* origin/topic/jsiwek/broker-store-process-n:
Improve Broker I/O loop integration: less mutex locking
Improve processing of broker data store responses
* origin/topic/vlad/rdp_bluekeep:
RDP: Update existing baselines with new client_channels field
RDP: Add parsing and logging of channels requested by the client. Can determine capabilities requested by the client, as well as attacks such as CVE-2019-0708
* 'table-error' of https://github.com/ZekeMedley/zeek:
Check table yield type on assignment.
Also extended the type checking to include sets as well as the full
table type (yield type as well as index types).
* 'topic/christian/inputframework-reporter-filenames' of https://github.com/ckreibich/zeek:
Add input file name to additional ASCII reader warning messages
The ASCII reader had a few messages that did not indicate in which
file it notices a problem. With the input framework it simplifies
troubleshooting when that file is spelled out, because you may have
multiple such files on your system.
Includes test baseline updates.
Due to string representation of Broker vectors changing (they now
use parentheses instead of square brackets).
Related to https://github.com/zeek/broker/issues/43
* origin/topic/timw/173-port-ranges:
GH-173: Support ranges of values for value_list elements in the signature parser
GH-173: Modify the signature parser so ID components (such as variable names) can't start with numbers
* origin/topic/johanna/clone:
Add leak-checks for new copy operations
Finish implementation of copy method.
Checkpoint - all non-opaque-types can be cloned.
Reimplement copy().
Fixed a couple leaks during merge.
All types (besides EntropyVal) now support a native copy operation,
which uses primitives of the underlying datatypes to perform a quick
copy, without serialization.
EntropyVal is the one exception - since that type is rather complex
(many members) and will probably not be copied a lot, if at all, it
makes sense to just use the serialization function.
This will have to be slightly re-written in the near-term-future to use
the new serialization function for that opaque type.
This change also introduces a new x509_from_der bif, which allows to
parse a der into an opaque of x509.
This change removes the d2i_X509_ wrapper function; this was a remnant
when d2i_X509 took non-const arguments. We directly use d2i_X509 at
several places assuming const-ness, so there does not seem to ba a
reason to keep the wrapper.
This change also exposed a problem in the File cache - cases in which an
object was brought back into the cache, and writing occurred in the
file_open event were never correctly handeled as far as I can tell.
For backward compatibility when reading values, we first check
the ZEEK-prefixed value, and if not set, then check the corresponding
BRO-prefixed value.
To be more exact: &encrypt, &mergeable, &rotate_interval, &rotate_size
Also removes no longer used redef-able constants:
log_rotate_interval, log_max_size, log_encryption_key
GH-243
Most of these changes are either cmake-related or plugin-related.
Added a new test "plugins/legacy.zeek" to test that legacy Bro plugins
still work.
Also added a symlink bro-path-dev.in because some legacy Bro packages
won't install without it.
Otherwise, setting Reporter::errors_to_stderr=F causes important
error messages to be lost (and this setting is the default for
ZeekCtl). E.g. now that we terminate if there's errors during
zeek_init, GH-369 shows that the only error message given was
"fatal error: errors occurred while initializing", which is not
helpful in determining the actual issue.
This is needed to track name changes for the documentation.
With this things, which do not need val-cloning, generally seem to work
again. There are a whole bunch of test failures at the moment.
The KRB parser allowed for the following types/fields to be left
uninitialized, so an &optional attribute was added to reflect that:
- KRB::Error_Msg
- pvno
- msg_type
- server_time
- service_realm
- service_name
- KRB::KDC_Request
- kdc_options
- service_realm
- till
- nonce
- encryption_types
Usages have also been adapted to perform existence checks.
