* origin/topic/robin/pp-alarms:
The silliest, tiniest little whitespace fixes.
Update missing in last commit to this branch.
Adding test for alarm mail.
Tuning the pretty-printed alarms output.
- Skip diffing of debug.log always.
- Skip diffing of reporter.log if it only contains an error about
missing GeoIP support.
- Canonicalize X.509 Distinguished Name subjects since that can vary
depending on installed OpenSSL version.
* origin/fastpath:
Enable warnings for malformed Broxygen xref roles.
Broxygen fix for function parameter recognition; better than 80b2451.
Allow Broxygen markup "##<" for more general use.
* origin/fastpath:
Fix missing action in notice policy for looking up GeoIP data.
Better persistent state config warning messages (fixes#433).
A few updates for SQL injection detection.
Fixed some DPD signatures for IRC. Fixes ticket #311.
Removing Off_Port_Protocol_Found notice.
SSH::Interesting_Hostname_Login cleanup. Fixes#664.
Teach Broxygen to more generally reference attribute values by name.
Fixed a really dumb bug that was causing the malware hash registry script to break.
Fix Broxygen confusing scoped id at start of line as function parameter.
Remove remnant of libmagic optionality
- The biggest change is the change in notice names from
HTTP::SQL_Injection_Attack_Against to
HTTP::SQL_Injection_Victim
- A few new SQL injection attacks in the tests that we need to
support at some point.
In DNS::Resolve, they could be deleted once from where they were
stored in the nb_dns_info cookie and once again from where they
were stored in the DNS_Mgr::requests list. Before commit
bd9c937236, they were only deleted
from the requests list, so this commit reverts to that behavior
without any leaks being reported by the core/leaks tests.
- Answers and TTLs are now vectors.
- The warning that was being generated (dns_reply_seen_after_done)
from transaction ID reuse is fixed.
- Updated the single failing btest baseline.
* origin/topic/jsiwek/custom-b64-alphabet:
Add decode_base64_custom BiF to allow alternate base64 alphabets.
Simplified the code a little bit.
Closes#670.
- Some (all?) of the DNS servers aren't being detected
anymore because the test tracefile isn't long enough.
Logging servers is delayed a 5 minutes in case a better
result comes in.
* origin/topic/robin/interpreter-exceptions:
Adding test for new error handling.
Experimental code to better handle interpreter errors.
This seems to work fine and it catches some potentially nasty crashes
so I'm merging it in even though it's not the final word on error
handling yet. #646 tracks the work scheduled for later.
