diff --git a/CHANGES b/CHANGES
index b0bd9a9b99..e149b3f4d0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,13 @@
 
+2.2-beta-73 | 2013-10-14 14:28:25 -0700
+
+  * Fix misc. Coverity-reported issues (leaks, potential null pointer
+    deref, dead code, uninitialized values,
+    time-of-check-time-of-use). (Jon Siwek)
+
+  * Add check for sqlite3 command to tests that require it. (Daniel
+    Thayer)
+
 2.2-beta-68 | 2013-10-14 09:26:09 -0700
 
   * Add check for curl command to active-http.test. (Daniel Thayer)
diff --git a/VERSION b/VERSION
index 78093458e1..82d1470bc0 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.2-beta-68
+2.2-beta-73
diff --git a/aux/broccoli b/aux/broccoli
index 2fe7408ed9..ea895c1d8d 160000
--- a/aux/broccoli
+++ b/aux/broccoli
@@ -1 +1 @@
-Subproject commit 2fe7408ed96b673f7d8bb273abd03d4786facfd2
+Subproject commit ea895c1d8d97f4202388dc528c4bb884558a75a1
diff --git a/src/FlowSrc.cc b/src/FlowSrc.cc
index 7a79e9063b..32aa4c4e3a 100644
--- a/src/FlowSrc.cc
+++ b/src/FlowSrc.cc
@@ -14,8 +14,11 @@
 
 FlowSrc::FlowSrc()
 	{ // TODO: v9.
+	selectable_fd = -1;
 	idle = false;
 	data = 0;
+	pdu_len = -1;
+	exporter_ip = 0;
 	current_timestamp = next_timestamp = 0.0;
 	netflow_analyzer = new binpac::NetFlow::NetFlow_Analyzer();
 	}
diff --git a/src/Frag.cc b/src/Frag.cc
index 199af78ca9..b1efb41594 100644
--- a/src/Frag.cc
+++ b/src/Frag.cc
@@ -290,8 +290,11 @@ void FragReassembler::BlockInserted(DataBlock* /* start_block */)
 		}
 
 	else
+		{
 		reporter->InternalWarning("bad IP version in fragment reassembly: %d",
 		                          version);
+		delete [] pkt_start;
+		}
 	}
 
 void FragReassembler::Expire(double t)
diff --git a/src/PacketSort.cc b/src/PacketSort.cc
index a7e2b04572..429d8e2720 100644
--- a/src/PacketSort.cc
+++ b/src/PacketSort.cc
@@ -17,6 +17,9 @@ PacketSortElement::PacketSortElement(PktSrc* arg_src,
 
 	is_tcp = 0;
 	ip_hdr = 0;
+	tcp_flags = 0;
+	endp = 0;
+	payload_length = 0;
 	key = 0;
 
 	// Now check if it is a "parsable" TCP packet.
diff --git a/src/PersistenceSerializer.h b/src/PersistenceSerializer.h
index dcd712bf84..7274e60569 100644
--- a/src/PersistenceSerializer.h
+++ b/src/PersistenceSerializer.h
@@ -113,7 +113,8 @@ protected:
 			conns = 0;
 			conn_cookie = 0;
 			peer = SOURCE_LOCAL;
-			};
+			filename = 0;
+			}
 
 		Type type;
 		SerialInfo info;
diff --git a/src/PktSrc.cc b/src/PktSrc.cc
index f318405920..9d6bce6fe9 100644
--- a/src/PktSrc.cc
+++ b/src/PktSrc.cc
@@ -648,6 +648,7 @@ PktDumper::PktDumper(const char* arg_filename, bool arg_append)
 	is_error = false;
 	append = arg_append;
 	dumper = 0;
+	open_time = 0.0;
 
 	// We need a pcap_t with a reasonable link-layer type. We try to get it
 	// from the packet sources. If not available, we fall back to Ethernet.
diff --git a/src/PolicyFile.cc b/src/PolicyFile.cc
index 7ed0b02d75..5d0082c6a9 100644
--- a/src/PolicyFile.cc
+++ b/src/PolicyFile.cc
@@ -86,6 +86,7 @@ bool LoadPolicyFileText(const char* policy_filename)
 		char buf[256];
 		strerror_r(errno, buf, sizeof(buf));
 		reporter->Error("fstat failed on %s: %s", policy_filename, buf);
+		fclose(f);
 		return false;
 		}
 
diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc
index 7d9c6163a0..c8cf03667b 100644
--- a/src/RemoteSerializer.cc
+++ b/src/RemoteSerializer.cc
@@ -3321,6 +3321,9 @@ SocketComm::SocketComm()
 	id_counter = 10000;
 	parent_peer = 0;
 	parent_msgstate = TYPE;
+	parent_id = RemoteSerializer::PEER_NONE;
+	parent_msgtype = 0;
+	parent_args = 0;
 	shutting_conns_down = false;
 	terminating = false;
 	killing = false;
diff --git a/src/analyzer/protocol/login/NVT.cc b/src/analyzer/protocol/login/NVT.cc
index 7cb99b1950..462cd42177 100644
--- a/src/analyzer/protocol/login/NVT.cc
+++ b/src/analyzer/protocol/login/NVT.cc
@@ -215,6 +215,7 @@ void TelnetAuthenticateOption::RecvSubOption(u_char* data, int len)
 			{
 			reporter->AnalyzerError(endp,
 			  "option peer missing in TelnetAuthenticateOption::RecvSubOption");
+			return;
 			}
 
