* origin/topic/seth/subproject-build:
Removing a fix from another branch
Update binpac pointer
Update bifcl and binpac for building Zeek as a submodule
Updated the cmake pointer
Fix the builtin plugin preload mechanism
Update submodule pointer for cmake to point at the appropriate branch
Switch to more accurate source and binary references in cmake
* origin/topic/johanna/gh-859:
Add X509/SSL changes to NEWS
X509: add check if function succeeds
GH-1634: Address feedback
Small indentation fixes in ssl-log-ext.zeek
Fix memory leak in x509_check_cert_hostname bif
Small bugfix and updates for external test hashes (SSL/X509)
Baseline updates for recent SSL changes.
Add ability to check if hostname is valid for a specific cert
Add ssl_history field to ssl.log
Add policy script suppressing certificate events
Add new ssl-log-ext policy script
Deprecate extract-certs-pem.zeek and add log-certs-base64.zeek
Implement X509 certificate log caching
Deprecate ICSI SSL notary script.
Change SSL and X.509 logging format
Enable OCSP logging by default.
Split the code that handles X509 event hashing into its own file
Closes GH-859
* topic/christian/global-log-filter-hooks:
Bump docs to pull in new log filter hooks documentation
Add a global log policy hook to the logging framework
This addresses the need for a central hook on any log write, which
wasn't previously doable without a lot of effort. The log manager
invokes the new Log::log_stream_policy hook prior to any filter-specific
hooks. Like filter-level hooks, it may veto a log write. Even when
it does, filter-level hooks still get invoked, but cannot "un-veto".
Includes test cases.
- 1458048: Use-after-free in the SQLite logger
- 1457823: Missing a break statement in script-opt reduction
- 1453966: Dead code in CompHash
- 1445417: Unintialized variable in StaticHash64
- 1437716: Unintialized variables in FileInfo in scan.l
* origin/topic/vern/CPP-workflow2:
low-level coding style fixes
support for standalone compiled scripts to export globals with module qualifiers
updates for documentation of functionality for compiling scripts to C++
fixes for standalone C++ scripts making types & variables/functions available
fixed bug limiting availability of load_CPP() BiF
updates to development helper scripts to support new workflow
simpler workflow for -O gen-C++ ; also some hooks for -O gen-standalone-C++
ReplaceBody now deletes a body if the replacement is nil
removal of can't-actually-be-executed code
The framework so far populated data structures with missing fields
even when those fields are defined without the &optional
attribute. When using the attribute, such entries continue to get
populated.
Update tests to reflect focus on unset fields.
* origin/topic/seth/small-builtin-plugin-fixes:
Fix tests
Removed a non-functional builtin plugin preload loading mechanism
Load the builtin-plugin preload files and fix the dev path.
There's a known false positive with the atomic variables in this method
that triggers a complaint from ThreadSanitizer. Marking it as ignored
avoids the warning.
This commit switches to only allowing the CT logs that are currently
accepted by Google Chrome - which makes much more sense for us since
this is (potentially) used for validation.
Additional CT logs can be added in user-scripts.
Due to different double precision on M1, file IDs for SMB could end up
changing on M1 because the access time of a file goes into their
computation. The real solution for this would be changing Zeek's
internal "time" representation to uint64; that's planned, but requires
major surgery. For now, this PR changes the SMB code to also pass SMB's
original time representation (which is a uint64) into script-land, and
then use that for computing the file ID.
Closes#1406
