zeek-dev January 2015

zeek-dev@lists.zeek.org

78 discussions

[Bro-Dev] [JIRA] (BIT-1238) High false-positive for application/x-tar signature

by Seth Hall (JIRA)

[ https://bro-tracker.atlassian.net/browse/BIT-1238?page=com.atlassian.jira.p… ] Seth Hall updated BIT-1238: --------------------------- Resolution: Fixed Fix Version/s: 2.4 git/master Status: Closed (was: Open) I'm going to go ahead and close this since things are at least significantly better now. > High false-positive for application/x-tar signature > --------------------------------------------------- > > Key: BIT-1238 > URL: https://bro-tracker.atlassian.net/browse/BIT-1238 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro > Affects Versions: 2.3 > Reporter: Brian O'Berry > Assignee: Seth Hall > Labels: file, mime, signature > Fix For: git/master, 2.4 > > Attachments: test.tar.gz > > > The following signature in base/frameworks/files/magic/general.sig frequently triggers on text files in our environment, and includes a strength value higher than GNU and POSIX tar signatures in libmagic.sig. > {code} > signature file-tar { > file-magic /([[:print:]\x00]){100}(([[:digit:]\x00\x20]){8}){3}/ > file-mime "application/x-tar", 150 > } > {code} -- This message was sent by Atlassian JIRA (v6.4-OD-12-026#64007)

7 years, 4 months

[Bro-Dev] [JIRA] (BIT-1238) High false-positive for application/x-tar signature

by Seth Hall (JIRA)

[ https://bro-tracker.atlassian.net/browse/BIT-1238?page=com.atlassian.jira.p… ] Seth Hall commented on BIT-1238: -------------------------------- Could you check master now to see if your problem is fixed? The branch that was fixing this problem has been merged. > High false-positive for application/x-tar signature > --------------------------------------------------- > > Key: BIT-1238 > URL: https://bro-tracker.atlassian.net/browse/BIT-1238 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro > Affects Versions: 2.3 > Reporter: Brian O'Berry > Assignee: Seth Hall > Labels: file, mime, signature > Attachments: test.tar.gz > > > The following signature in base/frameworks/files/magic/general.sig frequently triggers on text files in our environment, and includes a strength value higher than GNU and POSIX tar signatures in libmagic.sig. > {code} > signature file-tar { > file-magic /([[:print:]\x00]){100}(([[:digit:]\x00\x20]){8}){3}/ > file-mime "application/x-tar", 150 > } > {code} -- This message was sent by Atlassian JIRA (v6.4-OD-12-026#64007)

7 years, 4 months

[Bro-Dev] [JIRA] (BIT-1238) High false-positive for application/x-tar signature

by Steve Egbert (JIRA)

[ https://bro-tracker.atlassian.net/browse/BIT-1238?page=com.atlassian.jira.p… ] Steve Egbert updated BIT-1238: ------------------------------ Status: Open (was: Merge Request) > High false-positive for application/x-tar signature > --------------------------------------------------- > > Key: BIT-1238 > URL: https://bro-tracker.atlassian.net/browse/BIT-1238 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro > Affects Versions: 2.3 > Reporter: Brian O'Berry > Assignee: Seth Hall > Labels: file, mime, signature > Attachments: test.tar.gz > > > The following signature in base/frameworks/files/magic/general.sig frequently triggers on text files in our environment, and includes a strength value higher than GNU and POSIX tar signatures in libmagic.sig. > {code} > signature file-tar { > file-magic /([[:print:]\x00]){100}(([[:digit:]\x00\x20]){8}){3}/ > file-mime "application/x-tar", 150 > } > {code} -- This message was sent by Atlassian JIRA (v6.4-OD-12-026#64007)

7 years, 4 months

[Bro-Dev] [JIRA] (BIT-1238) High false-positive for application/x-tar signature

by Steve Egbert (JIRA)

[ https://bro-tracker.atlassian.net/browse/BIT-1238?page=com.atlassian.jira.p… ] Steve Egbert updated BIT-1238: ------------------------------ Status: Merge Request (was: Open) > High false-positive for application/x-tar signature > --------------------------------------------------- > > Key: BIT-1238 > URL: https://bro-tracker.atlassian.net/browse/BIT-1238 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro > Affects Versions: 2.3 > Reporter: Brian O'Berry > Assignee: Seth Hall > Labels: file, mime, signature > Attachments: test.tar.gz > > > The following signature in base/frameworks/files/magic/general.sig frequently triggers on text files in our environment, and includes a strength value higher than GNU and POSIX tar signatures in libmagic.sig. > {code} > signature file-tar { > file-magic /([[:print:]\x00]){100}(([[:digit:]\x00\x20]){8}){3}/ > file-mime "application/x-tar", 150 > } > {code} -- This message was sent by Atlassian JIRA (v6.4-OD-12-026#64007)

7 years, 4 months

Re: [Bro-Dev] [Bro-Commits] [git/bro] topic/jsiwek/broker: Add support for building/linking broker within bro (7120098)

by Robin Sommer

On Thu, Jan 08, 2015 at 14:46 -0800, you wrote: > Author: Jon Siwek <jsiwek(a)illinois.edu> > > Add support for building/linking broker within bro > > The new --enable-broker flag can be used to toggle the use of Broker, > which also implies building with -std=c++11, though nothing makes > use of these features at the moment. We should probably make the C++11 dependency more explicit, in particular given that we want to prepare people for requiring it after 2.4. One idea would be an explicit --enable-C++11 configure switch, which --enable-broker would then either require, or activate automatically along with itself. That would then also allow us to generally test Bro compilation in C++11 mode. In addition, it would be good to check at configure time that the compiler indeed supports C++11; and if not, give an explicit erorr message stating so (rather than failing compiling later). Maybe even do that check without --enable-C++11 and warn people with older compilers that Bro in the future won't compile for them anymore. Nothing to do immediately, but to keep in mind as we get closer to the next release. Robin -- Robin Sommer * ICSI/LBNL * robin(a)icir.org * www.icir.org/robin