 		if ( ! peer->DidRequestAuthentication() )
diff --git a/src/analyzer/protocol/netflow/netflow-analyzer.pac b/src/analyzer/protocol/netflow/netflow-analyzer.pac
index 666de076c8..439215dbc1 100644
--- a/src/analyzer/protocol/netflow/netflow-analyzer.pac
+++ b/src/analyzer/protocol/netflow/netflow-analyzer.pac
@@ -31,8 +31,11 @@ flow NetFlow_Flow {
 			internal_type("nf_v5_record")->AsRecordType();
 		nfheader_id_type =
 			internal_type("nfheader_id")->AsRecordType();
-		pdu_id = 0;
 		identifier = NULL;
+		exporter_ip = 0;
+		uptime = 0;
+		export_time = 0;
+		pdu_id = 0;
 	%}
 
 	# %cleanup does not only put the cleanup code into the destructor,
diff --git a/src/analyzer/protocol/pop3/POP3.cc b/src/analyzer/protocol/pop3/POP3.cc
index 7768e2599f..388a055ee2 100644
--- a/src/analyzer/protocol/pop3/POP3.cc
+++ b/src/analyzer/protocol/pop3/POP3.cc
@@ -211,6 +211,7 @@ void POP3_Analyzer::ProcessRequest(int length, const char* line)
 		default:
 			reporter->AnalyzerError(this,
 			  "unexpected POP3 authorization state");
+			delete decoded;
 			return;
 		}
 
diff --git a/src/analyzer/protocol/smb/SMB.cc b/src/analyzer/protocol/smb/SMB.cc
index 8a5665515b..9d388a0886 100644
--- a/src/analyzer/protocol/smb/SMB.cc
+++ b/src/analyzer/protocol/smb/SMB.cc
@@ -743,23 +743,13 @@ int SMB_Session::ParseTransaction(int is_orig, int cmd,
 		return 0;
 	}
 
-	int ret;
-	if ( is_orig )
-		{
-		if ( cmd == SMB_COM_TRANSACTION || cmd == SMB_COM_TRANSACTION2 )
-			ret = ParseTransactionRequest(cmd, hdr, body);
+	if ( ! is_orig )
+		return ParseTransactionResponse(cmd, hdr, body);
 
-		else if ( cmd == SMB_COM_TRANSACTION_SECONDARY ||
-		          cmd == SMB_COM_TRANSACTION2_SECONDARY )
-			ret = ParseTransactionSecondaryRequest(cmd, hdr, body);
+	if ( cmd == SMB_COM_TRANSACTION || cmd == SMB_COM_TRANSACTION2 )
+		return ParseTransactionRequest(cmd, hdr, body);
 
-		else
-			ret = 0;
-		}
-	else
-		ret = ParseTransactionResponse(cmd, hdr, body);
-
-	return ret;
+	return ParseTransactionSecondaryRequest(cmd, hdr, body);
 	}
 
 int SMB_Session::ParseTransactionRequest(int cmd,
diff --git a/src/input/Manager.cc b/src/input/Manager.cc
index a05eb59e99..ee1e1ef522 100644
--- a/src/input/Manager.cc
+++ b/src/input/Manager.cc
@@ -1518,7 +1518,6 @@ int Manager::PutTable(Stream* i, const Value* const *vals)
 			EnumVal* ev;
 			int startpos = 0;
 			Val* predidx = ValueToRecordVal(vals, stream->itype, &startpos);
-			Ref(valval);
 
 			if ( updated )
 				ev = new EnumVal(BifEnum::Input::EVENT_CHANGED,
@@ -1529,7 +1528,10 @@ int Manager::PutTable(Stream* i, const Value* const *vals)
 
 			bool result;
 			if ( stream->num_val_fields > 0 ) // we have values
+				{
+				Ref(valval);
 				result = CallPred(stream->pred, 3, ev, predidx, valval);
+				}
 			else // no values
 				result = CallPred(stream->pred, 2, ev, predidx);
 
diff --git a/src/input/readers/Raw.cc b/src/input/readers/Raw.cc
index 1c02339748..d795430ba3 100644
--- a/src/input/readers/Raw.cc
+++ b/src/input/readers/Raw.cc
@@ -289,7 +289,8 @@ bool Raw::OpenInput()
 			return false;
 			}
 
-		fcntl(fileno(file),  F_SETFD, FD_CLOEXEC);
+		if ( ! SetFDFlags(fileno(file), F_SETFD, FD_CLOEXEC) )
+			Warning(Fmt("Init: cannot set close-on-exec for %s", fname.c_str()));
 		}
 
 	return true;
diff --git a/src/util.cc b/src/util.cc
index bcc9b0bb27..dd232a83fa 100644
--- a/src/util.cc
+++ b/src/util.cc
@@ -652,16 +652,8 @@ void hmac_md5(size_t size, const unsigned char* bytes, unsigned char digest[16])
 static bool read_random_seeds(const char* read_file, uint32* seed,
 				uint32* buf, int bufsiz)
 	{
-	struct stat st;
 	FILE* f = 0;
 
