Merge remote-tracking branch 'origin/master' into topic/johanna/dtls13

* origin/master: (35 commits) Update doc submodule [nomail] [skip ci] Updating submodule(s) [nomail] zeek.bif: Add log2() and ceil() Use the same rules as cmake submodule to reformat Zeek Update cmake submodule after reformat Fixup Val.h/Val.cc: Actually move ValFromJSON into zeek::detail Implement from_json bif Revert "Skip version.h by default for Zeek sources" BTest baseline updates for -O gen-C++ updates to C++ maintenance scripts to better handle uncompilable BTests added ZEEK_REPORT_UNCOMPILABLE environment variable for "-O report-uncompilable" Skip version.h by default for Zeek sources core.network_time.broker: Test reliability improvement cluster/supervisor: Multi-logger awareness Bump zeek-archiver submodule ci: Add public-ecr-vacuum.sh Update doc submodule [nomail] [skip ci] generate-docs: Only update submodule pointer during scheduled builds BTest baseline updates for ZAM NTP: Detect out-of-order packets ...
2025-10-02 14:48:21 +00:00 · 2023-05-10 13:02:08 +01:00 · 2023-05-10 13:02:08 +01:00 · 527c0dc09f
commit 527c0dc09f
parent a8e84c6192 c543387ce0
239 changed files with 3023 additions and 1862 deletions
--- a/.cirrus.yml
+++ b/.cirrus.yml
@ -612,6 +612,21 @@ container_image_manifest_docker_builder:
    - arm64_container_image
    - amd64_container_image
 # Once we've published new images in container_image_manifest, remove any untagged
 # images from the public ECR repository to stay within free-tier bounds.
 public_ecr_cleanup_docker_builder:
  cpu: 1
  only_if: >
    $CIRRUS_CRON == '' && $CIRRUS_REPO_FULL_NAME == 'zeek/zeek' && $CIRRUS_BRANCH == 'master'
  env:
    AWS_ACCESS_KEY_ID: ENCRYPTED[!eff52f6442e1bc78bce5b15a23546344df41bf519f6201924cb70c7af12db23f442c0e5f2b3687c2d856ceb11fcb8c49!]
    AWS_SECRET_ACCESS_KEY: ENCRYPTED[!748bc302dd196140a5fa8e89c9efd148882dc846d4e723787d2de152eb136fa98e8dea7e6d2d6779d94f72dd3c088228!]
    AWS_REGION: us-east-1
  cleanup_script:
    - ./ci/public-ecr-cleanup.sh
  depends_on:
    - container_image_manifest
 cluster_testing_docker_builder:
  cpu: *CPUS
  memory: *MEMORY
--- a/.cmake-format.json
+++ b/.cmake-format.json
@ -0,0 +1,80 @@
 {
    "parse": {
 	"additional_commands": {
            "CheckIPProto": {
 		"kwargs": {
                    "_proto": "*"
 		}
            },
            "CheckType": {
 		"kwargs": {
                    "_type": "*",
                    "_alt_type": "*",
                    "_var": "*"
 		}
            },
 	    "SetPackageVersion": {
 		"kwargs": {
 		    "_version": "*"
 		}
 	    },
 	    "SetPackageFileName": {
 		"kwargs": {
 		    "_version": "*"
 		}
 	    },
 	    "SetPackageInstallScripts": {
 		"kwargs": {
 		    "VERSION": "*"
 		}
 	    },
 	    "ConfigurePackaging": {
 		"kwargs": {
 		    "_version": "*"
 		}
 	    },
 	    "SetPackageGenerators": {},
 	    "SetPackageMetadata": {},
 	    "FindRequiredPackage": {
 		"kwargs": {
 		    "packageName": "*"
 		}
 	    },
 	    "InstallClobberImmune": {
 		"kwargs": {
 		    "_srcfile": "*",
 		    "_dstfile": "*"
 		}
 	    },
 	    "InstallPackageConfigFile": {
 		"kwargs": {
 		    "_srcfile": "*",
 		    "_dstdir": "*",
 		    "_dstfilename": "*"
 		}
 	    },
 	    "InstallShellScript": {
 		"kwargs": {
 		    "_srcfile": "*",
 		    "_dstfile": "*"
 		}
 	    },
 	    "InstallSymLink": {
 		"kwargs": {
 		    "_filepath": "*",
 		    "_sympath": "*"
 		}
 	    }
 	}
    },
    "format": {
 	"line_width": 100,
 	"tab_size": 4,
 	"separate_ctrl_name_with_space": true,
 	"max_subgroups_hwrap": 3,
 	"line_ending": "unix"
    },
    "markup": {
 	"enable_markup": false
    }
 }
--- a/.github/workflows/generate-docs.yml
+++ b/.github/workflows/generate-docs.yml
@ -34,7 +34,13 @@ jobs:
        with:
          submodules: "recursive"
      # Only reset the submodule pointer for scheduled builds. The reason to do
      # this is to pick up any merge commits or anything that may have been
      # missed in a merge, but not have any actual content. We don't want to do
      # it otherwise because PRs should just use the submodule they're pointing
      # at.
      - name: Switch doc submodule to master
        if: github.event_name == 'schedule'
        run: cd doc && git checkout master
      - name: Fetch Dependencies
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -17,3 +17,9 @@ repos:
  rev: v0.31.0
  hooks:
  - id: yapf
 - repo: https://github.com/cheshirekow/cmake-format-precommit
  rev: v0.6.13
  hooks:
  - id: cmake-format
    exclude: '^auxil/.*$'
--- a/166
+++ b/166
@ -1,3 +1,169 @@
 6.0.0-dev.533 | 2023-05-09 13:38:37 -0700
  * core.network_time.broker: Test reliability improvement (Arne Welzel, Corelight)
    I wasn't able to reproduce this locally, but after looking at
    -B main-loop,tm for a bit it dawned that if the manager is sending
    ticks too fast, the Broker IO source may consume two ticks in one go
    before expiring timers and that would explain the observed baseline
    differences.
    Solve this by removing the reliance on realtime delays and switch to
    a request-reply pattern instead.
 6.0.0-dev.531 | 2023-05-09 13:38:15 -0700
  * ci: Add public-ecr-vacuum.sh (Arne Welzel, Corelight)
 6.0.0-dev.529 | 2023-05-09 12:54:28 -0700
  * Updating submodule(s) [nomail] (Tim Wojtulewicz, Corelight)
 6.0.0-dev.527 | 2023-05-09 19:11:00 +0200
  * GH-2930: zeek.bif: Add log2() and ceil() (Arne Welzel, Corelight)
 6.0.0-dev.525 | 2023-05-09 09:05:51 -0700
  * Use the same rules as cmake submodule to reformat Zeek (Tim Wojtulewicz, Corelight)
  * Update cmake submodule after reformat (Tim Wojtulewicz, Corelight)
 6.0.0-dev.522 | 2023-05-09 15:19:43 +0200
  * cluster/supervisor: Multi-logger awareness (Arne Welzel, Corelight)
    When multiple loggers are configured in a Supervisor controlled cluster
    configuration, encode extra information into the rotated filename to
    identify which logger produced the log.
    This is similar to the approach taken for ZeekControl, re-using the
    log_suffix terminology, but as there's only a single zeek-archiver
    process and no postprocessors and no other side-channel for additional
    information, we encode extra metadata into the filename. zeek-archiver
    is extended to recognize the special metadata part of the filename.
    This also solves the issue that multiple loggers in a supervisor setup
    overwrite each others log files within a single log-queue directory.
  * Bump zeek-archiver submodule (Arne Welzel, Corelight)
 6.0.0-dev.519 | 2023-05-09 11:03:32 +0200
  * Fixup Val.h/Val.cc: Actually move ValFromJSON into zeek::detail (Arne Welzel, Corelight)
 6.0.0-dev.518 | 2023-05-09 10:19:46 +0200
  * Implement from_json bif (Fupeng Zhao)
 6.0.0-dev.516 | 2023-05-05 14:08:15 -0700
  * BTest baseline updates for -O gen-C++ (Vern Paxson, Corelight)
  * updates to C++ maintenance scripts to better handle uncompilable BTests (Vern Paxson, Corelight)
  * added ZEEK_REPORT_UNCOMPILABLE environment variable for "-O report-uncompilable" (Vern Paxson, Corelight)
  * BTest baseline updates for ZAM (Vern Paxson, Corelight)
 6.0.0-dev.511 | 2023-05-05 21:04:11 +0200
  * Revert "Skip version.h by default for Zeek sources" (Arne Welzel, Corelight)
    This reverts commit 8246baf25c692b658e7a39527f6652e37f5b5095.
    Actually fails the include_plugins CI test and I had just
    opened another related issue.
 6.0.0-dev.510 | 2023-05-05 20:14:21 +0200
  * Skip version.h by default for Zeek sources (Dominik Charousset, Corelight)
 6.0.0-dev.508 | 2023-05-05 08:48:10 -0700
  * generate-docs: Only update submodule pointer during scheduled builds (Tim Wojtulewicz, Corelight)
 6.0.0-dev.505 | 2023-05-04 20:08:33 +0200
  * GH-2998: NTP: Detect out-of-order packets (Arne Welzel, Corelight)
    The NTP mode provides us with the identity of the endpoints. For the
    simple CLIENT / SERVER modes, flip the connection if we detect
    orig/resp disagreeing with what the message says. This mainly
    results in the history getting a ^ and the ntp.log / conn.log
    showing the corrected endpoints.
 6.0.0-dev.503 | 2023-05-04 10:56:33 -0700
  * Include compiler in --show-config output (Dominik Charousset, Corelight)
  * Fix CMake option defaults on Windows (Dominik Charousset, Corelight)
  * Move build defaults from configure to CMake (Dominik Charousset, Corelight)
    Moving the defaults for build variables from the `configure` script to
    `CMakeLists.txt` gives the same default behavior on platforms where the
    `configure` script is not available (Windows) and also allows a pure
    CMake-based work flow (e.g., the standard `cmake -S . -B build`) without
    having to manually adjust the defaults.
    The `configure` script also becomes much simpler as a result.
 6.0.0-dev.498 | 2023-05-04 09:30:18 +0200
  * scripts/smb2-main: Reset script-level state upon smb2_discarded_messages_state() (Arne Welzel, Corelight)
    This is similar to what the external corelight/zeek-smb-clear-state script
    does, but leverages the smb2_discarded_messages_state() event instead of
    regularly checking on the state of SMB connections.
    The pcap was created using the dperson/samba container image and mounting
    a share with Linux's CIFS filesystem, then copying the content of a
    directory with 100 files. The test uses a BPF filter to imitate mostly
    "half-duplex" traffic.
  * smb2: Limit per-connection read/ioctl/tree state (Arne Welzel, Corelight)
    Users on Slack observed memory growth in an environment with a lot of
    SMB traffic. jeprof memory profiling pointed at the offset and fid maps
    kept per-connection for smb2 read requests.
    These maps can grow unbounded if responses are seen before requests, there's
    packet drops, just one side of the connection is visible, or we fail to parse
    responses properly.
    Forcefully wipe out these maps when they grow too large and raise
    smb2_discarded_messages_state() to notify script land about this.
 6.0.0-dev.493 | 2023-05-03 11:13:15 -0700
  * Update Mozilla CA and Google CT lists (Johanna Amann, Corelight)
 6.0.0-dev.491 | 2023-05-03 09:31:36 -0700
  * Surround string assignments in zeek-config in quotes (Tim Wojtulewicz, Corelight)
 6.0.0-dev.489 | 2023-05-03 09:31:19 -0700
  * Remove parser error message for bro_init, et al (Tim Wojtulewicz, Corelight)
 6.0.0-dev.487 | 2023-05-03 09:30:55 -0700
  * Add additional length check to IEEE 802.11 analyzer (Tim Wojtulewicz, Corelight)
 6.0.0-dev.484 | 2023-05-03 14:18:03 +0100
  * SSL: do not try to disable failed analyzer (Johanna Amann, Corelight)
    Currently, if a TLS/DTLS analyzer fails with a protocol violation, we
    will still try to remove the analyzer later, which results in the
    following error message:
    error: connection does not have analyzer specified to disable
    Now, instead we don't try removing the analyzer anymore, after a
    violation occurred.
 6.0.0-dev.480 | 2023-05-02 20:28:55 +0200
  * ip4_hdr: Add DF, MF, offset and sum fields (Arne Welzel, Corelight)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -9,12 +9,67 @@ endif()
 project(Zeek C CXX)
 # We want to set ENABLE_DEBUG to ON by default if the build type is Debug.
 set(ENABLE_DEBUG_DEFAULT OFF)
 if (NOT GENERATOR_IS_MULTI_CONFIG)
    string(TOLOWER "${CMAKE_BUILD_TYPE}" build_type_lower)
    if (build_type_lower STREQUAL "debug")
        set(ENABLE_DEBUG_DEFAULT ON)
    endif ()
    unset(build_type_lower)
 endif ()
 # On UNIX, install additional Zeek tools by default and build shared objects.
 if (NOT WIN32)
    set(ZEEK_INSTALL_TOOLS_DEFAULT ON)
    option(BUILD_SHARED_LIBS "Build targets as shared libraries." ON)
 else ()
    set(ZEEK_INSTALL_TOOLS_DEFAULT OFF)
 endif ()
 # CMake options (Boolean flags).
 option(ENABLE_DEBUG "Build Zeek with additional debugging support." ${ENABLE_DEBUG_DEFAULT})
 option(ENABLE_JEMALLOC "Link against jemalloc." OFF)
 option(ENABLE_PERFTOOLS "Build with support for Google perftools." OFF)
 option(ENABLE_ZEEK_UNIT_TESTS "Build the C++ unit tests." ON)
 option(INSTALL_AUX_TOOLS "Install additional tools from auxil." ${ZEEK_INSTALL_TOOLS_DEFAULT})
 option(INSTALL_BTEST "Install btest alongside Zeek." ${ZEEK_INSTALL_TOOLS_DEFAULT})
 option(INSTALL_BTEST_PCAPS "Install pcap files for testing." ${ZEEK_INSTALL_TOOLS_DEFAULT})
 option(INSTALL_ZEEKCTL "Install zeekctl." ${ZEEK_INSTALL_TOOLS_DEFAULT})
 option(INSTALL_ZEEK_ARCHIVER "Install the zeek-archiver." ${ZEEK_INSTALL_TOOLS_DEFAULT})
 option(INSTALL_ZEEK_CLIENT "Install the zeek-client." ${ZEEK_INSTALL_TOOLS_DEFAULT})
 option(INSTALL_ZKG "Install zkg." ${ZEEK_INSTALL_TOOLS_DEFAULT})
 option(PREALLOCATE_PORT_ARRAY "Pre-allocate all ports for zeek::Val." ON)
 option(ZEEK_STANDALONE "Build Zeek as stand-alone binary?" ON)
-option(ENABLE_ZEEK_UNIT_TESTS "Build the C++ (doctest) unit tests?" ON)
+
-set(CMAKE_EXPORT_COMPILE_COMMANDS ON
+# Non-boolean options.
