A baseline difference between arm64 and x86 showed up. We would
print a wrong character as negative value on x86 due to chars
being signed by default. Force an unsigned interpretation which
is also more reasonable because we'd have never indexed the
base64 table with -112
-XXXXXXXXXX.XXXXXX XXXXXXXXXXX 131.243.99.154 3288 193.159.183.138 80 base64_illegal_encoding character -112 ignored by Base64 decoding F zeek -
+XXXXXXXXXX.XXXXXX XXXXXXXXXXX 131.243.99.154 3288 193.159.183.138 80 base64_illegal_encoding character 144 ignored by Base64 decoding F zeek -
Fixes more of #2742
The buf[i] < 3 condition in use previously allowed all chars (signed on x86)
through that had the 0x80 high-bit set after reconstructing from the two
bytes of the netbios name, resulting in escaped non-ascii content in
the logs.
Fixes more of #2742
This avoids interference from other log streams in the policy hook test cases,
which could cause deviations in output vs baselines depending on build
configuration.
* origin/topic/awelzel/arm64-container-follow-ups:
docker: Extend tests to run a very basic Zeek script
cirrus: No broker-tests and no cpp-tests for images
docker: Update Makefile/README to align with the Cirrus CI setup
cirrus: Add back testing of container images
* security/topic/awelzel/125-ftp-timeout-three:
testing/ftp: Add tests and pcaps with invalid reply lines
ftp: Harden reply handing a bit and don't raise bad replies to script-land
ftp: ignore invalid commands
* origin/topic/robin/zeek-spicy-infra:
Switch to shared Spicy libraries by default.
Provide infrastructure to migrate legacy analyzers to Spicy.
Extend Zeekygen manager with method to check if it's active.
This should work now. It affects only the toolchain libraries
`libhilti`/`libspicy`. the runtime libraries `libhilti-rt` and
`libspicy-rt` are always built static (but they are small). Zeek
itself doesn't link against the toolchain anymore now anyways, but a
number of the Spicy tools do.
Note, we have an issue with Broker I believe: it looks like it always
overrides BUILD_SHARED_LIBS to `OFF`
Addresses #2675.
As initial examples, this branch ports the Syslog and Finger analyzers
over. We leave the old analyzers in place for now and activate them
iff we compile without any Spicy.
Needs `zeek-spicy-infra` branches in `spicy/`, `spicy-plugin/`,
`CMake/`, and `zeek/zeek-testing-private`.
Note that the analyzer events remain associated with the Spicy plugin
for now: that's where they will show up with `-NN`, and also inside
the Zeekygen documentation.
We switch CMake over to linking the runtime library into the plugin,
vs. at the top-level through object libraries.
* origin/topic/awelzel/2674-arm64-containers-on-cirrus:
cirrus/containers: Do not install btest pcaps
cirrus: Replace curl with _cache
cirrus: Add cluster testing
cirrus: Polish container_image_manifest_docker_builder
cirrus: Use ccache for faster container builds
cirrus: Add docker_builder tasks to build and push images
github: No more docker workflow