7 years, 4 months

[Bro-Dev] [Auto] Merge Status

by Merge Tracker

Open Merge Requests =================== ID Component Reporter Assignee Updated For Version Priority Summary ------------ ----------- ---------- ---------- ---------- ------------- ---------- ---------------------------------------- BIT-1231 [1] Bro hui hui 2015-01-07 - Normal DNP3 Analyzer Supports for DNP3-over-UDP [1] BIT-1231 https://bro-tracker.atlassian.net/browse/BIT-1231

7 years, 4 months

[Bro-Dev] [JIRA] (BIT-1302) configuration of dynamic Bro plugin easily desynchronizes with Bro's configuration

by Robin Sommer (JIRA)

[ https://bro-tracker.atlassian.net/browse/BIT-1302?page=com.atlassian.jira.p… ] Robin Sommer reassigned BIT-1302: --------------------------------- Assignee: Robin Sommer > configuration of dynamic Bro plugin easily desynchronizes with Bro's configuration > ---------------------------------------------------------------------------------- > > Key: BIT-1302 > URL: https://bro-tracker.atlassian.net/browse/BIT-1302 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro, bro-aux > Reporter: Jon Siwek > Assignee: Robin Sommer > Priority: Low > > Any way for a dynamic plugin to automatically detect Bro's CMakeCache.txt has been changed since the last time it did a "load_cache" so that it can re-run the CMake configuration process? > Maybe a hacky way would be to force the top-level/skeleton Makefile of the plugin to always do a `./configure` or a `touch build/CMakeCache.txt`. > The specific problem I ran in to was > 1) do a plain `./configure` of Bro > 2) configure/build a plugin (e.g. I was using btest/plugins/file-plugin) > 3) change my mind and do a `./configure --enable-debug` of Bro. > 4) (re)building the plugin still uses the original compiler flags inherited from Bro's CMakeCache, but it's really important that it be using the same debug flags. In this case not too bad to realize that ABI of the Val class depends on -DDEBUG, but was still pretty unique/subtle to trace the resulting crashes back to the difference in compile flags between Bro and the plugin. -- This message was sent by Atlassian JIRA (v6.4-OD-12-026#64007)

7 years, 4 months

[Bro-Dev] [JIRA] (BIT-1302) configuration of dynamic Bro plugin easily desynchronizes with Bro's configuration

by Robin Sommer (JIRA)

[ https://bro-tracker.atlassian.net/browse/BIT-1302?page=com.atlassian.jira.p… ] Robin Sommer commented on BIT-1302: ----------------------------------- Good point. I'll put this one my todo list for cleaning up the plugin code, I need to work more on that Makefile skeleton anyways. > configuration of dynamic Bro plugin easily desynchronizes with Bro's configuration > ---------------------------------------------------------------------------------- > > Key: BIT-1302 > URL: https://bro-tracker.atlassian.net/browse/BIT-1302 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro, bro-aux > Reporter: Jon Siwek > Priority: Low > > Any way for a dynamic plugin to automatically detect Bro's CMakeCache.txt has been changed since the last time it did a "load_cache" so that it can re-run the CMake configuration process? > Maybe a hacky way would be to force the top-level/skeleton Makefile of the plugin to always do a `./configure` or a `touch build/CMakeCache.txt`. > The specific problem I ran in to was > 1) do a plain `./configure` of Bro > 2) configure/build a plugin (e.g. I was using btest/plugins/file-plugin) > 3) change my mind and do a `./configure --enable-debug` of Bro. > 4) (re)building the plugin still uses the original compiler flags inherited from Bro's CMakeCache, but it's really important that it be using the same debug flags. In this case not too bad to realize that ABI of the Val class depends on -DDEBUG, but was still pretty unique/subtle to trace the resulting crashes back to the difference in compile flags between Bro and the plugin. -- This message was sent by Atlassian JIRA (v6.4-OD-12-026#64007)

7 years, 4 months

[Bro-Dev] [JIRA] (BIT-1302) configuration of dynamic Bro plugin easily desynchronizes with Bro's configuration

by Jon Siwek (JIRA)

Jon Siwek created BIT-1302: ------------------------------ Summary: configuration of dynamic Bro plugin easily desynchronizes with Bro's configuration Key: BIT-1302 URL: https://bro-tracker.atlassian.net/browse/BIT-1302 Project: Bro Issue Tracker Issue Type: Problem Components: Bro, bro-aux Reporter: Jon Siwek Priority: Low Any way for a dynamic plugin to automatically detect Bro's CMakeCache.txt has been changed since the last time it did a "load_cache" so that it can re-run the CMake configuration process? Maybe a hacky way would be to force the top-level/skeleton Makefile of the plugin to always do a `./configure` or a `touch build/CMakeCache.txt`. The specific problem I ran in to was 1) do a plain `./configure` of Bro 2) configure/build a plugin (e.g. I was using btest/plugins/file-plugin) 3) change my mind and do a `./configure --enable-debug` of Bro. 4) (re)building the plugin still uses the original compiler flags inherited from Bro's CMakeCache, but it's really important that it be using the same debug flags. In this case not too bad to realize that ABI of the Val class depends on -DDEBUG, but was still pretty unique/subtle to trace the resulting crashes back to the difference in compile flags between Bro and the plugin. -- This message was sent by Atlassian JIRA (v6.4-OD-12-026#64007)

7 years, 4 months

[Bro-Dev] [Auto] Merge Status

by Merge Tracker

7 years, 4 months

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

zeek-dev January 2015