-    CACHE INTERNAL "Write JSON compile commands database")
+if (NOT WIN32)
    if (CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT)
        set(CMAKE_INSTALL_PREFIX "/usr/local/zeek"
            CACHE PATH "Install directory used by install()." FORCE)
    endif ()
    # On windows, this defaults to "c:/Program Files/${PROJECT_NAME}":
    # https://cmake.org/cmake/help/v3.15/variable/CMAKE_INSTALL_PREFIX.html.
 endif ()
 set(ZEEK_SCRIPT_INSTALL_PATH "${CMAKE_INSTALL_PREFIX}/share/zeek"
    CACHE PATH "Install directory for Zeek scripts.")
 set(ZEEK_ETC_INSTALL_DIR "${CMAKE_INSTALL_PREFIX}/etc"
    CACHE PATH "Install directory for Zeek configuration files.")
 set(CMAKE_EXPORT_COMPILE_COMMANDS ON CACHE INTERNAL
                                           "Whether to write a JSON compile commands database")
 set(ZEEK_CXX_STD cxx_std_17 CACHE STRING "The C++ standard to use.")
 set(ZEEK_SANITIZERS "" CACHE STRING "Sanitizers to use when building.")
 set(CPACK_SOURCE_IGNORE_FILES "" CACHE STRING "Files to be ignored by CPack")
 set(ZEEK_INCLUDE_PLUGINS "" CACHE STRING "Extra plugins to add to the build.")
 # Look into the build tree for additional CMake modules.
 list(APPEND CMAKE_MODULE_PATH ${CMAKE_BINARY_DIR})
 list(APPEND CMAKE_PREFIX_PATH ${CMAKE_BINARY_DIR})
@ -29,8 +84,7 @@ if ( MSVC )
        CMAKE_C_FLAGS
        CMAKE_C_FLAGS_DEBUG
        CMAKE_C_FLAGS_RELEASE
-        CMAKE_C_FLAGS_RELWITHDEBINFO
+        CMAKE_C_FLAGS_RELWITHDEBINFO)
    )
    foreach (CompilerFlag ${CompilerFlags})
        string(REGEX REPLACE "[/|-]MDd" "" ${CompilerFlag} "${${CompilerFlag}}")
        string(REGEX REPLACE "[/|-]MD" "" ${CompilerFlag} "${${CompilerFlag}}")
@ -42,12 +96,10 @@ if ( MSVC )
    endforeach ()
    # Set compilation flags for Windows
-    add_compile_options(
+    add_compile_options(/guard:cf # required by CheckCFlags
        /guard:cf # required by CheckCFlags
                        /Z7) # required by CheckCFlags
-    add_link_options(
+    add_link_options(/debug:full # required by CheckCFlags
        /debug:full # required by CheckCFlags
    )
    # Set always to static runtime
@ -69,8 +121,7 @@ if ( MSVC )
        conan_cmake_autodetect(settings)
        # Install packages from conanfile
        conan_cmake_install(PATH_OR_REFERENCE ${CMAKE_SOURCE_DIR}/ci/windows/conanfile_windows.txt
-                            BUILD missing
+                            BUILD missing SETTINGS ${settings})
                            SETTINGS ${settings})
    endif ()
    # Set LibPCAP to point to libpcap binaries.
@ -95,7 +146,8 @@ if ( MSVC )
    add_definitions(-DCARES_STATICLIB)
    add_subdirectory(auxil/libunistd)
-    set(UNISTD_INCLUDES ${CMAKE_SOURCE_DIR}/auxil/libunistd/unistd ${CMAKE_SOURCE_DIR}/auxil/libunistd/regex)
+    set(UNISTD_INCLUDES ${CMAKE_SOURCE_DIR}/auxil/libunistd/unistd
                        ${CMAKE_SOURCE_DIR}/auxil/libunistd/regex)
    include_directories(BEFORE ${UNISTD_INCLUDES})
    # Required for `check_include_files` to operate correctly
    list(APPEND CMAKE_REQUIRED_INCLUDES ${UNISTD_INCLUDES})
@ -117,8 +169,8 @@ include(cmake/CommonCMakeConfig.cmake)
 include(cmake/FindClangTidy.cmake)
 include(cmake/CheckCompilerArch.cmake)
-########################################################################
+# ##############################################################################
-## Main targets and utilities.
+# Main targets and utilities.
 # Variable for referring back to Zeek's top-level source dir. Used for plugins
 # to tell them where to find the Zeek headers.
@ -128,8 +180,8 @@ set(ZEEK_SOURCE_DIR "${CMAKE_CURRENT_SOURCE_DIR}")
 # zeek-plugin-create-package.sh. Needed by ZeekPluginConfig.cmake.in.
 set(ZEEK_PLUGIN_SCRIPTS_PATH "${PROJECT_SOURCE_DIR}/cmake")
-# Our C++17 base target for propagating compiler and linker flags.
+# Our C++17 base target for propagating compiler and linker flags. Note: for
-# Note: for now, we only use it for passing library dependencies around.
+# now, we only use it for passing library dependencies around.
 add_library(zeek_internal INTERFACE)
 add_library(Zeek::Internal ALIAS zeek_internal)
 set_target_properties(zeek_internal PROPERTIES EXPORT_NAME Internal)
@ -216,39 +268,26 @@ endfunction()
 # loaded plugins. Also propagates include paths and C++17 mode on the install
 # interface.
 add_library(zeek_dynamic_plugin_base INTERFACE)
-target_link_libraries(zeek_dynamic_plugin_base
+target_link_libraries(zeek_dynamic_plugin_base INTERFACE $<BUILD_INTERFACE:zeek_internal>)
-    INTERFACE
+target_include_directories(
-        $<BUILD_INTERFACE:zeek_internal>)
+    zeek_dynamic_plugin_base
-target_include_directories(zeek_dynamic_plugin_base
+    INTERFACE $<INSTALL_INTERFACE:include> $<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}>
    INTERFACE
        $<INSTALL_INTERFACE:include>
        $<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}>
              $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/src>)
 target_compile_features(zeek_dynamic_plugin_base INTERFACE ${ZEEK_CXX_STD})
 add_library(Zeek::DynamicPluginBase ALIAS zeek_dynamic_plugin_base)
-set_target_properties(
+set_target_properties(zeek_dynamic_plugin_base PROPERTIES EXPORT_NAME DynamicPluginBase)
    zeek_dynamic_plugin_base PROPERTIES
    EXPORT_NAME DynamicPluginBase)
 install(TARGETS zeek_dynamic_plugin_base EXPORT ZeekTargets)
 # On macOS, we need to tell the linker that the modules are allowed to have
 # undefined symbols.
 if (CMAKE_SYSTEM_NAME MATCHES "Darwin")
-    target_link_options(
+    target_link_options(zeek_dynamic_plugin_base INTERFACE -undefined dynamic_lookup
        zeek_dynamic_plugin_base
        INTERFACE
            -undefined
            dynamic_lookup
                        -Wl,-bind_at_load)
 endif ()
 function (add_zeek_dynamic_plugin_build_interface_include_directories)
    foreach (path ${ARGV})
-        target_include_directories(
+        target_include_directories(zeek_dynamic_plugin_base INTERFACE $<BUILD_INTERFACE:${path}>)
            zeek_dynamic_plugin_base
            INTERFACE
                $<BUILD_INTERFACE:${path}>
        )
    endforeach ()
 endfunction ()
@ -261,21 +300,13 @@ add_zeek_dynamic_plugin_build_interface_include_directories(
    ${CMAKE_BINARY_DIR}/src
    ${CMAKE_BINARY_DIR}/src/include
    ${CMAKE_BINARY_DIR}/auxil/binpac/lib
-    ${CMAKE_BINARY_DIR}/auxil/broker/include
+    ${CMAKE_BINARY_DIR}/auxil/broker/include)
 )
 # Convenience function for adding an OBJECT library that feeds directly into the
 # main target(s).
 #
-# Usage:
+# Usage: zeek_add_subdir_library( <name> SOURCES ... [INCLUDE_DIRS ...]
-# zeek_add_subdir_library(
+# [DEPENDENCIES ...] [INTERNAL_DEPENDENCIES ...] [BIFS ...] )
 #   <name>
 #   SOURCES ...
 #   [INCLUDE_DIRS ...]
 #   [DEPENDENCIES ...]
 #   [INTERNAL_DEPENDENCIES ...]
 #   [BIFS ...]
 # )
 function (zeek_add_subdir_library name)
    # Parse arguments.
    set(fn_varargs INCLUDE_DIRS DEPENDENCIES INTERNAL_DEPENDENCIES SOURCES BIFS)
@ -301,11 +332,7 @@ function(zeek_add_subdir_library name)
    # Optionally add include directories and extra dependencies.
    if (FN_ARGS_INCLUDE_DIRS)
-        target_include_directories(
+        target_include_directories(${target_name} BEFORE PRIVATE ${FN_ARGS_INCLUDE_DIRS})
            ${target_name}
            BEFORE
            PRIVATE
              ${FN_ARGS_INCLUDE_DIRS})
    endif ()
    if (FN_ARGS_DEPENDENCIES)
        target_link_libraries(${target_name} PRIVATE ${FN_ARGS_DEPENDENCIES})
@ -318,19 +345,15 @@ function(zeek_add_subdir_library name)
    zeek_target_link_libraries(${target_name})
 endfunction ()
-########################################################################
+# ##############################################################################
-## Utility function for forcing CMake to re-run if files change on disk.
+# Utility function for forcing CMake to re-run if files change on disk.
 function (zeek_watch_files)
-    set_property(
+    set_property(DIRECTORY APPEND PROPERTY CMAKE_CONFIGURE_DEPENDS ${ARGN})
        DIRECTORY
        APPEND
        PROPERTY CMAKE_CONFIGURE_DEPENDS ${ARGN}
    )
 endfunction ()
-########################################################################
+# ##############################################################################
-## Create empty __load__.zeek stubs (override pre-existing ones).
+# Create empty __load__.zeek stubs (override pre-existing ones).
 function (zeek_create_load_script_stubs)
    set(file_comment "# Warning, this is an autogenerated file!\n")
@ -341,14 +364,11 @@ function(zeek_create_load_script_stubs)
 endfunction ()
 # Note: these files are filled from BifCl.cmake via `file(APPEND ...)`
-zeek_create_load_script_stubs(
+zeek_create_load_script_stubs(scripts/builtin-plugins/__load__.zeek
-    scripts/builtin-plugins/__load__.zeek
+                              scripts/base/bif/plugins/__load__.zeek scripts/base/bif/__load__.zeek)
    scripts/base/bif/plugins/__load__.zeek
    scripts/base/bif/__load__.zeek
 )
-########################################################################
+# ##############################################################################
-## Create empty __all__*.cc stubs (override pre-existing ones).
+# Create empty __all__*.cc stubs (override pre-existing ones).
 function (zeek_create_bif_autogen_stubs)
    set(file_comment "// Warning, this is an autogenerated file!\n")
@ -359,14 +379,11 @@ function(zeek_create_bif_autogen_stubs)
 endfunction ()
 # Note: these files are filled from BifCl.cmake via `file(APPEND ...)`.
-zeek_create_bif_autogen_stubs(
+zeek_create_bif_autogen_stubs(src/__all__.bif.cc src/__all__.bif.init.cc
-    src/__all__.bif.cc
+                              src/__all__.bif.register.cc)
    src/__all__.bif.init.cc
    src/__all__.bif.register.cc
 )
-########################################################################
+# ##############################################################################
-## Project/Build Configuration
+# Project/Build Configuration
 if (ZEEK_ENABLE_FUZZERS)
    # Fuzzers use shared lib to save disk space, so need -fPIC on everything
@ -403,18 +420,17 @@ if (NOT ZEEK_MAN_INSTALL_PATH)
    set(ZEEK_MAN_INSTALL_PATH ${ZEEK_ROOT_DIR}/share/man)
 endif ()
-# sanitize the Zeek script install directory into an absolute path
+# sanitize the Zeek script install directory into an absolute path (CMake is
-# (CMake is confused by ~ as a representation of home directory)
+# confused by ~ as a representation of home directory)
-get_filename_component(ZEEK_SCRIPT_INSTALL_PATH ${ZEEK_SCRIPT_INSTALL_PATH}
+get_filename_component(ZEEK_SCRIPT_INSTALL_PATH ${ZEEK_SCRIPT_INSTALL_PATH} ABSOLUTE)
    ABSOLUTE)
-# A folder for library-like Zeek-specific things: Python modules, Zeek
+# A folder for library-like Zeek-specific things: Python modules, Zeek plugins,
-# plugins, etc.
+# etc.
 set(ZEEK_LIBDIR_PATH ${CMAKE_INSTALL_FULL_LIBDIR}/zeek)
 if (NOT ZEEK_PLUGIN_DIR)
-    set(ZEEK_PLUGIN_DIR ${ZEEK_LIBDIR_PATH}/plugins
+    set(ZEEK_PLUGIN_DIR ${ZEEK_LIBDIR_PATH}/plugins CACHE STRING "Installation path for plugins"
-        CACHE STRING "Installation path for plugins" FORCE)
+                                                          FORCE)
 endif ()
 set(cmake_binary_dir "${CMAKE_BINARY_DIR}")
@ -423,15 +439,18 @@ set(cmake_install_prefix "${CMAKE_INSTALL_PREFIX}")
 set(cmake_source_dir "${CMAKE_SOURCE_DIR}")
 set(zeek_script_install_path "${ZEEK_SCRIPT_INSTALL_PATH}")
 if (MSVC)
-    # This has to happen before we modify the paths below so that
+    # This has to happen before we modify the paths below so that the pure Windows
-    # the pure Windows paths are stored in the output file.
