Merge remote-tracking branch 'origin/dev'

sysdig-CLA-1.0-signed-off-by: David Archer <darcher@gmail.com>

CHANGELOG.md

@@ -2,39 +2,6 @@
 
 This file documents all notable changes to Falco. The release numbering uses [semantic versioning](http://semver.org).
 
-## v0.12.1
-
-Released 2018-09-11
-
-## Bug Fixes
-
-* Fig regression in libcurl configure script [[#416](https://github.com/draios/falco/pull/416)]
-
-## v0.12.0
-
-Released 2018-09-11
-
-## Major Changes
-
-* Improved IPv6 Support to fully support use of IPv6 addresses in events, connections and filters [[#sysdig/1204](https://github.com/draios/sysdig/pull/1204)]
-
-* Ability to associate connections with dns names: new filterchecks `fd.*ip.name` allow looking up the DNS name for a connection's IP address. This can be used to identify or restrict connections by dns names e.g. `evt.type=connect and fd.sip.name=github.com`. [[#412](https://github.com/draios/falco/pull/412)] [[#sysdig/1213](https://github.com/draios/sysdig/pull/1213)]
-
-* New filterchecks `user.loginuid` and `user.loginname` can be used to match the login uid, which stays consistent across sudo/su. This can be used to find the actual user running a given process [[#sysdig/1189](https://github.com/draios/sysdig/pull/1189)]
-
-## Minor Changes
-
-* Upgrade zlib to 1.2.11, openssl to 1.0.2n, and libcurl to 7.60.0 to address software vulnerabilities [[#402](https://github.com/draios/falco/pull/402)]
-* New `endswith` operator can be used for suffix matching on strings [[#sysdig/1209](https://github.com/draios/sysdig/pull/1209)]
-
-## Bug Fixes
-
-* Better control of specifying location of lua source code [[#406](https://github.com/draios/falco/pull/406)]
-
-## Rule Changes
-
-* None for this release.
-
 ## v0.11.1
 
 Released 2018-07-31

CMakeLists.txt

@@ -78,10 +78,8 @@ else()
         set(ZLIB_INCLUDE "${ZLIB_SRC}")
         set(ZLIB_LIB "${ZLIB_SRC}/libz.a")
         ExternalProject_Add(zlib
-		# START CHANGE for CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843
-		URL "http://s3.amazonaws.com/download.draios.com/dependencies/zlib-1.2.11.tar.gz"
-                URL_MD5 "1c9f62f0778697a09d36121ead88e08e"
-		# END CHANGE for CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843
+		URL "http://s3.amazonaws.com/download.draios.com/dependencies/zlib-1.2.8.tar.gz"
+		URL_MD5 "44d667c142d7cda120332623eab69f40"
 		CONFIGURE_COMMAND "./configure"
 		BUILD_COMMAND ${CMD_MAKE}
 		BUILD_IN_SOURCE 1
@@ -217,10 +215,8 @@ else()
 	message(STATUS "Using bundled openssl in '${OPENSSL_BUNDLE_DIR}'")
 
 	ExternalProject_Add(openssl
-		# START CHANGE for CVE-2017-3735, CVE-2017-3731, CVE-2017-3737, CVE-2017-3738, CVE-2017-3736
-		URL "http://s3.amazonaws.com/download.draios.com/dependencies/openssl-1.0.2n.tar.gz"
-                URL_MD5 "13bdc1b1d1ff39b6fd42a255e74676a4"
-		# END CHANGE for CVE-2017-3735, CVE-2017-3731, CVE-2017-3737, CVE-2017-3738, CVE-2017-3736
+		URL "http://s3.amazonaws.com/download.draios.com/dependencies/openssl-1.0.2j.tar.gz"
+		URL_MD5 "96322138f0b69e61b7212bc53d5e912b"
 		CONFIGURE_COMMAND ./config shared --prefix=${OPENSSL_INSTALL_DIR}
 		BUILD_COMMAND ${CMD_MAKE}
 		BUILD_IN_SOURCE 1
@@ -250,10 +246,8 @@ else()
 
 	ExternalProject_Add(curl
 		DEPENDS openssl
-		# START CHANGE for CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, CVE-2018-1000007
-		URL "http://s3.amazonaws.com/download.draios.com/dependencies/curl-7.61.0.tar.bz2"
-		URL_MD5 "31d0a9f48dc796a7db351898a1e5058a"
-		# END CHANGE for CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, CVE-2018-1000007
+		URL "http://s3.amazonaws.com/download.draios.com/dependencies/curl-7.56.0.tar.bz2"
+		URL_MD5 "e0caf257103e0c77cee5be7e9ac66ca4"
 		CONFIGURE_COMMAND ./configure ${CURL_SSL_OPTION} --disable-shared --enable-optimize --disable-curldebug --disable-rt --enable-http --disable-ftp --disable-file --disable-ldap --disable-ldaps --disable-rtsp --disable-telnet --disable-tftp --disable-pop3 --disable-imap --disable-smb --disable-smtp --disable-gopher --disable-sspi --disable-ntlm-wb --disable-tls-srp --without-winssl --without-darwinssl --without-polarssl --without-cyassl --without-nss --without-axtls --without-ca-path --without-ca-bundle --without-libmetalink --without-librtmp --without-winidn --without-libidn --without-nghttp2 --without-libssh2 --disable-threaded-resolver
 		BUILD_COMMAND ${CMD_MAKE}
 		BUILD_IN_SOURCE 1
@@ -395,32 +389,6 @@ else()
                 INSTALL_COMMAND sh -c "cp -R ${PROJECT_BINARY_DIR}/lyaml-prefix/src/lyaml/lib/* ${PROJECT_SOURCE_DIR}/userspace/engine/lua")
 endif()
 
