* origin/topic/vern/case-insensitive-patterns:
use PCRE syntax instead of the beautiful new (?i ...) syntax
nitlet in NEWS entry
test suite update for case-insensitive patterns
document use of double quotes to escape case-insensitivity
bug fix for recent memory leak patch
documentation updates for case-insensitive patterns
d'oh there's isalpha. I looked earlier for isletter :-P
fix for handling [:(lower|upper):] in case-insensitive patterns
implemented /re/i for case-insensitive patterns
As opposed to plugins depending on a Bro source/build tree. This
required installing various Bro headers, BinPAC and it's headers,
bifcl, and Bro's custom CMake modules.
* 'x509_ext_san_dns_optional' of https://github.com/liviuvalsan/bro:
Added support for making optional the extraction of DNS entries from X509 SAN as Intel::seen records.
Mostly trying to standardize the way tests sleep for arbitrary amounts
of time to make it easier to tell at which particular point the
unit test actually may need the timeout interval increased (or else
debugged further).
This field isn't publicly available via the OpenSSL 1.1 API, not used
in the base scripts, and has no example in the test suit, so removing
it is simpler than trying to support manually parsing it out of the
raw data.
The following tests currently fail due to what seems like different
behavior in OpenSSL 1.1 vs 1.0:
scripts/base/protocols/rdp/rdp-x509.bro
bifs/x509_verify.bro
This test-case has actually revealed an interesting issue - it works as
is, but as soon as one adds a vector, one gets the fun error-message
fatal error in any: BroType::AsVectorType (any/vector) (any)
This will require a bit more digging :).
* origin/topic/dnthayer/ticket1947:
Fix some typos and formatting in NEWS
Add pattern operators to the documentation of operators
Fix minor typos in broker reference documentation
Fix a broken link and some typos in broker documentation
Fix reST formatting in documentation of "count" type
Add documentation for some new Bro features
In the following example, the republication of "arg" would result in
literally sending it as a Broker::Data record instead of the broker data
that it was already wrapping.
Sender:
Broker::publish("topic", my_event, "hello")
Receiver:
event my_event(arg: any)
{
Broker::publish("topic", my_event, arg)
}
* origin/topic/vern/pattern-ops:
Update submodules to correct checkouts.
test suite updates for &/| pattern operators
documentation for &/| for patterns
side-porting changes for supporting &/| pattern ops
basic code implemented, but there's a memory problem somehwere :-(