+    # paths are stored in the output file.
    configure_file(zeek-path-dev.bat.in ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev.bat)
    string(REGEX REPLACE "^([A-Za-z]):/(.*)" "/\\1/\\2" cmake_binary_dir "${cmake_binary_dir}")
-    string(REGEX REPLACE "^([A-Za-z]):/(.*)" "/\\1/\\2" cmake_current_binary_dir "${cmake_current_binary_dir}")
+    string(REGEX REPLACE "^([A-Za-z]):/(.*)" "/\\1/\\2" cmake_current_binary_dir
-    string(REGEX REPLACE "^([A-Za-z]):/(.*)" "/\\1/\\2" cmake_install_prefix "${cmake_install_prefix}")
+                         "${cmake_current_binary_dir}")
    string(REGEX REPLACE "^([A-Za-z]):/(.*)" "/\\1/\\2" cmake_install_prefix
                         "${cmake_install_prefix}")
    string(REGEX REPLACE "^([A-Za-z]):/(.*)" "/\\1/\\2" cmake_source_dir "${cmake_source_dir}")
-    string(REGEX REPLACE "^([A-Za-z]):/(.*)" "/\\1/\\2" zeek_script_install_path "${zeek_script_install_path}")
+    string(REGEX REPLACE "^([A-Za-z]):/(.*)" "/\\1/\\2" zeek_script_install_path
                         "${zeek_script_install_path}")
 endif ()
 # Set the path where we install the ZeekConfig.cmake file and related files.
@ -464,14 +483,16 @@ install(DIRECTORY DESTINATION ${ZEEK_LOG_DIR})
 configure_file(zeek-path-dev.in ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev)
-file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev.sh
+file(
    WRITE ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev.sh
    "export ZEEKPATH=`${cmake_binary_dir}/zeek-path-dev`\n"
    "export ZEEK_PLUGIN_PATH=\"${cmake_binary_dir}/src\":$\{ZEEK_PLUGIN_PATH\}\n"
    "export PATH=\"${cmake_binary_dir}\":\"${cmake_binary_dir}/src\":\"${cmake_binary_dir}/auxil/spicy/spicy/bin\":\"${cmake_binary_dir}/src/builtin-plugins/spicy-plugin/bin\":$\{PATH\}\n"
    "export SPICY_PATH=`${cmake_binary_dir}/spicy-path`\n"
    "export HILTI_CXX_INCLUDE_DIRS=`${cmake_binary_dir}/hilti-cxx-include-dirs`\n")
-file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev.csh
+file(
    WRITE ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev.csh
    "setenv ZEEKPATH `${cmake_binary_dir}/zeek-path-dev`\n"
    "setenv ZEEK_PLUGIN_PATH \"${cmake_binary_dir}/src\":$\{ZEEK_PLUGIN_PATH\}\n"
    "setenv PATH \"${cmake_binary_dir}\":\"${cmake_binary_dir}/src\":\"${cmake_binary_dir}/auxil/spicy/spicy/bin\":\"${cmake_binary_dir}/src/builtin-plugins/spicy-plugin/bin\":$\{PATH\}\n"
@ -479,7 +500,8 @@ file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev.csh
    "setenv HILTI_CXX_INCLUDE_DIRS \"`${cmake_binary_dir}/hilti-cxx-include-dirs`\"\n")
 file(STRINGS "${CMAKE_CURRENT_SOURCE_DIR}/VERSION" VERSION LIMIT_COUNT 1)
-execute_process(COMMAND grep "^constexpr int PLUGIN_API_VERSION"
+execute_process(
    COMMAND grep "^constexpr int PLUGIN_API_VERSION"
    INPUT_FILE ${CMAKE_CURRENT_SOURCE_DIR}/src/plugin/Plugin.h
    OUTPUT_VARIABLE API_VERSION
    OUTPUT_STRIP_TRAILING_WHITESPACE)
@ -508,7 +530,8 @@ endif()
 if (NOT BINARY_PACKAGING_MODE)
    macro (_make_install_dir_symlink _target _link)
-      install(CODE "
+        install(
            CODE "
        if ( \"\$ENV{DESTDIR}\" STREQUAL \"\" )
          if ( EXISTS \"${_target}\" AND NOT EXISTS \"${_link}\" )
            message(STATUS \"WARNING: installed ${_link} as symlink to ${_target}\")
@ -520,24 +543,26 @@ if ( NOT BINARY_PACKAGING_MODE )
    endmacro ()
    if ("${CMAKE_INSTALL_PREFIX}" STREQUAL "/usr/local/zeek")
-        # If we're installing into the default prefix, check if the
+        # If we're installing into the default prefix, check if the old default
-        # old default prefix already exists and symlink to it.
+        # prefix already exists and symlink to it. This is done to help keep custom
-        # This is done to help keep custom user configuration/installation
+        # user configuration/installation if they're upgrading from a version before
-        # if they're upgrading from a version before Zeek 3.0.
+        # Zeek 3.0.
        _make_install_dir_symlink("/usr/local/bro" "/usr/local/zeek")
    endif ()
-    # Check whether we need to symlink directories used by versions
+    # Check whether we need to symlink directories used by versions before Zeek
-    # before Zeek 3.0.
+    # 3.0.
-    _make_install_dir_symlink("${CMAKE_INSTALL_PREFIX}/include/bro" "${CMAKE_INSTALL_PREFIX}/include/zeek")
+    _make_install_dir_symlink("${CMAKE_INSTALL_PREFIX}/include/bro"
-    _make_install_dir_symlink("${CMAKE_INSTALL_PREFIX}/share/bro" "${CMAKE_INSTALL_PREFIX}/share/zeek")
+                              "${CMAKE_INSTALL_PREFIX}/include/zeek")
    _make_install_dir_symlink("${CMAKE_INSTALL_PREFIX}/share/bro"
                              "${CMAKE_INSTALL_PREFIX}/share/zeek")
    _make_install_dir_symlink("${CMAKE_INSTALL_PREFIX}/lib/bro" "${CMAKE_INSTALL_FULL_LIBDIR}/zeek")
 endif ()
 if (ZEEK_SANITIZERS)
    # Check the thread library info early as setting compiler flags seems to
-    # interfere with the detection and cause CMAKE_THREAD_LIBS_INIT to not
+    # interfere with the detection and cause CMAKE_THREAD_LIBS_INIT to not include
-    # include -lpthread when it should.
+    # -lpthread when it should.
    find_package(Threads)
    string(REPLACE "," " " _sanitizer_args "${ZEEK_SANITIZERS}")
@ -563,37 +588,42 @@ if ( ZEEK_SANITIZERS )
                # list(APPEND _check_list "alignment") # TODO: fix associated errors
                list(APPEND _check_list "bool")
                # list(APPEND _check_list "builtin") # Not implemented in older GCCs
-                list(APPEND _check_list "bounds") # Covers both array/local bounds options below
+                list(APPEND _check_list "bounds") # Covers both array/local bounds
                                                  # options below
                # list(APPEND _check_list "array-bounds") # Not implemented by GCC
-                # list(APPEND _check_list "local-bounds") # Not normally part of "undefined"
+                # list(APPEND _check_list "local-bounds") # Not normally part of
                # "undefined"
                list(APPEND _check_list "enum")
                list(APPEND _check_list "float-cast-overflow")
                list(APPEND _check_list "float-divide-by-zero")
                # list(APPEND _check_list "function") # Not implemented by GCC
-                # list(APPEND _check_list "implicit-unsigned-integer-truncation") # Not truly UB
+                # list(APPEND _check_list "implicit-unsigned-integer-truncation") # Not
-                # list(APPEND _check_list "implicit-signed-integer-truncation") # Not truly UB
+                # truly UB list(APPEND _check_list "implicit-signed-integer-truncation")
-                # list(APPEND _check_list "implicit-integer-sign-change") # Not truly UB
+                # # Not truly UB list(APPEND _check_list "implicit-integer-sign-change")
                # # Not truly UB
                list(APPEND _check_list "integer-divide-by-zero")
                list(APPEND _check_list "nonnull-attribute")
                list(APPEND _check_list "null")
-                # list(APPEND _check_list "nullability-arg") # Not normally part of "undefined"
+                # list(APPEND _check_list "nullability-arg") # Not normally part of
-                # list(APPEND _check_list "nullability-assign") # Not normally part of "undefined"
+                # "undefined" list(APPEND _check_list "nullability-assign") # Not
-                # list(APPEND _check_list "nullability-return") # Not normally part of "undefined"
+                # normally part of "undefined" list(APPEND _check_list
-                # list(APPEND _check_list "objc-cast") # Not truly UB
+                # "nullability-return") # Not normally part of "undefined" list(APPEND
-                # list(APPEND _check_list "pointer-overflow") # Not implemented in older GCCs
+                # _check_list "objc-cast") # Not truly UB list(APPEND _check_list
                # "pointer-overflow") # Not implemented in older GCCs
                list(APPEND _check_list "return")
                list(APPEND _check_list "returns-nonnull-attribute")
                list(APPEND _check_list "shift")
-                # list(APPEND _check_list "unsigned-shift-base") # Not implemented by GCC
+                # list(APPEND _check_list "unsigned-shift-base") # Not implemented by
                # GCC
                list(APPEND _check_list "signed-integer-overflow")
                list(APPEND _check_list "unreachable")
                # list(APPEND _check_list "unsigned-integer-overflow") # Not truly UB
                list(APPEND _check_list "vla-bound")
                list(APPEND _check_list "vptr")
-                # Clang complains if this one is defined and the optimizer is set to -O0. We
+                # Clang complains if this one is defined and the optimizer is set to
-                # only set that optimization level if NO_OPTIMIZATIONS is passed, so disable
+                # -O0. We only set that optimization level if NO_OPTIMIZATIONS is
-                # the option if that's set.
+                # passed, so disable the option if that's set.
                if (NOT DEFINED ENV{NO_OPTIMIZATIONS})
                    list(APPEND _check_list "object-size")
                endif ()
@ -610,9 +640,10 @@ if ( ZEEK_SANITIZERS )
    set(_sanitizer_flags "-fsanitize=${ZEEK_SANITIZERS}")
-    # The linker command used by check_cxx_compiler_flag requires you to also pass the sanitizer to
+    # The linker command used by check_cxx_compiler_flag requires you to also pass
-    # it or it fails. The best way to do this is to set CMAKE_REQUIRED_LINK_OPTIONS, but save off a
+    # the sanitizer to it or it fails. The best way to do this is to set
-    # copy of it so it can be reset back to what it was previously afterwards.
+    # CMAKE_REQUIRED_LINK_OPTIONS, but save off a copy of it so it can be reset
    # back to what it was previously afterwards.
    set(_temp_link_options ${CMAKE_REQUIRED_LINK_OPTIONS})
    list(APPEND CMAKE_REQUIRED_LINK_OPTIONS ${_sanitizer_flags})
    include(CheckCXXCompilerFlag)
@ -623,7 +654,8 @@ if ( ZEEK_SANITIZERS )
    set(CMAKE_REQUIRED_LINK_OPTIONS ${_temp_link_options})
    if (ZEEK_SANITIZER_UB_CHECKS)
-        set(_sanitizer_flags "${_sanitizer_flags} -fno-sanitize-recover=${ZEEK_SANITIZER_UB_CHECKS}")
+        set(_sanitizer_flags
            "${_sanitizer_flags} -fno-sanitize-recover=${ZEEK_SANITIZER_UB_CHECKS}")
    endif ()
    set(_sanitizer_flags "${_sanitizer_flags} -fno-omit-frame-pointer")
@ -632,10 +664,10 @@ if ( ZEEK_SANITIZERS )
    if (NOT DEFINED ZEEK_SANITIZER_OPTIMIZATIONS)
        if (DEFINED ENV{NO_OPTIMIZATIONS})
            # Using -O1 is generally the suggestion to get more reasonable
-            # performance.  The one downside is it that the compiler may
+            # performance.  The one downside is it that the compiler may optimize out
-            # optimize out code that otherwise generates an error/leak in a -O0
+            # code that otherwise generates an error/leak in a -O0 build, but that
-            # build, but that should be rare and users mostly will not be
+            # should be rare and users mostly will not be running unoptimized builds
-            # running unoptimized builds in production anyway.
+            # in production anyway.
            set(ZEEK_SANITIZER_OPTIMIZATIONS false CACHE INTERNAL "" FORCE)
        else ()
            set(ZEEK_SANITIZER_OPTIMIZATIONS true CACHE INTERNAL "" FORCE)
@ -646,16 +678,16 @@ if ( ZEEK_SANITIZERS )
        set(_sanitizer_flags "${_sanitizer_flags} -O1")
    endif ()
-    # Technically, the we also need to use the compiler to drive linking and
+    # Technically, the we also need to use the compiler to drive linking and give
-    # give the sanitizer flags there, too.  However, CMake, by default, uses
+    # the sanitizer flags there, too.  However, CMake, by default, uses the
-    # the compiler for linking and so the automatically flags get used.  See
+    # compiler for linking and so the automatically flags get used.  See
    # https://cmake.org/pipermail/cmake/2014-August/058268.html
    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${_sanitizer_flags}")
    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${_sanitizer_flags}")
 endif ()
-########################################################################
+# ##############################################################################
-## Dependency Configuration
+# Dependency Configuration
 include(FindRequiredPackage)
@ -681,8 +713,8 @@ endif ()
 FindRequiredPackage(ZLIB)
 # Forward user-defined hint for OpenSSL to the plugins. Use a cache variable to
-# make sure this variable survives CMake re-runs.
+# make sure this variable survives CMake re-runs. Note: This variable is picked
-# Note: This variable is picked up in ZeekPluginConfig.cmake.in.
+# up in ZeekPluginConfig.cmake.in.
 if (OPENSSL_ROOT_DIR)
    set(ZeekOpenSSLHint "${OPENSSL_ROOT_DIR}" CACHE INTERNAL "" FORCE)
 elseif (DEFINED ENV{OPENSSL_ROOT_DIR})
@ -690,18 +722,17 @@ elseif (DEFINED ENV{OPENSSL_ROOT_DIR})
 endif ()
 # Forward PKG_CONFIG_PATH to the plugins. Use a cache variable to make sure this
-# variable survives CMake re-runs.
+# variable survives CMake re-runs. Note: This variable is picked up in
-# Note: This variable is picked up in ZeekPluginConfig.cmake.in.
+# ZeekPluginConfig.cmake.in.
 if (DEFINED ENV{PKG_CONFIG_PATH})
    set(ZeekPkgConfigPath "$ENV{PKG_CONFIG_PATH}" CACHE INTERNAL "" FORCE)
 endif ()
-# Installation directory for the distribution's Python modules. An
+# Installation directory for the distribution's Python modules. An override via
-# override via configure's --python-dir wins, specifying a directory
+# configure's --python-dir wins, specifying a directory explicitly. Next is
-# explicitly. Next is --python-prefix, which includes a versioned
+# --python-prefix, which includes a versioned Python folder as the --prefix
-# Python folder as the --prefix option in distutils does. Next
+# option in distutils does. Next consider a distutils --home style override via
-# consider a distutils --home style override via --python-home, and
+# --python-home, and finally default to "zeek/python" in our libdir.
