* origin/topic/jsiwek/broker:
Fix build warnings, clarify broker requirements, update submodule.
Rename comm/ directories to broker/
Rename broker-related namespaces.
Improve remote logging via broker.
Disable a stream's remote logging via broker if it fails.
Improve some broker communication unit tests.
Adapt to a broker API change.
BIT-1319 #merged
* origin/topic/johanna/x509-cn:
Use our new features to send the CN and SAN fields of certificates to the intel framework.
Do not log common name by default (it is most interesting for scripts) and add a test case.
extract most specific common name from certificates
BIT-1323 #merged
* origin/topic/gilbert/plugin-api-tweak:
Updating plugin.hooks baseline so that test succeeds
Revert spacing change that shouldn't have been included with the previous changeset ... should fix all of the plugin tests save hooks, which needs to be updated.
More small fixes
Small fixes
Incremental
Re-updating plugin.hooks test to include new argument output (after merge).
Fixing logic errors in HandlePluginResult
Updating tests and tweaking HookArgument to include Frame support.
Incremental commit: implementing a wrapper for the Val class.
Reverting change to const status of network_time. Also, see FIXME: in Func.cc / HandlePluginResult ...
Tweaks to result handling to make things a little more sane.
Plugin API: minor change (adding parent frame) to support calling methods from hook. Also declare network time update argument to be const because good practice.
BIT-1270 #merged
Conflicts:
testing/btest/Baseline/plugins.hooks/output
* origin/topic/johanna/ssl-policy:
Extend the weak-keys policy file to also alert when encountering ssl connections with old versions as well as unsafe cipher suites.
BIT-1321 #merged
* origin/fastpath:
Crashing bug in WriterBackend when deserializing WriterInfo where config is present. Testcase crashes on unpatched versions of Bro.
Fix wrong value test in WriterBackend. Found by Aaron Eppert (aeppert@gmail.com)
Fixing one missing index adjustment (I believe ...)
BIT-757 #merged
* origin/topic/jsiwek/deprecation:
Fix typo.
Update documentation (broken links, outdated tests).
Update NEWS for deprecated/changed functions.
Deprecate split* family of BIFs.
Improve use of &deprecated on functions.
Add a new attribute: &deprecated.
A DNP3 packet using a link layer header that specifies a zero length can
trigger an assertion failure if assertions are enabled. Assertions are
enabled unless Bro is compiled with the NDEBUG preprocessor macro
defined. The default configuration of Bro will define this macro and so
disables assertions, but using the --enable-debug option in the
configure script will enable assertions. When assertions are disabled,
or also for certain length values, the DNP3 parser may attempt to pass a
negative value as the third argument to memcpy (number of bytes to copy)
and result in a buffer over-read or overflow.
Reported by Travis Emmert.
* origin/topic/jsiwek/file-reassembly-merge:
Add NEWS items related to file analysis changes.
Revert "Workaround race condition in unified2 file module."
Workaround race condition in unified2 file module.
Fix reference counting bug in refactored file reassembly code.
Change file extraction to explicitly NUL-fill gaps
Review/fix/change file reassembly functionality.
Improve TAR file detection and other small changes.
Updates for file mime type identification.
Updates the files event api and brings file reassembly up to master.
More file reassembly work.
Initial commit of file reassembly.
Retrieval of extended alert information from sid-msg.map, gen-msg.map,
and classification.config files uses Bro's input framework, but since
the unified2 file analyzer also relies on the input framework,
coordination is needed to start analysis only after extended info has
been read at least once.
BIT-1293 #merged
* origin/topic/johanna/ssl-fail-earlier:
and just to be safe - also require the &if check in binpac
make the SSL analyzer skip further processing once encountering situations which are very probably non-recoverable.
