- Restored a deprecated version of 'supervisor_rotation_format_func'
during merge.
* origin/topic/vlad/expose_supervisor_rotation_func:
Rename supervisor_rotation_format_func to archiver_rotation_format_func, and expose it for non-supervised setups
The larger number was substracted from the smaller one leading to an
integer overflow. However, no information was lost due to everything
also being present in the notice message.
Fixes GH-1454
* origin/topic/vern/zval: (42 commits)
whitespace tweaks
resolved some TODO comments
remove unnecessary casts, and change necessary ones to use static_cast<>
explain cmp_func default
change functions for ZVal type management to static members
fix some unsigned/signed integer warnings
address lint concern about uninitialized variable
Remove use of obsolete forward-declaration macros
fix #include's that lack zeek/ prefixes
explicitly populate holes created in vectors
fixes for now-incorrect assumption that GetField always returns an existing ValPtr
memory management for assignment to vector elements
memory management for assignment to record fields
destructor cleanup from ZAM_vector/ZAM_record
fix #include's that lack zeek/ prefixes
overlooked another way in which vector holes can be created
initialize vector holes to the correct corresponding type
explicitly populate holes created in vectors
fix other instances of GetField().get() assuming long-lived ValPtr's
fix for now-incorrect assumption that GetField always returns an existing ValPtr
...
* origin/topic/vern/cpp-prep-fixes:
fix for associating current scope with the name of enums; name tidying
avoid infinite recursion in same_type() if it is analyzing recursive types
remove iffy reliance on type punning that relies on interpreter's behavior
fixes for propagating optimization options, and pruning script function analysis
This avoids a problem identified by amanbansal2709 in pull
request #1288. I fixed it in a different way than that pull request
by making sure the ts field is always set so that this isssue doesn't
return in the future.
Broker::create_master() and Broker::create_clone() now return
a valid value even when there's a failure to open the backend database
(e.g. SQLite filesystem error). In that case, the returned value can
still be passed into other data store operations, but they'll fail
immediately with an error. Broker::is_closed() can now also be used to
determine whether the data store creation calls failed.
* origin/topic/vern/reaching-defs: (36 commits)
added &is_assigned test case for variable rather than record field
Speedup ReachingDefs logic by ~15%
Simplify ReachingDefs::RDMap() accessor
test for -uu correctly tracking $?, and not misled by conditional assignments
&is_set => &is_assigned
remove pending maybe-reconsider-this comment
fixes for ?$ operator - always track it, and assume subrecords are initialized
speedup (and more coherent memory management) for tracking RDs
fixes for generating and evaluating RDs associate with ?$ expressions
fix for failure to reduce InlineExpr's to CatchReturnStmt's
inlining fix: propagate identifier attributes (such as &is_set)
tidier memory management
fix for an ancient bug - surprising that this hasn't caused problems previously
Fix IntrusivePtr release leaks in reaching-def logic
Change dynamic_cast in reaching-def logic to static_cast
Adjust some reaching-def memory management
Update a couple baselines for "xform" alternative
Adjust various reaching-def move/reference semantics
Change LambdaExpr::OuterIDs() accessor to return const-reference
Simplify declaration of DefPointType enum
...
Merge adjustments:
- Removed some stale str_split() references from docs
- Renumbered TypeTag enum comments
- Simplified test-case for @unload (don't need .bro files anymore)
* origin/topic/timw/deprecation-cleanup:
Doc updates
Fix language.init-in-anon-function btest due to changes to log filter predicates
Remove deprecated log filter predicates for 4.1
Remove Plugin::HookCallFunction and fix tests related to it
Remove support for .bro script extension and BRO_ environment variables
Remove deprecated ICMP events
Remove some deprected methods/events from bif files
Remove TYPE_COUNTER
Remove all of the random single-file deprecations
Remove all fully-deprecated files
Update bifcl submodule to remove deprecations from generated code
Update the logging framework tests: since hooks operate
by name, they cannot be anonymous. I'm also dropping the &optional
attribute from the status field, since here know that the values are
actually defined, and access to an optional status field should
normally be guarded by the existence test operator.
Also includes baseline update for plugins.hooks, which picks up the
fact that the pred record field is now gone.
* origin/topic/christian/fix-config-segfault:
Btest tweak for improved type rendering in config framework errors and set types
More precise type information in a config framework error message
Explicitly don't support sets with multiple index types in input/config frameworks
The input framework's Manager::IsCompatibleType() already rejected
sets with multiple index types that aren't all the same (i.e. that are
not pure). Pure ones (e.g. "set[addr,addr]") slipped through and could
cause Zeek to segfault elsewhere in the config framework due to type
comparison subtleties. Note that the ASCII reader can't read such sets
anyway, so this method now rejects sets with any kind of index-type
tuple.
In the config framework, the script-level change handler has a risky
conversion from any to set[bool], which can trigger segfaults when the
underlying set's index is a type tuple. We now prevent this code path
by ensuring it only applies to sets with a single index type.
This commit changes the logic that is used to tracks connection
establishment - and moves it from scriptland into the core.
TLS 1.3 connection establishment is much more finnicky for us than the
establishment of earlier versions - since we cannot rely on the CCS
message anymore (which is meaningless and not sent in a lot of cases).
With this commit, the ssl_encrypted_data message gets raised for
encrypted TLS 1.3 handshake messages - which is much more correct than
the behavior before that just interpreted them as plaintext messages.
I will refine this a bit more - at the moment the connection established
event happens a bit too early - earlier than TLS 1.3 connections
actually can be estasblished.
Part of GH-1323
- Add auxil/package-manager submodule as an optional build
source. When the submodule is present, zkg gets installed into the
Zeek installation's bin directory, its config file into etc/zkg, and
its state into var/lib/zkg. Like zeekctl, zkg finds its own module
independently of any PYTHONPATH. Installation via pip remains
supported. You can skip zkg explicitly via --disable-zkg. See the
NEWS update for details.
- Establish a "zeek/python" subdirectory under libdir as the common place
for Python modules in the Zeek distribution. This now separates out
the Broker Python bindings, ZeekControl, and zkg's Python module.
- Add configure flags to allow customizing this Python folder, in
three ways: --python-dir, --python-prefix, and --python-home. These
differ in the logic they automatically add to the path, and build on
the logic already used in Broker.
- Include a (comented-out) @load for zkg's packages folder in
local.zeek.
- Bump zeekctl to move to this new location.
- Bump doc to include installation instructions
- Update NEWS accordingly.
* origin/topic/jsiwek/gh-1264-ssh-host-key-fingerprints:
Simply ssh/main.zeek by using "ssh_server_host_key" for fingerprinting
Deprecate "ssh1_server_host_key" parameters *e* and *p*
GH-1264: Implement "ssh_server_host_key" event
This change allows users to specify an epoch length of 0, which means
that the user manually has to finish the epochs. A new next_epoch
function is introduced to allow users to manually end epochs.
Addresses GH-348
In non-clustered mode, epoch_finished was not called when there was no
data during the epoch.
This behavior does not fit the documentation, and also is different in
cluster-mode, where epoch_finished is, indeed, called after every epoch.
This small change fixes this behavior.
SSH can set in its identification a version 1.99 (SSH-1.99-xxx).
That means the client/server is compatible with SSHv1 and SSHv2.
So the version choice depends of the both side.
1.99 : 1.99 => 2.0
1.99 : 1.x => 1.x
1.99 : 2.0 => 2.O
(see "Compatibility With Old SSH Versions" in RFC 4253)