 # finally default to "zeek/python" in our libdir.
 if (ZEEK_PYTHON_DIR)
    set(py_mod_install_dir ${ZEEK_PYTHON_DIR})
 elseif (ZEEK_PYTHON_PREFIX)
@ -712,8 +743,8 @@ elseif (ZEEK_PYTHON_HOME)
 else ()
    set(py_mod_install_dir ${ZEEK_LIBDIR_PATH}/python)
 endif ()
-set(PY_MOD_INSTALL_DIR ${py_mod_install_dir}
+set(PY_MOD_INSTALL_DIR ${py_mod_install_dir} CACHE STRING "Installation path for Python modules"
-    CACHE STRING "Installation path for Python modules" FORCE)
+                                                   FORCE)
 if (EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/auxil/binpac/CMakeLists.txt)
@ -729,8 +760,8 @@ if (EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/auxil/binpac/CMakeLists.txt)
    add_subdirectory(auxil/binpac)
    set(ENABLE_STATIC_ONLY ${ENABLE_STATIC_ONLY_SAVED})
-    # FIXME: avoid hard-coding a path for multi-config generator support.
+    # FIXME: avoid hard-coding a path for multi-config generator support. See the
-    # See the TODO in ZeekPluginConfig.cmake.in.
+    # TODO in ZeekPluginConfig.cmake.in.
    set(BINPAC_EXE_PATH "${CMAKE_BINARY_DIR}/auxil/binpac/src/binpac${CMAKE_EXECUTABLE_SUFFIX}")
 endif ()
 FindRequiredPackage(BinPAC)
@ -741,14 +772,13 @@ add_executable(Zeek::BinPAC ALIAS binpac)
 if (NOT BIFCL_EXE_PATH)
    add_subdirectory(auxil/bifcl)
    add_executable(Zeek::BifCl ALIAS bifcl)
-    # FIXME: avoid hard-coding a path for multi-config generator support.
+    # FIXME: avoid hard-coding a path for multi-config generator support. See the
-    # See the TODO in ZeekPluginConfig.cmake.in.
+    # TODO in ZeekPluginConfig.cmake.in.
    set(BIFCL_EXE_PATH "${CMAKE_BINARY_DIR}/auxil/bifcl/bifcl${CMAKE_EXECUTABLE_SUFFIX}")
    set(_bifcl_exe_path "included")
 else ()
    add_executable(Zeek::BifCl IMPORTED)
-    set_property(TARGET Zeek::BifCl PROPERTY
+    set_property(TARGET Zeek::BifCl PROPERTY IMPORTED_LOCATION "${BIFCL_EXE_PATH}")
                 IMPORTED_LOCATION "${BIFCL_EXE_PATH}")
    set(_bifcl_exe_path "BIFCL_EXE_PATH")
 endif ()
@ -831,9 +861,7 @@ else ()
        list(APPEND zeekdeps broker)
    endif ()
-  set(
+    set(broker_includes ${CMAKE_CURRENT_SOURCE_DIR}/auxil/broker/include
    broker_includes
    ${CMAKE_CURRENT_SOURCE_DIR}/auxil/broker/include
                        ${CMAKE_CURRENT_BINARY_DIR}/auxil/broker/include)
    if (BUILD_STATIC_BROKER)
@ -843,8 +871,8 @@ else ()
    endif ()
    set(ZEEK_HAS_EXTERNAL_BROKER OFF)
-  # Tell plugins where to find the Broker CMake package in the source tree.
+    # Tell plugins where to find the Broker CMake package in the source tree. This
-  # This variable is picked up in ZeekPluginConfig.cmake.in.
+    # variable is picked up in ZeekPluginConfig.cmake.in.
    set(ZEEK_PLUGIN_BROKER_PATH "${CMAKE_CURRENT_BINARY_DIR}/auxil/broker")
 endif ()
@ -875,21 +903,14 @@ if ( NOT DISABLE_SPICY )
        set(SPICY_LIBRARY_RT_DEBUG spicy-rt-debug)
        # Needed only for logging from CMake configure phase.
-        get_directory_property(
+        get_directory_property(SPICY_VERSION DIRECTORY ${PROJECT_SOURCE_DIR}/auxil/spicy/spicy
            SPICY_VERSION
            DIRECTORY ${PROJECT_SOURCE_DIR}/auxil/spicy/spicy
                                                       DEFINITION SPICY_VERSION)
        get_directory_property(
-            SPICY_VERSION_NUMBER
+            SPICY_VERSION_NUMBER DIRECTORY ${PROJECT_SOURCE_DIR}/auxil/spicy/spicy DEFINITION
-            DIRECTORY ${PROJECT_SOURCE_DIR}/auxil/spicy/spicy
+                                           SPICY_VERSION_NUMBER)
-            DEFINITION SPICY_VERSION_NUMBER)
+        get_directory_property(SPICY_PREFIX DIRECTORY ${PROJECT_SOURCE_DIR}/auxil/spicy/spicy
        get_directory_property(
            SPICY_PREFIX
            DIRECTORY ${PROJECT_SOURCE_DIR}/auxil/spicy/spicy
                                                      DEFINITION CMAKE_INSTALL_PREFIX)
-        get_directory_property(
+        get_directory_property(SPICY_BUILD_MODE DIRECTORY ${PROJECT_SOURCE_DIR}/auxil/spicy/spicy
            SPICY_BUILD_MODE
            DIRECTORY ${PROJECT_SOURCE_DIR}/auxil/spicy/spicy
                                                          DEFINITION CMAKE_BUILD_TYPE)
        set(SPICYC "<bundled>")
    endif ()
@ -909,13 +930,8 @@ endif ()
 set(USE_SPICY_ANALYZERS "${USE_SPICY_ANALYZERS}" CACHE BOOL "Use built-in Spicy analyzers")
 include(BuiltInSpicyAnalyzer)
-include_directories(BEFORE
+include_directories(BEFORE ${PCAP_INCLUDE_DIR} ${BIND_INCLUDE_DIR} ${BinPAC_INCLUDE_DIR}
-                    ${PCAP_INCLUDE_DIR}
+                    ${ZLIB_INCLUDE_DIR} ${JEMALLOC_INCLUDE_DIR})
                    ${BIND_INCLUDE_DIR}
                    ${BinPAC_INCLUDE_DIR}
                    ${ZLIB_INCLUDE_DIR}
                    ${JEMALLOC_INCLUDE_DIR}
 )
 install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/auxil/rapidjson/include/rapidjson
        DESTINATION include/zeek/3rdparty/rapidjson/include)
@ -927,7 +943,9 @@ install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/auxil/filesystem/include/ghc
 # "zeek/3rdparty/ghc/filesystem.hpp" works within the build tree.
 execute_process(COMMAND "${CMAKE_COMMAND}" -E make_directory
                        "${CMAKE_CURRENT_BINARY_DIR}/3rdparty/")
-execute_process(COMMAND "${CMAKE_COMMAND}" -E create_symlink
+execute_process(
    COMMAND
        "${CMAKE_COMMAND}" -E create_symlink
        "${CMAKE_CURRENT_SOURCE_DIR}/auxil/filesystem/include/ghc"
        "${CMAKE_CURRENT_BINARY_DIR}/3rdparty/ghc")
@ -976,10 +994,10 @@ if ( ENABLE_PERFTOOLS )
    endif ()
 endif ()
-# Making sure any non-standard OpenSSL includes get searched earlier
+# Making sure any non-standard OpenSSL includes get searched earlier than other
-# than other dependencies which tend to be in standard system locations
+# dependencies which tend to be in standard system locations and thus cause the
-# and thus cause the system OpenSSL headers to still be picked up even
+# system OpenSSL headers to still be picked up even if one specifies
-# if one specifies --with-openssl (which may be common).
+# --with-openssl (which may be common).
 include_directories(BEFORE ${OPENSSL_INCLUDE_DIR})
 # Determine if libfts is external to libc, i.e. musl
@ -989,26 +1007,26 @@ if ( FTS_FOUND )
    include_directories(BEFORE ${FTS_INCLUDE_DIR})
 endif ()
-# Any headers that are possibly bundled in the Zeek source-tree and that are supposed
+# Any headers that are possibly bundled in the Zeek source-tree and that are
-# to have priority over any preexisting/system-wide headers need to appear early in
+# supposed to have priority over any preexisting/system-wide headers need to
-# compiler search path.
+# appear early in compiler search path.
 include_directories(BEFORE ${broker_includes})
 include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}/auxil/highwayhash)
 include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}/auxil/paraglob/include)
 include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}/auxil/rapidjson/include)
-set(zeekdeps ${zeekdeps}
+set(zeekdeps
    ${zeekdeps}
    ${BinPAC_LIBRARY}
    ${PCAP_LIBRARY}
    ${OPENSSL_LIBRARIES}
    ${BIND_LIBRARY}
    ${ZLIB_LIBRARY}
    ${JEMALLOC_LIBRARIES}
-    ${OPTLIBS}
+    ${OPTLIBS})
 )
-########################################################################
+# ##############################################################################
-## System Introspection
+# System Introspection
 include(TestBigEndian)
 test_big_endian(WORDS_BIGENDIAN)
@ -1055,7 +1073,10 @@ if ( NOT DISABLE_JAVASCRIPT )
    if (NODEJS_FOUND)
        if (${NODEJS_VERSION} VERSION_LESS "16.13.0")
-            message(STATUS "Node.js version ${NODEJS_VERSION} is too old, need 16.13 or later. Not enabling JavaScript support.")
+            message(
                STATUS
                    "Node.js version ${NODEJS_VERSION} is too old, need 16.13 or later. Not enabling JavaScript support."
            )
            set(ZEEK_HAVE_JAVASCRIPT no)
        else ()
            set(ZEEKJS_PLUGIN_PATH ${CMAKE_SOURCE_DIR}/auxil/zeekjs)
@ -1069,7 +1090,9 @@ endif ()
 set(ZEEK_HAVE_JAVASCRIPT ${ZEEK_HAVE_JAVASCRIPT} CACHE INTERNAL "Zeek has JavaScript support")
-set(DEFAULT_ZEEKPATH_PATHS . ${ZEEK_SCRIPT_INSTALL_PATH} ${ZEEK_SCRIPT_INSTALL_PATH}/policy ${ZEEK_SCRIPT_INSTALL_PATH}/site ${ZEEK_SCRIPT_INSTALL_PATH}/builtin-plugins)
+set(DEFAULT_ZEEKPATH_PATHS
    . ${ZEEK_SCRIPT_INSTALL_PATH} ${ZEEK_SCRIPT_INSTALL_PATH}/policy
    ${ZEEK_SCRIPT_INSTALL_PATH}/site ${ZEEK_SCRIPT_INSTALL_PATH}/builtin-plugins)
 if (MSVC)
    list(JOIN DEFAULT_ZEEKPATH_PATHS ";" DEFAULT_ZEEKPATH)
 else ()
@ -1088,9 +1111,7 @@ configure_file(${CMAKE_CURRENT_SOURCE_DIR}/zeek-config.h.in
               ${CMAKE_CURRENT_BINARY_DIR}/zeek-config.h)
 include_directories(BEFORE ${CMAKE_CURRENT_BINARY_DIR})
 install(FILES ${CMAKE_CURRENT_BINARY_DIR}/zeek-config.h DESTINATION include/zeek)
-execute_process(COMMAND "${CMAKE_COMMAND}" -E create_symlink
+execute_process(COMMAND "${CMAKE_COMMAND}" -E create_symlink "." "${CMAKE_CURRENT_BINARY_DIR}/zeek")
                "."
                "${CMAKE_CURRENT_BINARY_DIR}/zeek")
 if (BinPAC_ROOT_DIR)
    set(ZEEK_CONFIG_BINPAC_ROOT_DIR ${BinPAC_ROOT_DIR})
@ -1123,11 +1144,13 @@ endif ()
 set(ZEEK_CONFIG_BTEST_TOOLS_DIR ${ZEEK_ROOT_DIR}/share/btest)
 install(DIRECTORY DESTINATION ${ZEEK_CONFIG_BTEST_TOOLS_DIR})
-configure_file(${CMAKE_CURRENT_SOURCE_DIR}/zeek-config.in
+configure_file(${CMAKE_CURRENT_SOURCE_DIR}/zeek-config.in ${CMAKE_CURRENT_BINARY_DIR}/zeek-config
-               ${CMAKE_CURRENT_BINARY_DIR}/zeek-config @ONLY)
+               @ONLY)
 install(PROGRAMS ${CMAKE_CURRENT_BINARY_DIR}/zeek-config DESTINATION bin)
-install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/cmake DESTINATION share/zeek
+install(
    DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/cmake
    DESTINATION share/zeek
    USE_SOURCE_PERMISSIONS
    PATTERN ".git" EXCLUDE)
@ -1137,32 +1160,32 @@ if ( NOT MSVC )
    include(InstallSymlink)
 endif ()
-########################################################################
+# ##############################################################################
-## zkg configuration
+# zkg configuration
 if (INSTALL_ZKG)
-    # An etc/zkg directory for zkg's config file simplifies zkg's
+    # An etc/zkg directory for zkg's config file simplifies zkg's config file
-    # config file code.
