Otherwise there is a functional problem caused by using #include to
insert the disconnected source code: language server/analysis tools,
like clangd, may get confused by those files and report everything
in them as an error.
* Rename overly generic ACCESSORS macro with ZEEK_ prefix
* A few places where whitespace was noticeably wrong/distracting
* Minor/obvious reference/move semantics improvements suggested by linter
* Remove unused detail::Scope::Remove(), no need for deprecation
Previously, an assertion was triggered in debug builds upon any attempt
to insert or remove a Dictionary entry while any iteration of that
Dictionary is underway and also even in cases where Dictionary membership
was not actually modified (and thus invalidates a loop).
Now, it emits run-time warnings regardless of build-type and only when
insert/remove operations truly change the Dictionary membership. In the
context of a Zeek script causing an invalidation, the warning message
also now helps pinpoint the exact expression that causes it.
- Add auxil/package-manager submodule as an optional build
source. When the submodule is present, zkg gets installed into the
Zeek installation's bin directory, its config file into etc/zkg, and
its state into var/lib/zkg. Like zeekctl, zkg finds its own module
independently of any PYTHONPATH. Installation via pip remains
supported. You can skip zkg explicitly via --disable-zkg. See the
NEWS update for details.
- Establish a "zeek/python" subdirectory under libdir as the common place
for Python modules in the Zeek distribution. This now separates out
the Broker Python bindings, ZeekControl, and zkg's Python module.
- Add configure flags to allow customizing this Python folder, in
three ways: --python-dir, --python-prefix, and --python-home. These
differ in the logic they automatically add to the path, and build on
the logic already used in Broker.
- Include a (comented-out) @load for zkg's packages folder in
local.zeek.
- Bump zeekctl to move to this new location.
- Bump doc to include installation instructions
- Update NEWS accordingly.
Merge adjustments:
- Fix the `--with-caf=` option from emitting messages about a variable
having an unset value.
- Fix the `zeek-config --caf_root` option
* origin/topic/neverlord/caf-migration:
Update submodule(s)
Fix message ordering of Broker messages
Fix UB in shutdown of Broker manager
Preserve string output of Broker errors
Migrate to CAF 0.18
Particularly for ICMP connections, a new timer got added every time a
`connection` record was updated even if there was still a pending timer
for that connection.
So as to prefer sigaction() over either sigset() or signal(), which are
less favorable due to underspecification issues and some treating them
as obsolete/deprecated.
Merge adjustments:
- Rewrote the check for error response as a switch statement to
fix compiler warning about signed/unsigned comparison and also
to just simplify/clarify the logic.
- Changed the btest to use `zeek -b`.
* origin/topic/vlad/gh-1286:
Add tests for new SMB3 multichannel support
Fix SMB2 response status parsing. Fixes#1286
* The parsing of IPv6 addresses tried to fill a stack-buffer with as
much data as supplied in the Option even if it was in excess of the
desired prefix or maximum IPv6 address size. This could result in an
overflow of that stack-buffer.
* The parsing of IPv4 addresses would overwrite the storage used for
that address as many times as there were bytes in the Option in excess
of the desired prefix length or maximum IPv4 address size. This could
cause the resulting IPv4 address to be derived from the incorrect
data.
* Upon encountering unexpected/excessive option-length or source-prefix
parameters, the data pointer used for parsing was also not always
advanced to the start of the next alleged option's data. Assuming all
other parsing code correctly guards against invalid input, there's no
further harm from that other than the subsequent parsing being more
likely to encounter unexpected values and emitting more Weirds.
Credit to OSS-Fuzz for discovery
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28336
(Link to details becomes public 30 days after patch release)
Using two separate Broker subscribers for status events and regular
messages introduces a race on the two objects. Even if Broker sends all
messages in a particular (deterministic) order, Zeek may still process
them in a different order as a result. Since several tests rely on a
strict ordering of Broker events, these tests could fail sporadically.
Using only a single subscriber for all Broker messages makes sure that
Zeek observes all messages in the same order as Broker emits them.
* origin/topic/christian/gh-1307-baseline-refresh:
Additional use of btest-diff --binary
Update btest-diff calls on binary files to using "--binary"
Switch to btest-diff with --binary support
Update external baseline commit hashes
Fix binary baseline & line-end problem
Fix diff-remove-abspath on OSX
Bump submodules for btest 0.64 update
Canonifier improvements for the scripts.base.frameworks.logging.ascii-double test
Baseline refresh to reflect btest 0.64
Make diff-remove-abspath canonifier match on non-whitespace paths only
Harden diff-remove-timestamps canonifier