-	if ( stat(read_file, &st) < 0 )
-		{
-		reporter->Warning("Seed file '%s' does not exist: %s",
-				read_file, strerror(errno));
-		return false;
-		}
-
 	if ( ! (f = fopen(read_file, "r")) )
 		{
 		reporter->Warning("Could not open seed file '%s': %s",
diff --git a/testing/btest/scripts/base/frameworks/input/sqlite/basic.bro b/testing/btest/scripts/base/frameworks/input/sqlite/basic.bro
index 03bc91beb7..aa3a75ae4b 100644
--- a/testing/btest/scripts/base/frameworks/input/sqlite/basic.bro
+++ b/testing/btest/scripts/base/frameworks/input/sqlite/basic.bro
@@ -1,6 +1,8 @@
 #
 # @TEST-GROUP: sqlite
 #
+# @TEST-REQUIRES: which sqlite3
+#
 # @TEST-EXEC: cat conn.sql | sqlite3 conn.sqlite
 # @TEST-EXEC: btest-bg-run bro bro -b %INPUT
 # @TEST-EXEC: btest-bg-wait 10
diff --git a/testing/btest/scripts/base/frameworks/input/sqlite/error.bro b/testing/btest/scripts/base/frameworks/input/sqlite/error.bro
index 53ac1e0863..c6712df99a 100644
--- a/testing/btest/scripts/base/frameworks/input/sqlite/error.bro
+++ b/testing/btest/scripts/base/frameworks/input/sqlite/error.bro
@@ -1,3 +1,5 @@
+# @TEST-REQUIRES: which sqlite3
+#
 # @TEST-EXEC: cat ssh.sql | sqlite3 ssh.sqlite
 #
 # @TEST-GROUP: sqlite
diff --git a/testing/btest/scripts/base/frameworks/input/sqlite/port.bro b/testing/btest/scripts/base/frameworks/input/sqlite/port.bro
index 049ad2a386..c2949b5b3e 100644
--- a/testing/btest/scripts/base/frameworks/input/sqlite/port.bro
+++ b/testing/btest/scripts/base/frameworks/input/sqlite/port.bro
@@ -1,6 +1,8 @@
 #
 # @TEST-GROUP: sqlite
 #
+# @TEST-REQUIRES: which sqlite3
+#
 # @TEST-EXEC: cat port.sql | sqlite3 port.sqlite
 # @TEST-EXEC: btest-bg-run bro bro -b %INPUT
 # @TEST-EXEC: btest-bg-wait 10
diff --git a/testing/btest/scripts/base/frameworks/input/sqlite/types.bro b/testing/btest/scripts/base/frameworks/input/sqlite/types.bro
index 4e60de3a96..ddcbefa67f 100644
--- a/testing/btest/scripts/base/frameworks/input/sqlite/types.bro
+++ b/testing/btest/scripts/base/frameworks/input/sqlite/types.bro
@@ -1,3 +1,5 @@
+# @TEST-REQUIRES: which sqlite3
+#
 # @TEST-EXEC: cat ssh.sql | sqlite3 ssh.sqlite
 #
 # @TEST-GROUP: sqlite
diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/error.bro b/testing/btest/scripts/base/frameworks/logging/sqlite/error.bro
index 27193250a4..2e5d22f188 100644
--- a/testing/btest/scripts/base/frameworks/logging/sqlite/error.bro
+++ b/testing/btest/scripts/base/frameworks/logging/sqlite/error.bro
@@ -1,4 +1,5 @@
 #
+# @TEST-REQUIRES: which sqlite3
 # @TEST-REQUIRES: has-writer SQLite 
 # @TEST-GROUP: sqlite
 #
diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/types.bro b/testing/btest/scripts/base/frameworks/logging/sqlite/types.bro
index a6a1c04b02..7c896a7192 100644
--- a/testing/btest/scripts/base/frameworks/logging/sqlite/types.bro
+++ b/testing/btest/scripts/base/frameworks/logging/sqlite/types.bro
@@ -1,4 +1,5 @@
 #
+# @TEST-REQUIRES: which sqlite3
 # @TEST-REQUIRES: has-writer SQLite 
 # @TEST-GROUP: sqlite
 #
diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/wikipedia.bro b/testing/btest/scripts/base/frameworks/logging/sqlite/wikipedia.bro
index 0e40c60008..b48520440a 100644
--- a/testing/btest/scripts/base/frameworks/logging/sqlite/wikipedia.bro
+++ b/testing/btest/scripts/base/frameworks/logging/sqlite/wikipedia.bro
@@ -1,4 +1,5 @@
 #
+# @TEST-REQUIRES: which sqlite3
 # @TEST-REQUIRES: has-writer SQLite
 # @TEST-GROUP: sqlite
 #