+    # code.
    set(ZEEK_ZKG_CONFIG_DIR "${ZEEK_ETC_INSTALL_DIR}/zkg")
    set(ZEEK_ZKG_STATE_DIR "${ZEEK_STATE_DIR}/zkg")
-    configure_file(
+    configure_file(${CMAKE_CURRENT_SOURCE_DIR}/zkg-config.in ${CMAKE_CURRENT_BINARY_DIR}/zkg-config
-        ${CMAKE_CURRENT_SOURCE_DIR}/zkg-config.in
+                   @ONLY)
        ${CMAKE_CURRENT_BINARY_DIR}/zkg-config @ONLY)
    install(DIRECTORY DESTINATION var/lib/zkg)
-    install(FILES ${CMAKE_CURRENT_BINARY_DIR}/zkg-config
+    install(FILES ${CMAKE_CURRENT_BINARY_DIR}/zkg-config DESTINATION ${ZEEK_ZKG_CONFIG_DIR}
-        DESTINATION ${ZEEK_ZKG_CONFIG_DIR} RENAME config)
+            RENAME config)
 endif ()
-########################################################################
+# ##############################################################################
-## Look for external plugins to build in
+# Look for external plugins to build in
 string(REPLACE "," " " _build_in_plugins "${ZEEK_INCLUDE_PLUGINS}")
 separate_arguments(_build_in_plugins)
 foreach (plugin_dir ${_build_in_plugins})
    if (NOT IS_ABSOLUTE "${plugin_dir}/CMakeLists.txt")
-      message(FATAL_ERROR "Plugins to build in need to be defined with absolute path! ${plugin_dir}")
+        message(
            FATAL_ERROR "Plugins to build in need to be defined with absolute path! ${plugin_dir}")
    endif ()
    if (NOT EXISTS "${plugin_dir}/CMakeLists.txt")
@ -1171,7 +1194,8 @@ foreach(plugin_dir ${_build_in_plugins})
    get_filename_component(plugin_name ${plugin_dir} NAME)
-    # Create a list of plugin directories that will then be added in the src/CMakeLists.txt
+    # Create a list of plugin directories that will then be added in the
    # src/CMakeLists.txt
    list(APPEND BUILTIN_PLUGIN_LIST ${plugin_dir})
    message(STATUS "  Building in plugin: ${plugin_name} (${plugin_dir})")
@ -1183,20 +1207,22 @@ foreach(plugin_dir ${_build_in_plugins})
    endif ()
 endforeach ()
-########################################################################
+# ##############################################################################
-## Populate the ZEEK_BUILD_INFO for use in src/version.c.in
+# Populate the ZEEK_BUILD_INFO for use in src/version.c.in
 if (WIN32)
    # Windows installs Python to C:\Python311\python, but doesn't create a version
-  # or symlink to python3. Call python with the script directly since the shebang
+    # or symlink to python3. Call python with the script directly since the
-  # in the script won't work here.
+    # shebang in the script won't work here.
-  execute_process(COMMAND "python" "${PROJECT_SOURCE_DIR}/ci/collect-repo-info.py" "${ZEEK_INCLUDE_PLUGINS}"
+    execute_process(
        COMMAND "python" "${PROJECT_SOURCE_DIR}/ci/collect-repo-info.py" "${ZEEK_INCLUDE_PLUGINS}"
        WORKING_DIRECTORY "${PROJECT_SOURCE_DIR}"
        OUTPUT_VARIABLE ZEEK_BUILD_INFO
        RESULT_VARIABLE ZEEK_BUILD_INFO_RESULT
        OUTPUT_STRIP_TRAILING_WHITESPACE)
 else ()
-  execute_process(COMMAND "${PROJECT_SOURCE_DIR}/ci/collect-repo-info.py" "${ZEEK_INCLUDE_PLUGINS}"
+    execute_process(
        COMMAND "${PROJECT_SOURCE_DIR}/ci/collect-repo-info.py" "${ZEEK_INCLUDE_PLUGINS}"
        WORKING_DIRECTORY "${PROJECT_SOURCE_DIR}"
        OUTPUT_VARIABLE ZEEK_BUILD_INFO
        RESULT_VARIABLE ZEEK_BUILD_INFO_RESULT
@ -1208,11 +1234,11 @@ if ( NOT ZEEK_BUILD_INFO_RESULT EQUAL "0" )
 endif ()
 # string(JSON ... ) requires CMake 3.19, but then we could do something like:
-# string(JSON ZEEK_BUILD_INFO SET "${ZEEK_BUILD_INFO}"
+# string(JSON ZEEK_BUILD_INFO SET "${ZEEK_BUILD_INFO}" compile_options cxx_flags
-#        compile_options cxx_flags "${CMAKE_CXX_FLAGS} ${CMAKE_CXX_FLAGS_${BuildType}}")
+# "${CMAKE_CXX_FLAGS} ${CMAKE_CXX_FLAGS_${BuildType}}")
-########################################################################
+# ##############################################################################
-## Recurse on sub-directories
+# Recurse on sub-directories
 add_subdirectory(src)
 add_subdirectory(scripts)
@ -1221,16 +1247,16 @@ add_subdirectory(testing)
 include(CheckOptionalBuildSources)
-CheckOptionalBuildSources(auxil/btest BTest INSTALL_BTEST)
+checkoptionalbuildsources(auxil/btest BTest INSTALL_BTEST)
-CheckOptionalBuildSources(auxil/package-manager ZKG INSTALL_ZKG)
+checkoptionalbuildsources(auxil/package-manager ZKG INSTALL_ZKG)
-CheckOptionalBuildSources(auxil/zeekctl   ZeekControl INSTALL_ZEEKCTL)
+checkoptionalbuildsources(auxil/zeekctl ZeekControl INSTALL_ZEEKCTL)
-CheckOptionalBuildSources(auxil/zeek-aux  Zeek-Aux  INSTALL_AUX_TOOLS)
+checkoptionalbuildsources(auxil/zeek-aux Zeek-Aux INSTALL_AUX_TOOLS)
-CheckOptionalBuildSources(auxil/zeek-archiver ZeekArchiver INSTALL_ZEEK_ARCHIVER)
+checkoptionalbuildsources(auxil/zeek-archiver ZeekArchiver INSTALL_ZEEK_ARCHIVER)
-CheckOptionalBuildSources(auxil/zeek-client ZeekClient INSTALL_ZEEK_CLIENT)
+checkoptionalbuildsources(auxil/zeek-client ZeekClient INSTALL_ZEEK_CLIENT)
 if (NOT DISABLE_SPICY)
-    # The `zeek` binary implicitly depends on the driver object file built
+    # The `zeek` binary implicitly depends on the driver object file built as part
-    # as part of `spicy`; make that dependency explicit.
+    # of `spicy`; make that dependency explicit.
    zeek_add_dependencies(spicyz)
    if (NOT SPICY_ROOT_DIR)
@ -1238,13 +1264,13 @@ if ( NOT DISABLE_SPICY )
        add_dependencies(plugin-Zeek-Spicy spicy)
        add_dependencies(spicyz spicy)
-        # Also install spicy-plugin's CMake files into Zeek's global `cmake/` folder.
+        # Also install spicy-plugin's CMake files into Zeek's global `cmake/`
        # folder.
        #
        # NOTE: We do not install spicy-plugin's `FindZeek.cmake` since another
        # version of this file is already provided by Zeek.
        install(FILES auxil/spicy-plugin/cmake/ZeekSpicyAnalyzerSupport.cmake
-                      auxil/spicy-plugin/cmake/FindSpicy.cmake
+                      auxil/spicy-plugin/cmake/FindSpicy.cmake DESTINATION share/zeek/cmake)
                DESTINATION share/zeek/cmake)
    endif ()
 endif ()
@ -1252,28 +1278,28 @@ endif ()
 # scripts work in any build configuration. If we do not include Spicy these
 # files have no actual effect.
 #
-# Spicy JIT relies on the path of the current executable to figure out
+# Spicy JIT relies on the path of the current executable to figure out whether
-# whether it is run from a build or an install tree. This assumption
+# it is run from a build or an install tree. This assumption gets broken for
-# gets broken for e.g., `spicyz` when running from the build tree
+# e.g., `spicyz` when running from the build tree (probably fixable), and also
-# (probably fixable), and also when JIT'ing directly from a `zeek`
+# when JIT'ing directly from a `zeek` invocation (much harder to fix). Instead
-# invocation (much harder to fix). Instead we generate shell
+# we generate shell definitions to support running and using Spicy or
-# definitions to support running and using Spicy or spicy-plugin
+# spicy-plugin functionality in the build tree, including JIT'ing directly from
 # functionality in the build tree, including JIT'ing directly from
 # Zeek.
 configure_file(${CMAKE_SOURCE_DIR}/auxil/spicy/spicy-path.in ${CMAKE_BINARY_DIR}/spicy-path @ONLY)
-configure_file(${CMAKE_SOURCE_DIR}/auxil/spicy/hilti-cxx-include-dirs.in ${CMAKE_BINARY_DIR}/hilti-cxx-include-dirs @ONLY)
+configure_file(${CMAKE_SOURCE_DIR}/auxil/spicy/hilti-cxx-include-dirs.in
               ${CMAKE_BINARY_DIR}/hilti-cxx-include-dirs @ONLY)
-########################################################################
+# ##############################################################################
-## Packaging Setup
+# Packaging Setup
 if (INSTALL_ZEEKCTL OR INSTALL_ZKG OR INSTALL_ZEEK_CLIENT)
    # CPack RPM Generator may not automatically detect this
    set(CPACK_RPM_PACKAGE_REQUIRES "python >= ${ZEEK_PYTHON_MIN}")
 endif ()
-# If this CMake project is a sub-project of another, we will not
+# If this CMake project is a sub-project of another, we will not configure the
-# configure the generic packaging because CPack will fail in the case
+# generic packaging because CPack will fail in the case that the parent project
-# that the parent project has already configured packaging
+# has already configured packaging
 if ("${PROJECT_SOURCE_DIR}" STREQUAL "${CMAKE_SOURCE_DIR}")
    include(ConfigurePackaging)
    ConfigurePackaging(${VERSION})
@ -1282,8 +1308,7 @@ endif ()
 # Refers back to the "distribution prefix". This is the source tree when
 # referring to Zeek from the build directory and the "share" directory under the
 # install preifx otherwise.
-set(ZEEK_DIST_PREFIX
+set(ZEEK_DIST_PREFIX $<BUILD_INTERFACE:${CMAKE_SOURCE_DIR}>
    $<BUILD_INTERFACE:${CMAKE_SOURCE_DIR}>
                     $<INSTALL_INTERFACE:${CMAKE_INSTALL_DATAROOTDIR}/foo/bar>)
 # Generate extra config file for the dynamic plugins.
@ -1292,12 +1317,9 @@ configure_file(src/ZeekPluginConfig.cmake.in ZeekPluginConfig.cmake @ONLY)
 # Write the CMake package and version files.
 configure_package_config_file(
    "${CMAKE_CURRENT_SOURCE_DIR}/src/ZeekConfig.cmake.in"
-  "${CMAKE_CURRENT_BINARY_DIR}/ZeekConfig.cmake"
+    "${CMAKE_CURRENT_BINARY_DIR}/ZeekConfig.cmake" INSTALL_DESTINATION "${ZEEK_CMAKE_CONFIG_DIR}")
-  INSTALL_DESTINATION "${ZEEK_CMAKE_CONFIG_DIR}")
+write_basic_package_version_file("${CMAKE_CURRENT_BINARY_DIR}/ZeekConfigVersion.cmake"
-write_basic_package_version_file(
+                                 VERSION ${ZEEK_VERSION_NUMBER} COMPATIBILITY ExactVersion)
  "${CMAKE_CURRENT_BINARY_DIR}/ZeekConfigVersion.cmake"
  VERSION ${ZEEK_VERSION_NUMBER}
  COMPATIBILITY ExactVersion)
 # Write the CMake targets file.
 export(EXPORT ZeekTargets FILE ZeekTargets.cmake NAMESPACE Zeek::)
@ -1307,20 +1329,14 @@ configure_file(src/ZeekPluginBootstrap.cmake.in ZeekPluginBootstrap.cmake @ONLY)
 install(FILES "${CMAKE_CURRENT_BINARY_DIR}/ZeekPluginBootstrap.cmake"
        DESTINATION "${ZEEK_CMAKE_CONFIG_DIR}")
-install(
+install(FILES "${CMAKE_CURRENT_BINARY_DIR}/ZeekConfig.cmake"
  FILES
    "${CMAKE_CURRENT_BINARY_DIR}/ZeekConfig.cmake"
              "${CMAKE_CURRENT_BINARY_DIR}/ZeekConfigVersion.cmake"
-  DESTINATION
+        DESTINATION "${ZEEK_CMAKE_CONFIG_DIR}")
    "${ZEEK_CMAKE_CONFIG_DIR}")
-install(
+install(EXPORT ZeekTargets DESTINATION "${ZEEK_CMAKE_CONFIG_DIR}" NAMESPACE Zeek::)
  EXPORT ZeekTargets
  DESTINATION "${ZEEK_CMAKE_CONFIG_DIR}"
  NAMESPACE Zeek::)
-########################################################################
+# ##############################################################################
-## Build Summary
+# Build Summary
 if (CMAKE_BUILD_TYPE)
    string(TOUPPER ${CMAKE_BUILD_TYPE} BuildType)
@ -1357,7 +1373,8 @@ endif ()
 if (ZEEK_LEGACY_ANALYZERS)
    list(JOIN ZEEK_LEGACY_ANALYZERS ", " _legacy_analyzers)
-    set(_legacy_analyzers  "\n          - Using unmaintained legacy analyzers for: ${_legacy_analyzers}")
+    set(_legacy_analyzers
        "\n          - Using unmaintained legacy analyzers for: ${_legacy_analyzers}")
 endif ()
 if (ZEEK_SKIPPED_ANALYZERS)
@ -1366,7 +1383,9 @@ if ( ZEEK_SKIPPED_ANALYZERS )
 endif ()
 if (ZEEK_LEGACY_ANALYZERS OR ZEEK_SKIPPED_ANALYZERS)
-    set(_analyzer_warning "\n\n[Warning] Some analyzers are not available due to lack of built-in Spicy support:${_legacy_analyzers}${_skipped_analyzers}")
+    set(_analyzer_warning
        "\n\n[Warning] Some analyzers are not available due to lack of built-in Spicy support:${_legacy_analyzers}${_skipped_analyzers}"
    )
 endif ()
 message(
@ -1419,7 +1438,6 @@ message(
    "\nFuzz Engine:       ${ZEEK_FUZZING_ENGINE}"
    "${_analyzer_warning}"
    "\n"
-    "\n================================================================\n"
+    "\n================================================================\n")
 )
 include(UserChangedWarning)
--- a/47
+++ b/47
@ -59,6 +59,11 @@ Breaking Changes
 - The IRC_Data analyzer declaration has been moved to protocols/irc/IRC.h.
 - The error message returned when using ``bro_init``, ``bro_done``, and
  ``bro_script_loaded`` events is now removed.  removed. Usage of these events
  has returned that error during script parsing for a few years, and time has
  come to finally remove it.
 New Functionality
 -----------------
@ -86,6 +91,19 @@ New Functionality
  To disable this functionality, pass ``--disable-javascript`` to configure.
 - A new bif ``from_json()`` can be used to parse JSON strings into records.
 	type A: record { a: addr; };
 	local p = from_json({\"a\": \"192.168.0.1\"}", A);
 	if ( p$valid )
 		print (p$v as A)
  Implicit conversion from JSON to Zeek types is implemented for bool, int, count,
  real, interval (number as seconds) and time (number as unix timestamp), port
  (strings in "80/tcp" notation), patterns, addr, subnet, enum, sets, vectors
  and records similar to the rules of the input framework. Optional or default
  record fields are allowed to be missing or null in the input.
