V4.1.0 version updates

[atomicturtle]

No description provided.

[Copilot]

Pull request overview

Updates the project to the v4.1.0 release across packaging/build artifacts and documentation, and introduces additional syslog message cleanup/parsing logic in analysisd to better handle newer syslog formats.

Changes:

• Bump hardcoded version strings from 4.0.0 → 4.1.0 across installers, init scripts, headers, packaging, and docs.
• Add syslog protocol 23 (PRI/version) stripping and an additional program pid parsing path in src/analysisd/cleanevent.c.
• Add v4.1.0 release notes to CHANGELOG.md and update CONTRIBUTORS.

Reviewed changes

Copilot reviewed 16 out of 16 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
src/win32/ossec-installer.nsi	Bumps NSIS installer version to 4.1.0.
src/win32/help.txt	Updates Windows agent help banner version to 4.1.0.
src/VERSION	Updates canonical version file to v4.1.0.
src/init/ossec-server.sh	Updates init script version string to v4.1.0.
src/init/ossec-local.sh	Updates init script version string to v4.1.0.
src/init/ossec-client.sh	Updates init script version string to v4.1.0.
src/headers/defs.h	Updates compiled-in __ossec_version to v4.1.0.
src/analysisd/cleanevent.c	Adds syslog PRI/version stripping and additional program-name parsing logic.
README.md	Updates top-level README version line to v4.1.0.
ossec-hids.spec	Updates RPM spec Version: and adds 4.1.0 changelog entry.
INSTALL	Updates INSTALL doc version line to v4.1.0.
CONTRIBUTORS	Updates version header and adds new contributors.
contrib/debian-packages/generate_ossec.sh	Updates Debian packaging script version to 4.1.0.
CONFIG	Updates CONFIG doc version line to v4.1.0.
CHANGELOG.md	Adds a new 4.1.0 changelog section with release notes and PR references.
BUGS	Updates BUGS doc version line to v4.1.0.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

In the non-matching branch here, pieces-- can walk before the start of the buffer. If the log begins with '<' but has no digits (or an otherwise malformed PRI), the digit-scan loop won’t advance and pieces still points at '<', so the subsequent decrement dereferences out-of-bounds memory. Consider keeping a pointer to the start of the PRI field and resetting to it (or only backtracking if at least one digit was consumed).

[Copilot]

This sets lf->log to point into the caller-provided msg buffer (via pieces), instead of keeping it within the allocated lf->full_log/parsing buffer created earlier in this function. That breaks the ownership/lifetime model used elsewhere (e.g., Free_Eventinfo() only frees lf->full_log) and can lead to dangling pointers if the input buffer is reused/freed. Prefer performing the syslog PRI/version stripping on the lf->log copy (and adjust pointers within that allocation) rather than redirecting lf->log to msg.

[Copilot]

For the documented format p_name pid -, this branch only skips a single space after the PID. With input like program 123 - message, lf->log will start with - (and possibly another space), unlike the p_name: and p_name[pid]: branches which consume the delimiter and point lf->log at the message body. Consider explicitly consuming the expected - separator (e.g., optional "- " after the PID) so parsing is consistent across supported syslog formats.

Suggested change

	pieces ++;
	pieces++;
	if (*pieces == '-') {
	pieces++;
	if (*pieces == ' ') {
	pieces++;
	}
	}

[Copilot]

This change drops the file’s copyright line entirely. Other top-level docs in this repo (e.g., INSTALL/CONFIG) retain copyright attribution, and removing it here looks unintended for a version-bump PR. Consider restoring the copyright line (or updating it explicitly if the intent is to change licensing/attribution).

Suggested change

	OSSEC v4.1.0
	OSSEC v4.1.0
	Copyright (C) 2015 Trend Micro Inc.