* Rename overly generic ACCESSORS macro with ZEEK_ prefix
* A few places where whitespace was noticeably wrong/distracting
* Minor/obvious reference/move semantics improvements suggested by linter
* Remove unused detail::Scope::Remove(), no need for deprecation
Previously, an assertion was triggered in debug builds upon any attempt
to insert or remove a Dictionary entry while any iteration of that
Dictionary is underway and also even in cases where Dictionary membership
was not actually modified (and thus invalidates a loop).
Now, it emits run-time warnings regardless of build-type and only when
insert/remove operations truly change the Dictionary membership. In the
context of a Zeek script causing an invalidation, the warning message
also now helps pinpoint the exact expression that causes it.
Merge adjustments:
- Fix the `--with-caf=` option from emitting messages about a variable
having an unset value.
- Fix the `zeek-config --caf_root` option
* origin/topic/neverlord/caf-migration:
Update submodule(s)
Fix message ordering of Broker messages
Fix UB in shutdown of Broker manager
Preserve string output of Broker errors
Migrate to CAF 0.18
Particularly for ICMP connections, a new timer got added every time a
`connection` record was updated even if there was still a pending timer
for that connection.
So as to prefer sigaction() over either sigset() or signal(), which are
less favorable due to underspecification issues and some treating them
as obsolete/deprecated.
Merge adjustments:
- Rewrote the check for error response as a switch statement to
fix compiler warning about signed/unsigned comparison and also
to just simplify/clarify the logic.
- Changed the btest to use `zeek -b`.
* origin/topic/vlad/gh-1286:
Add tests for new SMB3 multichannel support
Fix SMB2 response status parsing. Fixes#1286
* The parsing of IPv6 addresses tried to fill a stack-buffer with as
much data as supplied in the Option even if it was in excess of the
desired prefix or maximum IPv6 address size. This could result in an
overflow of that stack-buffer.
* The parsing of IPv4 addresses would overwrite the storage used for
that address as many times as there were bytes in the Option in excess
of the desired prefix length or maximum IPv4 address size. This could
cause the resulting IPv4 address to be derived from the incorrect
data.
* Upon encountering unexpected/excessive option-length or source-prefix
parameters, the data pointer used for parsing was also not always
advanced to the start of the next alleged option's data. Assuming all
other parsing code correctly guards against invalid input, there's no
further harm from that other than the subsequent parsing being more
likely to encounter unexpected values and emitting more Weirds.
Credit to OSS-Fuzz for discovery
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28336
(Link to details becomes public 30 days after patch release)
Using two separate Broker subscribers for status events and regular
messages introduces a race on the two objects. Even if Broker sends all
messages in a particular (deterministic) order, Zeek may still process
them in a different order as a result. Since several tests rely on a
strict ordering of Broker events, these tests could fail sporadically.
Using only a single subscriber for all Broker messages makes sure that
Zeek observes all messages in the same order as Broker emits them.
- Minor whitespace/grammar/doc tweaks during merge
* 'add-X-to-double' of https://github.com/ynadji/zeek:
Add `count_to_double` and `int_to_double` bif functions
Also now uses CMake's ENABLE_EXPORTS target property for the zeek
executable to ensure symbols are visible to plugins. Prior to CMake
3.4, the policy was to export symbols by default for certain platforms,
but later versions need either the explicit target property or policy.
* origin/topic/robin/gh-1179-plugin-loading:
Retry loading plugins on failure to resolve to dependencies.
Fix use of deprecated functionality in test.
When attempting to activate a plugin, load dynamic libraries first.
Add test creating multiple plugins with load dependencies.
These macros forward to functionality in `zeek::detail::debug_logger`
and are not intended for customization. This patch fixes the macros to
always use `::zeek::detail::debug_logger` as without the leading `::`
lookup could happen in any potentially local namespace `zeek` which does
not need to provide this symbol.
This closeszeek/spicy#597.
- Fixed signed/unsigned comparison compiler warning
- Did other minor changes to address efficiency nitpicks
* origin/topic/johanna/1033:
BrokerStore <-> Zeek Tables: support complex indices
This fixes an unknown symbol error if using those methods. They're defined as extern
in the global namespace in Var.h, but Var.cc had their implementations defined in
the zeek::detail namespace.
This change adds support for complex indexes for sets and tables. With
this change, sets with indexes like:
set[string, count, count]
will function. Before this change, Zeek raised an error message in these
cases.
Addresses GH-1033
* origin/topic/jsiwek/gh-1264-ssh-host-key-fingerprints:
Simply ssh/main.zeek by using "ssh_server_host_key" for fingerprinting
Deprecate "ssh1_server_host_key" parameters *e* and *p*
GH-1264: Implement "ssh_server_host_key" event
* 'topic/vbrevet/ssh_version' of https://github.com/vbrevet/zeek:
[SSH] Handle SSH version 1.99 SSH can set in its identification a version 1.99 (SSH-1.99-xxx). That means the client/server is compatible with SSHv1 and SSHv2. So the version choice depends of the both side.
SSH can set in its identification a version 1.99 (SSH-1.99-xxx).
That means the client/server is compatible with SSHv1 and SSHv2.
So the version choice depends of the both side.
1.99 : 1.99 => 2.0
1.99 : 1.x => 1.x
1.99 : 2.0 => 2.O
(see "Compatibility With Old SSH Versions" in RFC 4253)
* origin/topic/jsiwek/type-alias-introspection:
Add enum_names() BIF to return names of an enum type's values
Add type_aliases() BIF for introspecting type-names of types/values
Change Type::type_aliases map to store IntrusivePtr
Fix lookup_ID() BIF to return enum values