 - Zeek now provides native "Community ID" support with a new bif called
  ``community_id_v1()``. Two policy scripts ``protocols/conn/community-id-logging``
   and ``frameworks/notice/community-id`` extend the respective logs with a
@ -104,13 +122,17 @@ New Functionality
 	stats.11:18:57-11:19:00-logger-2.log.gz
  Previously, in a multi-logger setup, individual logger processes would overwrite
-  each others log files during rotation, causing data loss.
+  each other's log files during rotation, causing data loss.
  For setups with a single logger, there's no change in behavior. The naming
  of the final logs can be customized by providing an alternative
  ``make-archive-name`` script and using the new ``ZEEK_ARG_LOG_SUFFIX``
  environment variable.
 - A supervisor controlled Zeek cluster is now multi-logger aware. This avoids
  loggers overwriting each other's log files within a single log-queue directory.
  By default, a logger's name is appended to the rotated logs by zeek-archiver.
 - Introduce a new command-line option ``-V`` / ``--build-info``. It produces
  verbose output in JSON format about the repository state and any included
  plugins.
@ -211,6 +233,13 @@ New Functionality
  messages being correctly parsed and raising the typical SSL/TLS events, the biggest
  visible change is the newly added ``ssl_extension_connection_id`` event.
 - The NTP analyzer now recognizes when client and server mode messages disagree
  with the notion of "originator" and "responder" and flips the connection. This
  can happen in packet loss or packet re-ordering scenarios. Such connections will
  have a ``^`` added to their history.
 - New bifs for ``ceil()`` and ``log2()`` have been added.
 Changed Functionality
 ---------------------
@ -310,8 +339,20 @@ Changed Functionality
 - Libpcap based packet source now avoids the 32bit wraparound of link and
  dropped packet counters as reported by users.
- The ``ssl_history`` field of ``ssl.log`` now correctly logs Hello Retry Request
+- The `ssl_history` field in ssl.log indicates that the letter `j` is reserved
-  messages. Before, they were incorrectly logged as Server Hellos.
+  for hello retry requests. However, this logging was never fully implemented;
  instead, hello retry requests were logged like as a server hello (with the letter
  `s`). This oversight was fixed, and hello retry requests are now correctly logged.
 - When per-connection SMB parser state (read offsets, tree ids, ...) exceeds
  ``SMB::max_pending_messages`` (default 1000), Zeek discards such per-connection
  state and raises a new ``smb2_discarded_messages_state()`` event. This event is
  used to reset script-layer SMB state. This change provides protection against
  unbounded state growth due to partial or one-sided SMB connections.
  Setting ``SMB::max_pending_messages`` to 0 can be used to switch back to the
  previous behavior of not discarding state. Setting ``SMB::enable_state_clear``
  to ``F`` skips the script-layer state clearing logic.
 Removed Functionality
 ---------------------
--- a/2
+++ b/2
@ -1 +1 @@
-6.0.0-dev.480
+6.0.0-dev.533
--- a/auxil/bifcl
+++ b/auxil/bifcl
@ -1 +1 @@
-Subproject commit b6f138be79f7d4408302b1297b0c63092b019773
+Subproject commit 4ad7a297223121b91c94caea6d28ca8888ec6dc1
--- a/auxil/binpac
+++ b/auxil/binpac
@ -1 +1 @@
-Subproject commit e820c29116a50a18079e783f47b96111eb7b5b0b
+Subproject commit e4c7b7027d6053c66d8c278a8dbb9a7c2bac09ad
--- a/auxil/broker
+++ b/auxil/broker
@ -1 +1 @@
-Subproject commit 4fc4c31592c4823d675314bc981931de9e246057
+Subproject commit 000834f60ab7540041c431a3657c23c7476e368d
--- a/auxil/btest
+++ b/auxil/btest
@ -1 +1 @@
-Subproject commit f1183514cd12468d34cb01b147c8d1859a657c31
+Subproject commit 0c3cafb2ed638f88a446732fa03d90af9bcf796c
--- a/auxil/filesystem
+++ b/auxil/filesystem
@ -1 +1 @@
-Subproject commit 3e5b930d9690ef6b87dd034916598e0771f8688d
+Subproject commit 8a2edd6d92ed820521d42c94d179462bf06b5ed3
--- a/auxil/gen-zam
+++ b/auxil/gen-zam
@ -1 +1 @@
-Subproject commit 8534f719a0a384769383bbd4ad71c9eb2084823d
+Subproject commit 94eb4798e5cb1b749e42c84f2d4034c16f6cb9db
--- a/auxil/libunistd
+++ b/auxil/libunistd
@ -1 +1 @@
-Subproject commit 8011410a8a2ba9b57a544d20efd077f83ecb7eda
+Subproject commit 2766a0c45a6dbcdcf26cd1209a73a13323854961
--- a/auxil/package-manager
+++ b/auxil/package-manager
@ -1 +1 @@
-Subproject commit 5ade27d716fd65342be592abf277eea114fefaa7
+Subproject commit e1d8271af1f499b3d072c99ae717d2593f551645
--- a/auxil/zeek-archiver
+++ b/auxil/zeek-archiver
@ -1 +1 @@
-Subproject commit 2b40a6bafedbbf3fba16d292fd9fe8ba6e9de1bf
+Subproject commit e36862b3a6e70bf8557885e12e74cbc91507a693
--- a/auxil/zeek-aux
+++ b/auxil/zeek-aux
@ -1 +1 @@
-Subproject commit fd326e9ced4c078f19ddd32e0afcbe1fe4817a3c
+Subproject commit 1f16b5047b7478cd38eeb8cae7e11479932135fe
--- a/auxil/zeekctl
+++ b/auxil/zeekctl
@ -1 +1 @@
-Subproject commit 7178d15edb4c737a5d6c28d100c0e457b7afed58
+Subproject commit 98301f54336144272d17439ea43b889ffd79a65f
--- a/ci/public-ecr-cleanup.sh
+++ b/ci/public-ecr-cleanup.sh
@ -0,0 +1,63 @@
 #!/bin/bash
 #
 # Script to batch-delete all untagged images from ECR public repositories,
 # defaulting to the zeek/zeek-dev repository.
 # First scans for manifest list images that are referencing other images and
 # deletes them, then deletes all remaining untagged images.
 set -eu
 if ! command -v aws >/dev/null; then
    echo "missing aws command" >&2
    exit 1
 fi
 REGISTRY_ID=${REGISTRY_ID:-103243056077}
 REPOSITORY_NAME=${REPOSITORY_NAME:-zeek-dev}
 BATCH_DELETE_SIZE=${BATCH_DELETE_SIZE:-50}
 # Chunk up "$1" into BATCH_DELETE_SIZE entries and batch-delete them at once
 # via aws batch-delete.
 #
 # Expected input looks as follows to keep things simple:
 #
 #    imageDigest=sha256:db6...366
 #    imageDigest=sha256:2ad...9b0
 #
 function batch_delete {
    while read -r batch; do
        if [ -z "${batch}" ]; then
            break
        fi
        echo "Deleting ${batch}"
        aws ecr-public batch-delete-image \
            --registry-id "${REGISTRY_ID}" \
            --repository-name "${REPOSITORY_NAME}" \
            --image-ids ${batch}
    done < <(xargs -L ${BATCH_DELETE_SIZE} <<<"$1")
 }
 # Find all untagged manifest lists with the following media types:
 #
 #    application/vnd.docker.distribution.manifest.list.v2+json
 #    application/vnd.oci.image.index.v1+json
 #
 # These reference other images, so we need to delete them first as
 # otherwise the referenced images can not be deleted.
 IMAGE_DIGESTS=$(aws ecr-public describe-images \
    --registry-id "${REGISTRY_ID}" \
    --repository-name "${REPOSITORY_NAME}" \
    --query 'imageDetails[?!imageTags && (contains(imageManifestMediaType, `manifest.list.v2`) || contains(imageManifestMediaType, `image.index.v1`))].{imageDigest: join(`=`, [`imageDigest`, imageDigest])}' \
    --output text)
 batch_delete "${IMAGE_DIGESTS}"
 # Now find all untagged manifests that are left.
 IMAGE_DIGESTS=$(aws ecr-public describe-images \
    --registry-id "${REGISTRY_ID}" \
    --repository-name "${REPOSITORY_NAME}" \
    --query 'imageDetails[?!imageTags].{imageDigest: join(`=`, [`imageDigest`, imageDigest])}' \
    --output text)
 batch_delete "${IMAGE_DIGESTS}"
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 70c6180afcc06767d0ab031d7c36cb0dd6503094
+Subproject commit a90d69179607c5083158f926be6d37f3db18f110
--- a/57
+++ b/57
@ -12,6 +12,9 @@ command="$0 $*"
 usage="\
 Usage: $0 [OPTION]... [VAR=VALUE]...
  -h, --help                    display this help and exit
  --show-config                 display the most relevant config parameters of an existing build
  Build Options:
    --cmake=PATH                custom path to a CMake binary
    --builddir=DIR              place build files in directory [build]
@ -149,42 +152,10 @@ append_cache_entry() {
    CMakeCacheEntries="$CMakeCacheEntries -D $1:$2=$3"
 }
 # Function to remove a CMake cache entry definition from the
 # CMakeCacheEntries variable
 #   $1 is the cache entry variable name
 remove_cache_entry() {
    CMakeCacheEntries="$CMakeCacheEntries -U $1"
    # Even with -U, cmake still warns by default if
    # added previously with -D.
    CMakeCacheEntries="$CMakeCacheEntries --no-warn-unused-cli"
 }
 # set defaults
 builddir=build
 prefix=/usr/local/zeek
 CMakeCacheEntries=""
 display_cmake=0
 append_cache_entry CMAKE_INSTALL_PREFIX PATH $prefix
 append_cache_entry ZEEK_ROOT_DIR PATH $prefix
 append_cache_entry ZEEK_SCRIPT_INSTALL_PATH STRING $prefix/share/zeek
 append_cache_entry ZEEK_ETC_INSTALL_DIR PATH $prefix/etc
 append_cache_entry ENABLE_DEBUG BOOL false
 append_cache_entry ENABLE_PERFTOOLS BOOL false
 append_cache_entry ENABLE_JEMALLOC BOOL false
 append_cache_entry ENABLE_ZEEK_UNIT_TESTS BOOL true
 append_cache_entry BUILD_SHARED_LIBS BOOL true
 append_cache_entry INSTALL_AUX_TOOLS BOOL true
 append_cache_entry INSTALL_BTEST BOOL true
 append_cache_entry INSTALL_BTEST_PCAPS BOOL true
 append_cache_entry INSTALL_ZEEK_ARCHIVER BOOL true
 append_cache_entry INSTALL_ZEEK_CLIENT BOOL true
 append_cache_entry INSTALL_ZEEKCTL BOOL true
 append_cache_entry INSTALL_ZKG BOOL true
 append_cache_entry CPACK_SOURCE_IGNORE_FILES STRING
 append_cache_entry ZEEK_SANITIZERS STRING ""
 append_cache_entry ZEEK_INCLUDE_PLUGINS STRING ""
 append_cache_entry PREALLOCATE_PORT_ARRAY BOOL true
 # parse arguments
 while [ $# -ne 0 ]; do
@ -198,6 +169,14 @@ while [ $# -ne 0 ]; do
            echo "${usage}" 1>&2
            exit 1
            ;;
        --show-config)
            if [ ! -f "$builddir/CMakeCache.txt" ]; then
                echo "Error: no CMake build found under '$builddir'." 1>&2
                exit 1
            fi
            grep -E "^ENABLE_|^ZEEK_|^INSTALL_|^CMAKE_INSTALL_PRE|^CMAKE_C.*_FLAGS|^CMAKE_C.*_COMPILER|^CMAKE_.*_LINKER_FLAGS|^CMAKE_BUILD" "$builddir/CMakeCache.txt" | grep -v ':INTERNAL'
            exit 0
            ;;
        -D)
            shift
            if [ $# -eq 0 ]; then
@ -217,10 +196,6 @@ while [ $# -ne 0 ]; do
            ;;
        --build-type=*)
            append_cache_entry CMAKE_BUILD_TYPE STRING $optarg
            if [ $(echo "$optarg" | tr [:upper:] [:lower:]) = "debug" ]; then
                append_cache_entry ENABLE_DEBUG BOOL true
            fi
            ;;
        --generator=*)
            CMakeGenerator="$optarg"
@ -235,9 +210,7 @@ while [ $# -ne 0 ]; do
            append_cache_entry ZEEK_INCLUDE_PLUGINS STRING \"$optarg\"
            ;;
        --prefix=*)
            prefix=$optarg
            append_cache_entry CMAKE_INSTALL_PREFIX PATH $optarg
            append_cache_entry ZEEK_ROOT_DIR PATH $optarg
            ;;
        --libdir=*)
            append_cache_entry CMAKE_INSTALL_LIBDIR PATH $optarg
@ -454,14 +427,6 @@ if [ -z "$CMakeCommand" ]; then
    fi
 fi
 if [ "$user_set_scriptdir" != "true" ]; then
    append_cache_entry ZEEK_SCRIPT_INSTALL_PATH STRING $prefix/share/zeek
 fi
 if [ "$user_set_conffilesdir" != "true" ]; then
    append_cache_entry ZEEK_ETC_INSTALL_DIR PATH $prefix/etc
 fi
 if [ -d $builddir ]; then
    # If build directory exists, check if it has a CMake cache
    if [ -f $builddir/CMakeCache.txt ]; then
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit f3f85f68ecec844e5770900aa871361627451ae1
+Subproject commit 6da8036bebf01361acee8b15fc3239ccea3e15b4
--- a/man/CMakeLists.txt
+++ b/man/CMakeLists.txt
@ -1,5 +1,5 @@
-
+install(
-install(DIRECTORY . DESTINATION ${ZEEK_MAN_INSTALL_PATH}/man8 FILES_MATCHING
+    DIRECTORY .
-        PATTERN "*.8"
+    DESTINATION ${ZEEK_MAN_INSTALL_PATH}/man8
-)
+    FILES_MATCHING
-
+    PATTERN "*.8")
--- a/scripts/CMakeLists.txt
+++ b/scripts/CMakeLists.txt
@ -1,21 +1,21 @@
 include(InstallPackageConfigFile)
-install(DIRECTORY ./ DESTINATION ${ZEEK_SCRIPT_INSTALL_PATH} FILES_MATCHING
+install(
    DIRECTORY ./
    DESTINATION ${ZEEK_SCRIPT_INSTALL_PATH}
    FILES_MATCHING
    PATTERN "site/local*" EXCLUDE
    PATTERN "*.zeek"
    PATTERN "*.sig"
-        PATTERN "*.fp"
+    PATTERN "*.fp")
 )
-# Install local script as a config file since it's meant to be modified directly.
