Bro 2.6.1 release

Jon_Siwek · December 19, 2018, 6:24pm

Bro v2.6.1 is available for download:

https://www.zeek.org/download/index.html
https://www.zeek.org/downloads/bro-2.6.1.tar.gz

This release updates the embedded SQLite to version 3.26.0 to
address the "Magellan" remote code execution vulnerability. The
stock Bro configuration/scripts don't use SQLite by default, but
custom user scripts/packages may.

This release also updates Broker to v1.1.2, which includes a
minor bug fix in its Python bindings and improved support for
building it as a static library.

James_inthe_box · December 19, 2018, 7:37pm

And the first casualty:

bro-af_packet-plugin

fatal error in /usr/local/bro/share/bro/base/init-bare.bro, line 1: cannot load plugin library /usr/local/bro/lib/bro/plugins/packages/bro-af_packet-plugin//lib/Bro-AF_Packet.linux-x86_64.so: /usr/local/bro/lib/bro/plugins/packages/bro-af_packet-plugin//lib/Bro-AF_Packet.linux-x86_64.so: undefined symbol: bro_version_2_6_plugin_6

bro-pkg upgrade bro-af_packet-plugin
All packages already up-to-date.

Now what

James

Michael_Shirk · December 19, 2018, 8:06pm

You need to rebuild the package/plugin, I think this was just added to
the zeek package manager...or will be soon

James_inthe_box · December 19, 2018, 8:11pm

Ok...so...this was installed using the spiffy bro-pkg, so "rebuilding" isn't an option if I intend to stick with bro-pkg. If plugins aren't going to keep in sync with the core app proper then that might be an issue (especially in my case it looks like).

James

Jon_Siwek · December 19, 2018, 8:17pm

Try re-compiling/installing the plugin/package.

Plugins currently get compiled such that they reference a specific Bro
(plugin API) version and only linking against that version of Bro
provides it. i.e. once compiled, the plugin only works against a
specific Bro version

- Jon

dopheide · December 19, 2018, 8:35pm

Installing a bro-pkg that is a plugin does rebuild it. They aren’t distributed as binaries.

-Dop

James_inthe_box · December 19, 2018, 8:42pm

Installing a bro-pkg that is a plugin does rebuild it. They aren't
distributed as binaries.

-Dop

Ah....I did not know that. So in the future for folks (I've already git cloned and compiled) a bro-pkg remove/bro-pkg install does the trick...good to know thank you.

James

Jon_Siwek · December 19, 2018, 8:47pm

Why is it not an option? There isn't a "rebuild" command (yet), but
the alternative given at [1] should be equivalent AFAIK, just in two
separate commands:

bro-pkg bundle my.bundle && bro-pkg unbundle my.bundle

- Jon

[1] https://github.com/zeek/package-manager/issues/38

James_inthe_box · December 19, 2018, 9:10pm

Bleh...lemme start a new thread for this thanks all.

James

Topic		Replies	Views
Bro upgrades, and plugins vs. packages, and bro-pkg Zeek	2	96	May 6, 2022
Status of 3 plugins Zeek	5	94	May 6, 2022
Bro beta install Zeek	3	127	May 6, 2022
Bro 2.6 release Zeek	2	79	May 6, 2022
Zeek and the myricom package plugin Development development	21	216	May 6, 2022

Bro 2.6.1 release

Related Topics