Bro 2.6.1 release

Bro v2.6.1 is available for download:

This release updates the embedded SQLite to version 3.26.0 to
address the "Magellan" remote code execution vulnerability. The
stock Bro configuration/scripts don't use SQLite by default, but
custom user scripts/packages may.

This release also updates Broker to v1.1.2, which includes a
minor bug fix in its Python bindings and improved support for
building it as a static library.

And the first casualty:


fatal error in /usr/local/bro/share/bro/base/init-bare.bro, line 1: cannot load plugin library /usr/local/bro/lib/bro/plugins/packages/bro-af_packet-plugin//lib/ /usr/local/bro/lib/bro/plugins/packages/bro-af_packet-plugin//lib/ undefined symbol: bro_version_2_6_plugin_6

bro-pkg upgrade bro-af_packet-plugin
All packages already up-to-date.

Now what :slight_smile:


You need to rebuild the package/plugin, I think this was just added to
the zeek package manager...or will be soon was installed using the spiffy bro-pkg, so "rebuilding" isn't an option if I intend to stick with bro-pkg. If plugins aren't going to keep in sync with the core app proper then that might be an issue (especially in my case it looks like).


Try re-compiling/installing the plugin/package.

Plugins currently get compiled such that they reference a specific Bro
(plugin API) version and only linking against that version of Bro
provides it. i.e. once compiled, the plugin only works against a
specific Bro version

- Jon

Installing a bro-pkg that is a plugin does rebuild it. They aren’t distributed as binaries.


Installing a bro-pkg that is a plugin does rebuild it. They aren't
distributed as binaries.


Ah....I did not know that. So in the future for folks (I've already git cloned and compiled) a bro-pkg remove/bro-pkg install does the trick...good to know thank you.


Why is it not an option? There isn't a "rebuild" command (yet), but
the alternative given at [1] should be equivalent AFAIK, just in two
separate commands:

    bro-pkg bundle my.bundle && bro-pkg unbundle my.bundle

- Jon


Bleh...lemme start a new thread for this thanks all.