+# Install local script as a config file since it's meant to be modified
-InstallPackageConfigFile(
+# directly.
-    ${CMAKE_CURRENT_SOURCE_DIR}/site/local.zeek
+InstallPackageConfigFile(${CMAKE_CURRENT_SOURCE_DIR}/site/local.zeek
-    ${ZEEK_SCRIPT_INSTALL_PATH}/site
+                         ${ZEEK_SCRIPT_INSTALL_PATH}/site local.zeek)
    local.zeek)
 # Substitute values in templated script files, and install them.
-configure_file(
+configure_file(${CMAKE_CURRENT_SOURCE_DIR}/base/misc/installation.zeek.in
    ${CMAKE_CURRENT_SOURCE_DIR}/base/misc/installation.zeek.in
               ${CMAKE_CURRENT_BINARY_DIR}/base/misc/installation.zeek @ONLY)
 install(FILES ${CMAKE_CURRENT_BINARY_DIR}/base/misc/installation.zeek
--- a/scripts/base/frameworks/cluster/nodes/logger.zeek
+++ b/scripts/base/frameworks/cluster/nodes/logger.zeek
@ -22,6 +22,32 @@ redef Log::default_rotation_interval = 1 hrs;
 ## Alarm summary mail interval.
 redef Log::default_mail_alarms_interval = 24 hrs;
 ## Generic log metadata rendered into the filename that zeek-archiver may interpret.
 ## This is populated with a log_suffix entry within zeek_init() when multiple
 ## logger nodes are defined in cluster-layout.zeek.
 global log_metadata: table[string] of string;
 ## Encode the given table as zeek-archiver understood metadata part.
 function encode_log_metadata(tbl: table[string] of string): string
 	{
 	local metadata_vec: vector of string;
 	for ( k, v in log_metadata )
 		{
 		if ( |v| == 0 )  # Assume concious decision to skip this entry.
 			next;
 		if ( /[,=]/ in k || /[,=]/ in v )
 			{
 			Reporter::warning(fmt("Invalid log_metadata: k='%s' v='%s'", k, v));
 			next;
 			}
 		metadata_vec += fmt("%s=%s", strip(k), strip(v));
 		}
 	return join_string_vec(metadata_vec, ",");
 	}
 ## This function will rotate logs in a format compatible with zeek-archiver.
 ## If you're using the Supervisor framework, this function will be used,
 ## if not, you can set :zeek:see:`Log::rotation_format_func` to this function.
@ -30,6 +56,10 @@ function archiver_rotation_format_func(ri: Log::RotationFmtInfo): Log::RotationP
 	local open_str = strftime(Log::default_rotation_date_format, ri$open);
 	local close_str = strftime(Log::default_rotation_date_format, ri$close);
 	local base = fmt("%s__%s__%s__", ri$path, open_str, close_str);
 	if ( |log_metadata| > 0 )
 		base = fmt("%s%s__", base, encode_log_metadata(log_metadata));
 	local rval = Log::RotationPath($file_basename=base);
 	return rval;
 	}
@ -42,6 +72,14 @@ redef Log::rotation_format_func = archiver_rotation_format_func;
 redef LogAscii::enable_leftover_log_rotation = T;
 event zeek_init()
 	{
 	if ( "log_suffix" in log_metadata )
 		return;
 	if ( Cluster::get_node_count(Cluster::LOGGER) > 1 )
 		log_metadata["log_suffix"] = Cluster::node;
 	}
@else
 ## Use the cluster's archive logging script.
--- a/scripts/base/frameworks/notice/weird.zeek
+++ b/scripts/base/frameworks/notice/weird.zeek
@ -210,6 +210,7 @@ export {
 		["spontaneous_FIN"]                     = ACTION_IGNORE,
 		["spontaneous_RST"]                     = ACTION_IGNORE,
 		["SMB_parsing_error"]                   = ACTION_LOG,
 		["SMB_discarded_messages_state"]        = ACTION_LOG,
 		["no_smb_session_using_parsesambamsg"]  = ACTION_LOG,
 		["smb_andx_command_failed_to_parse"]    = ACTION_LOG,
 		["smb_tree_connect_andx_response_without_tree"] = ACTION_LOG_PER_CONN,
--- a/scripts/base/init-bare.zeek
+++ b/scripts/base/init-bare.zeek
@ -1094,6 +1094,14 @@ type entropy_test_result: record {
 	serial_correlation: double;	##< Serial correlation coefficient.
 };
 ## Return type for from_json BIF.
 ##
 ## .. zeek:see:: from_json
 type from_json_result: record { 
 	v: any &optional;	##< Parsed value.
 	valid: bool;	##< True if parsing was successful.
 };
 # TCP values for :zeek:see:`endpoint` *state* field.
 # todo:: these should go into an enum to make them autodoc'able.
 const TCP_INACTIVE = 0;	##< Endpoint is still inactive.
@ -2988,6 +2996,16 @@ export {
 	##
 	## .. zeek:see:: smb_pipe_connect_heuristic
 	const SMB::pipe_filenames: set[string] &redef;
 	## The maximum number of messages for which to retain state
 	## about offsets, fids, or tree ids within the parser. When
 	## the limit is reached, internal parser state is discarded
 	## and :zeek:see:`smb2_discarded_messages_state` raised.
 	##
 	## Setting this to zero will disable the functionality.
 	##
 	## .. zeek:see:: smb2_discarded_messages_state
 	const SMB::max_pending_messages = 1000 &redef;
 }
 module SMB1;
--- a/scripts/base/protocols/smb/main.zeek
+++ b/scripts/base/protocols/smb/main.zeek
@ -44,6 +44,13 @@ export {
 		PRINT_CLOSE,
 	};
 	## Whether to reset a connection's SMB script state whenever a
 	## :zeek:see:`smb2_discarded_messages_state` event is raised.
 	##
 	## This setting protects from unbounded script state growth in
 	## environments with high capture loss or traffic anomalies.
 	option enable_clear_script_state = T;
 	## This record is for the smb_files.log
 	type FileInfo: record {
 		## Time when the file was first discovered.
--- a/scripts/base/protocols/smb/smb2-main.zeek
+++ b/scripts/base/protocols/smb/smb2-main.zeek
@ -1,3 +1,5 @@
@load base/frameworks/notice/weird
@load ./main
 module SMB2;
@ -344,3 +346,25 @@ event smb2_close_request(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID)
 		#Reporter::warning("attempting to close an unknown file!");
 		}
 	}
 event smb2_discarded_messages_state(c: connection, state: string)
 	{
 	if ( ! c?$smb_state )
 		return;
 	local addl = fmt("state=%s fid_map=%s tid_map=%s pending_cmds=%s pipe_map=%s",
 	                 state, |c$smb_state$fid_map|, |c$smb_state$tid_map|,
 	                 |c$smb_state$pending_cmds|, |c$smb_state$pipe_map|);
 	Reporter::conn_weird("SMB_discarded_messages_state", c, addl, "SMB2");
 	if ( ! SMB::enable_clear_script_state )
 		return;
 	# Wipe out script-level state for this connection.
 	c$smb_state$fid_map = table();
 	c$smb_state$pending_cmds = table();
 	# Not expected to grow overly large and the original
 	# zeek-smb-clear-state package didn't reset these either.
 	# c$smb_state$tid_map = table();
 	# c$smb_state$pipe_map = table();
 	}
--- a/scripts/base/protocols/ssl/ct-list.zeek
+++ b/scripts/base/protocols/ssl/ct-list.zeek
@ -1,44 +1,35 @@
 #
 # Do not edit this file. This file is automatically generated by gen-ct-list.pl
-# File generated at Thu Oct  6 13:17:02 2022
+# File generated at Wed May  3 10:30:21 2023
 # File generated from https://www.gstatic.com/ct/log_list/v3/log_list.json
-# Source file generated at: 2022-10-05T12:55:24Z
+# Source file generated at: 2023-05-02T12:55:51Z
-# Source file version: 13.6
+# Source file version: 20.60
 #
@load base/protocols/ssl
 module SSL;
 redef ct_logs += {
 ["\x29\x79\xbe\xf0\x9e\x39\x39\x21\xf0\x56\x73\x9f\x63\xa5\x77\xe5\xbe\x57\x7d\x9c\x60\x0a\xf8\xf9\x4d\x5d\x26\x5c\x25\x5d\xc7\x84"] = CTInfo($description="Google 'Argon2022' log", $operator="Google", $url="https://ct.googleapis.com/logs/argon2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x78\x83\xdc\xe9\xf1\xa6\xb8\x18\x3a\x00\x99\x2f\xff\x3e\xcd\x15\xc9\x26\x1e\xf7\xff\x3a\xa9\xa3\x72\x16\x49\xeb\x09\xb6\xa8\xdd\xb4\xd2\x47\x91\x0e\x0d\xf9\xd9\xd5\xa9\x8b\xb0\x87\x9d\x25\x79\xd4\x1a\x50\x60\x08\xf5\x09\x06\x39\x26\xe4\x40\xc2\xba\xc3\xc2"),
 ["\xe8\x3e\xd0\xda\x3e\xf5\x06\x35\x32\xe7\x57\x28\xbc\x89\x6b\xc9\x03\xd3\xcb\xd1\x11\x6b\xec\xeb\x69\xe1\x77\x7d\x6d\x06\xbd\x6e"] = CTInfo($description="Google 'Argon2023' log", $operator="Google", $url="https://ct.googleapis.com/logs/argon2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd0\x90\x8f\x64\x52\x4e\x42\xac\x84\xb6\x2e\x4c\xf2\x3d\x77\x00\xb3\x77\x08\x05\x47\xaa\x45\x4c\xe3\x2c\x8e\x70\xa5\x82\xbb\x6c\xb2\x7b\x9c\x98\x7a\xa0\xe9\x11\x76\x28\x00\xb2\x20\xb4\xcd\xd3\x98\x7b\x4d\x96\x27\xe6\xb7\xee\x22\x6a\xd1\xb0\x2e\x91\x77\x78"),
 ["\xee\xcd\xd0\x64\xd5\xdb\x1a\xce\xc5\x5c\xb7\x9d\xb4\xcd\x13\xa2\x32\x87\x46\x7c\xbc\xec\xde\xc3\x51\x48\x59\x46\x71\x1f\xb5\x9b"] = CTInfo($description="Google 'Argon2024' log", $operator="Google", $url="https://ct.googleapis.com/logs/us1/argon2024/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x1d\xb9\x6c\xa9\xcb\x69\x94\xc5\x5c\xe6\xb6\xa6\x03\xbb\xd2\xb8\xdc\x54\x43\x17\x28\x99\x0c\x06\x01\x50\x1d\x9d\x64\xc0\x59\x46\x2b\xdc\xc8\x03\x1d\x05\xb4\x2d\xa8\x09\xf7\x99\x41\xed\x04\xfb\xe5\x57\xba\x26\x04\xf6\x11\x52\xce\x14\x65\x3b\x2f\x76\x2b\xc0"),
 ["\x46\xa5\x55\xeb\x75\xfa\x91\x20\x30\xb5\xa2\x89\x69\xf4\xf3\x7d\x11\x2c\x41\x74\xbe\xfd\x49\xb8\x85\xab\xf2\xfc\x70\xfe\x6d\x47"] = CTInfo($description="Google 'Xenon2022' log", $operator="Google", $url="https://ct.googleapis.com/logs/xenon2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xf9\x64\xbd\x15\x2c\x40\x62\x50\x95\x13\x38\x3c\xc7\x21\xb0\x3a\xb9\x8f\xa2\x7a\x15\xd7\x89\xd6\x8e\x31\x13\x00\x87\x59\xbc\xbb\xee\x90\xfc\xc8\x58\x13\x0a\xbf\xab\x43\x36\x54\x23\xa4\x81\xcd\xad\x47\x14\xb7\x58\xa0\x44\xfa\x6a\xa0\xa0\xd7\xc3\x63\x1e\x2b"),
 ["\xad\xf7\xbe\xfa\x7c\xff\x10\xc8\x8b\x9d\x3d\x9c\x1e\x3e\x18\x6a\xb4\x67\x29\x5d\xcf\xb1\x0c\x24\xca\x85\x86\x34\xeb\xdc\x82\x8a"] = CTInfo($description="Google 'Xenon2023' log", $operator="Google", $url="https://ct.googleapis.com/logs/xenon2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x72\x16\x3e\x0b\xef\xef\xce\x3e\x60\xdd\x95\xcb\x63\x7a\xb9\xa9\x8d\x4a\x6f\x6c\xdc\x61\x80\xa6\x45\x5e\x2f\x83\xac\x94\xf3\x85\x88\xd0\xa5\x74\xd0\x7b\x8e\xff\xc5\xee\x42\xa2\xf0\x2d\x93\xe3\xc2\xd0\xb2\x99\xe2\xe1\x42\xe9\xd2\xc6\x00\x27\x69\x74\xae\xce"),
