amsdu_len
field set to 14. That caused buffer overread due not taking into account
the amsdu header length of 14.
* origin/topic/awelzel/3190-supervisor-eventmgr-shared-pipe-fix:
event: Reinitialize EventMgr's flare after fork() from stem
(cherry picked from commit 22fb445a7f)