-option(USE_BUNDLED_TBB "Enable building of the bundled tbb" ${USE_BUNDLED_DEPS})
-if(NOT USE_BUNDLED_TBB)
-	find_path(TBB_INCLUDE tbb.h PATH_SUFFIXES tbb)
-	find_library(TBB_LIB NAMES tbb)
-	if(TBB_INCLUDE AND TBB_LIB)
-		message(STATUS "Found tbb: include: ${TBB_INCLUDE}, lib: ${TBB_LIB}")
-	else()
-		message(FATAL_ERROR "Couldn't find system tbb")
-	endif()
-else()
-	set(TBB_SRC "${PROJECT_BINARY_DIR}/tbb-prefix/src/tbb")
-
-	message(STATUS "Using bundled tbb in '${TBB_SRC}'")
-
-	set(TBB_INCLUDE "${TBB_SRC}/include/")
-	set(TBB_LIB "${TBB_SRC}/build/lib_release/libtbb.a")
-	ExternalProject_Add(tbb
-		URL "http://s3.amazonaws.com/download.draios.com/dependencies/tbb-2018_U5.tar.gz"
-		URL_MD5 "ff3ae09f8c23892fbc3008c39f78288f"
-		CONFIGURE_COMMAND ""
-		BUILD_COMMAND ${CMD_MAKE} tbb_build_dir=${TBB_SRC}/build tbb_build_prefix=lib extra_inc=big_iron.inc
-		BUILD_IN_SOURCE 1
-		BUILD_BYPRODUCTS ${TBB_LIB}
-		INSTALL_COMMAND "")
-endif()
-
 install(FILES falco.yaml
 	DESTINATION "${FALCO_ETC_DIR}")
 

README.md

@@ -2,7 +2,7 @@
 
 #### Latest release
 
-**v0.12.1**
+**v0.11.1**
 Read the [change log](https://github.com/draios/falco/blob/dev/CHANGELOG.md)
 
 Dev Branch: [![Build Status](https://travis-ci.org/draios/falco.svg?branch=dev)](https://travis-ci.org/draios/falco)<br />

userspace/engine/falco_engine.cpp

@@ -39,7 +39,7 @@ string lua_print_stats = "print_stats";
 
 using namespace std;
 
-falco_engine::falco_engine(bool seed_rng, const std::string& source_dir)
+falco_engine::falco_engine(bool seed_rng)
 	: m_rules(NULL), m_next_ruleset_id(0),
 	  m_min_priority(falco_common::PRIORITY_DEBUG),
 	  m_sampling_ratio(1), m_sampling_multiplier(0),
@@ -48,7 +48,7 @@ falco_engine::falco_engine(bool seed_rng, const std::string& source_dir)
 	luaopen_lpeg(m_ls);
 	luaopen_yaml(m_ls);
 
-	falco_common::init(m_lua_main_filename.c_str(), source_dir.c_str());
+	falco_common::init(m_lua_main_filename.c_str(), FALCO_ENGINE_SOURCE_LUA_DIR);
 	falco_rules::init(m_ls);
 
 	m_evttype_filter.reset(new sinsp_evttype_filter());

userspace/engine/falco_engine.h

@@ -27,7 +27,6 @@ along with falco.  If not, see <http://www.gnu.org/licenses/>.
 
 #include "rules.h"
 
-#include "config_falco_engine.h"
 #include "falco_common.h"
 
 //
@@ -39,7 +38,7 @@ along with falco.  If not, see <http://www.gnu.org/licenses/>.
 class falco_engine : public falco_common
 {
 public:
-	falco_engine(bool seed_rng=true, const std::string& rules_dir=FALCO_ENGINE_SOURCE_LUA_DIR);
+	falco_engine(bool seed_rng=true);
 	virtual ~falco_engine();
 
 	//

userspace/falco/CMakeLists.txt

@@ -5,7 +5,6 @@ include_directories("${PROJECT_SOURCE_DIR}/../sysdig/userspace/libscap")
 include_directories("${PROJECT_SOURCE_DIR}/../sysdig/userspace/libsinsp")
 include_directories("${PROJECT_SOURCE_DIR}/userspace/engine")
 include_directories("${PROJECT_BINARY_DIR}/userspace/falco")
-include_directories("${PROJECT_BINARY_DIR}/userspace/engine")
 include_directories("${CURL_INCLUDE_DIR}")
 include_directories("${YAMLCPP_INCLUDE_DIR}")
 include_directories("${DRAIOS_DEPENDENCIES_DIR}/yaml-${DRAIOS_YAML_VERSION}/target/include")