 ["\x76\xff\x88\x3f\x0a\xb6\xfb\x95\x51\xc2\x61\xcc\xf5\x87\xba\x34\xb4\xa4\xcd\xbb\x29\xdc\x68\x42\x0a\x9f\xe6\x67\x4c\x5a\x3a\x74"] = CTInfo($description="Google 'Xenon2024' log", $operator="Google", $url="https://ct.googleapis.com/logs/eu1/xenon2024/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xb9\x60\xe0\x34\x1e\x35\xe4\x65\x00\x93\x4f\x90\x09\xbd\x5a\xec\x44\xdd\x8c\x0f\xce\xed\x11\x3e\x2a\x59\x46\x9a\x31\xb6\xc7\x99\xf7\xdc\xef\x3d\xcd\x8f\x86\xc2\x35\xa5\x3e\xdc\x29\xba\xbb\xf2\x54\xe2\xa8\x0c\x83\x08\x51\x06\xde\x21\x6d\x36\x50\x8e\x38\x4d"),
 ["\x29\x3c\x51\x96\x54\xc8\x39\x65\xba\xaa\x50\xfc\x58\x07\xd4\xb7\x6f\xbf\x58\x7a\x29\x72\xdc\xa4\xc3\x0c\xf4\xe5\x45\x47\xf4\x78"] = CTInfo($description="Google 'Icarus' log", $operator="Google", $url="https://ct.googleapis.com/icarus/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x4e\xd2\xbc\xbf\xb3\x08\x0a\xf7\xb9\xea\xa4\xc7\x1c\x38\x61\x04\xeb\x95\xe0\x89\x54\x68\x44\xb1\x66\xbc\x82\x7e\x4f\x50\x6c\x6f\x5c\xa3\xf0\xaa\x3e\xf4\xec\x80\xf0\xdb\x0a\x9a\x7a\xa0\x5b\x72\x00\x7c\x25\x0e\x19\xef\xaf\xb2\x62\x8d\x74\x43\xf4\x26\xf6\x14"),
 ["\xa4\xb9\x09\x90\xb4\x18\x58\x14\x87\xbb\x13\xa2\xcc\x67\x70\x0a\x3c\x35\x98\x04\xf9\x1b\xdf\xb8\xe3\x77\xcd\x0e\xc8\x0d\xdc\x10"] = CTInfo($description="Google 'Pilot' log", $operator="Google", $url="https://ct.googleapis.com/pilot/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x7d\xa8\x4b\x12\x29\x80\xa3\x3d\xad\xd3\x5a\x77\xb8\xcc\xe2\x88\xb3\xa5\xfd\xf1\xd3\x0c\xcd\x18\x0c\xe8\x41\x46\xe8\x81\x01\x1b\x15\xe1\x4b\xf1\x1b\x62\xdd\x36\x0a\x08\x18\xba\xed\x0b\x35\x84\xd0\x9e\x40\x3c\x2d\x9e\x9b\x82\x65\xbd\x1f\x04\x10\x41\x4c\xa0"),
 ["\xee\x4b\xbd\xb7\x75\xce\x60\xba\xe1\x42\x69\x1f\xab\xe1\x9e\x66\xa3\x0f\x7e\x5f\xb0\x72\xd8\x83\x00\xc4\x7b\x89\x7a\xa8\xfd\xcb"] = CTInfo($description="Google 'Rocketeer' log", $operator="Google", $url="https://ct.googleapis.com/rocketeer/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x20\x5b\x18\xc8\x3c\xc1\x8b\xb3\x31\x08\x00\xbf\xa0\x90\x57\x2b\xb7\x47\x8c\x6f\xb5\x68\xb0\x8e\x90\x78\xe9\xa0\x73\xea\x4f\x28\x21\x2e\x9c\xc0\xf4\x16\x1b\xaa\xf9\xd5\xd7\xa9\x80\xc3\x4e\x2f\x52\x3c\x98\x01\x25\x46\x24\x25\x28\x23\x77\x2d\x05\xc2\x40\x7a"),
 ["\xbb\xd9\xdf\xbc\x1f\x8a\x71\xb5\x93\x94\x23\x97\xaa\x92\x7b\x47\x38\x57\x95\x0a\xab\x52\xe8\x1a\x90\x96\x64\x36\x8e\x1e\xd1\x85"] = CTInfo($description="Google 'Skydiver' log", $operator="Google", $url="https://ct.googleapis.com/skydiver/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x12\x6c\x86\x0e\xf6\x17\xb1\x12\x6c\x37\x25\xd2\xad\x87\x3d\x0e\x31\xec\x21\xad\xb1\xcd\xbe\x14\x47\xb6\x71\x56\x85\x7a\x9a\xb7\x3d\x89\x90\x7b\xc6\x32\x3a\xf8\xda\xce\x8b\x01\xfe\x3f\xfc\x71\x91\x19\x8e\x14\x6e\x89\x7a\x5d\xb4\xab\x7e\xe1\x4e\x1e\x7c\xac"),
 ["\x41\xc8\xca\xb1\xdf\x22\x46\x4a\x10\xc6\xa1\x3a\x09\x42\x87\x5e\x4e\x31\x8b\x1b\x03\xeb\xeb\x4b\xc7\x68\xf0\x90\x62\x96\x06\xf6"] = CTInfo($description="Cloudflare 'Nimbus2022' Log", $operator="Cloudflare", $url="https://ct.cloudflare.com/logs/nimbus2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x48\xb2\x47\x4e\x50\x32\x72\x62\x4a\x0d\x0c\x48\xbf\xad\x29\x64\x6f\x20\xdf\x79\x52\x63\x16\x29\x0a\x2e\x60\xb5\xe2\x3a\x1c\xb7\xaf\x59\xb1\x55\x09\xdb\x59\xc7\xe9\xbd\x6f\xed\x0b\xaf\x05\x96\x97\xff\x3b\x9a\x43\x4d\xeb\x11\x34\x33\x8a\xe7\xac\x83\xc0\xff"),
 ["\x7a\x32\x8c\x54\xd8\xb7\x2d\xb6\x20\xea\x38\xe0\x52\x1e\xe9\x84\x16\x70\x32\x13\x85\x4d\x3b\xd2\x2b\xc1\x3a\x57\xa3\x52\xeb\x52"] = CTInfo($description="Cloudflare 'Nimbus2023' Log", $operator="Cloudflare", $url="https://ct.cloudflare.com/logs/nimbus2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x8b\xff\x2d\x92\x18\xcb\x46\x9d\x12\x5e\xb9\x59\x75\x3c\xcd\x91\x37\x7a\x1e\xa9\x9c\x99\x78\x83\x27\x3d\xdf\x01\xd5\x8b\x80\xe8\x63\x9a\xfe\x26\xa2\x1b\xd1\x87\x05\xee\x97\xd6\xe0\x5b\x43\x83\x81\x1c\x02\xf5\x41\x80\x80\x7f\xef\xa4\x61\xcf\xbc\x84\xb5\xa8"),
 ["\xda\xb6\xbf\x6b\x3f\xb5\xb6\x22\x9f\x9b\xc2\xbb\x5c\x6b\xe8\x70\x91\x71\x6c\xbb\x51\x84\x85\x34\xbd\xa4\x3d\x30\x48\xd7\xfb\xab"] = CTInfo($description="Cloudflare 'Nimbus2024' Log", $operator="Cloudflare", $url="https://ct.cloudflare.com/logs/nimbus2024/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x77\xb1\x9b\x7b\x8f\xe6\x8b\x35\xfe\x3a\x92\x29\x2d\xac\x8a\x8d\x51\x8a\x25\xfc\x93\xb6\xd7\xa0\x8b\x29\x37\x71\x1d\x33\xca\xcc\x33\xea\x28\xb9\x1f\xe2\xac\xc3\xa9\x5d\xdd\x97\xbe\xf6\x9e\x94\x25\xdd\x36\x81\xd1\xeb\x5d\x29\xc3\x2b\x44\xf1\x5b\xca\x15\x48"),
 ["\x56\x14\x06\x9a\x2f\xd7\xc2\xec\xd3\xf5\xe1\xbd\x44\xb2\x3e\xc7\x46\x76\xb9\xbc\x99\x11\x5c\xc0\xef\x94\x98\x55\xd6\x89\xd0\xdd"] = CTInfo($description="DigiCert Log Server", $operator="DigiCert", $url="https://ct1.digicert-ct.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x02\x46\xc5\xbe\x1b\xbb\x82\x40\x16\xe8\xc1\xd2\xac\x19\x69\x13\x59\xf8\xf8\x70\x85\x46\x40\xb9\x38\xb0\x23\x82\xa8\x64\x4c\x7f\xbf\xbb\x34\x9f\x4a\x5f\x28\x8a\xcf\x19\xc4\x00\xf6\x36\x06\x93\x65\xed\x4c\xf5\xa9\x21\x62\x5a\xd8\x91\xeb\x38\x24\x40\xac\xe8"),
 ["\x87\x75\xbf\xe7\x59\x7c\xf8\x8c\x43\x99\x5f\xbd\xf3\x6e\xff\x56\x8d\x47\x56\x36\xff\x4a\xb5\x60\xc1\xb4\xea\xff\x5e\xa0\x83\x0f"] = CTInfo($description="DigiCert Log Server 2", $operator="DigiCert", $url="https://ct2.digicert-ct.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xcc\x5d\x39\x2f\x66\xb8\x4c\x7f\xc1\x2e\x03\xa1\x34\xa3\xe8\x8a\x86\x02\xae\x4a\x11\xc6\xf7\x26\x6a\x37\x9b\xf0\x38\xf8\x5d\x09\x8d\x63\xe8\x31\x6b\x86\x66\xcf\x79\xb3\x25\x3c\x1e\xdf\x78\xb4\xa8\xc5\x69\xfa\xb7\xf0\x82\x79\x62\x43\xf6\xcc\xfe\x81\x66\x84"),
 ["\x22\x45\x45\x07\x59\x55\x24\x56\x96\x3f\xa1\x2f\xf1\xf7\x6d\x86\xe0\x23\x26\x63\xad\xc0\x4b\x7f\x5d\xc6\x83\x5c\x6e\xe2\x0f\x02"] = CTInfo($description="DigiCert Yeti2022 Log", $operator="DigiCert", $url="https://yeti2022.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x9f\xf8\xd8\x1d\xde\xfb\x5b\x51\xb5\xfb\x5d\xf5\xb5\xde\x66\x11\xb0\x9d\x5f\xfd\x6f\xfc\xa8\x98\x5b\x98\x4f\x2d\xc3\x91\x3a\xfb\xfe\xc4\x0f\x0d\xc3\x60\x43\x8c\x1e\xf2\xf9\x11\xb2\xba\xd0\xf6\xbc\xa5\xd2\xb6\x9f\xf9\x5c\x87\xa2\x7d\xfc\xd4\x7d\xd6\x13\x26"),
 ["\x35\xcf\x19\x1b\xbf\xb1\x6c\x57\xbf\x0f\xad\x4c\x6d\x42\xcb\xbb\xb6\x27\x20\x26\x51\xea\x3f\xe1\x2a\xef\xa8\x03\xc3\x3b\xd6\x4c"] = CTInfo($description="DigiCert Yeti2023 Log", $operator="DigiCert", $url="https://yeti2023.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x7d\x0d\x03\xb1\xd5\x98\x8a\xdc\xf0\x15\x3b\xc6\xdc\x5e\x0d\x6e\x3f\x0d\xbf\x95\xc8\x55\x8c\xd0\xa6\x4c\x96\xb1\x4e\x27\xb9\x26\x25\x99\xcc\x2b\x02\x9e\xa6\xd3\xdd\x9f\xb1\xd5\xc4\xc3\xac\x35\x04\x07\x87\x97\x36\xaa\xad\x28\x0d\x7f\x2b\xd9\x68\x9f\x72\xd1"),
 ["\x48\xb0\xe3\x6b\xda\xa6\x47\x34\x0f\xe5\x6a\x02\xfa\x9d\x30\xeb\x1c\x52\x01\xcb\x56\xdd\x2c\x81\xd9\xbb\xbf\xab\x39\xd8\x84\x73"] = CTInfo($description="DigiCert Yeti2024 Log", $operator="DigiCert", $url="https://yeti2024.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x57\xb8\xc1\x6f\x30\xa4\x7f\x2e\xe4\xf0\xd0\xd9\x60\x62\x13\x95\xe3\x7a\xe3\x4e\x53\xc3\xb3\xb8\x73\x85\xc1\x18\x0d\x23\x0e\x58\x84\xd2\x78\xef\x9b\xb3\x1e\x2c\x1a\xde\xc1\x8f\x81\x1b\x19\x44\x58\xb7\x00\x77\x60\x20\x1a\x72\xd8\x82\xde\xae\x9e\xb1\xc6\x4b"),
 ["\x7d\x59\x1e\x12\xe1\x78\x2a\x7b\x1c\x61\x67\x7c\x5e\xfd\xf8\xd0\x87\x5c\x14\xa0\x4e\x95\x9e\xb9\x03\x2f\xd9\x0e\x8c\x2e\x79\xb8"] = CTInfo($description="DigiCert Yeti2025 Log", $operator="DigiCert", $url="https://yeti2025.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xdf\x95\x00\x5e\x10\xc1\x01\xf7\x37\xe3\x10\x74\xd1\xff\xb2\xca\x90\xed\x32\x99\x5f\x0c\x39\xfe\xa1\xd1\x13\x11\xac\xd1\xb3\x73\x93\x20\xc2\x13\x3c\x4c\xb5\x7a\x52\x86\x86\x3d\xe3\x95\x24\x7c\xd8\x91\x98\x48\x3b\xf0\xf0\xdf\x21\xf1\xb0\x81\x5a\x59\x25\x43"),
 ["\x51\xa3\xb0\xf5\xfd\x01\x79\x9c\x56\x6d\xb8\x37\x78\x8f\x0c\xa4\x7a\xcc\x1b\x27\xcb\xf7\x9e\x88\x42\x9a\x0d\xfe\xd4\x8b\x05\xe5"] = CTInfo($description="DigiCert Nessie2022 Log", $operator="DigiCert", $url="https://nessie2022.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x27\x24\xdd\x68\x03\x28\xcb\xfe\x63\xbe\x0e\x11\x47\x4d\x7d\x17\x68\xa1\x11\x5d\x4c\x71\xc9\x41\x28\xc7\xb6\xa2\x4b\x97\xec\xc0\xaf\xfc\x2f\x3b\xbf\xe9\xf1\xb1\xfc\xf5\x01\xff\xa9\xfb\x49\x40\x0c\x63\x24\x98\xd7\x79\x2e\xa6\x55\xab\x16\xc6\xbe\x51\xd8\x71"),
 ["\xb3\x73\x77\x07\xe1\x84\x50\xf8\x63\x86\xd6\x05\xa9\xdc\x11\x09\x4a\x79\x2d\xb1\x67\x0c\x0b\x87\xdc\xf0\x03\x0e\x79\x36\xa5\x9a"] = CTInfo($description="DigiCert Nessie2023 Log", $operator="DigiCert", $url="https://nessie2023.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x11\x7b\xbc\x89\x0c\x12\x09\x14\x9f\xd8\x26\xc8\x4c\x6a\x54\xa4\x1b\x45\x56\xdf\x3e\x23\x42\x14\xd1\xdd\x42\xdf\xa2\xdf\x7b\x5f\x9f\x6f\x07\x5a\x23\x46\x79\x16\x4b\x5f\x33\x67\xc1\xa0\x8d\x5b\x5c\x17\x75\xf2\x4d\xa0\x80\xa1\x98\x1a\x07\x59\x06\x02\xca\x4e"),
 ["\x73\xd9\x9e\x89\x1b\x4c\x96\x78\xa0\x20\x7d\x47\x9d\xe6\xb2\xc6\x1c\xd0\x51\x5e\x71\x19\x2a\x8c\x6b\x80\x10\x7a\xc1\x77\x72\xb5"] = CTInfo($description="DigiCert Nessie2024 Log", $operator="DigiCert", $url="https://nessie2024.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x2d\xfc\xa2\x7b\x36\xbf\x56\x91\xe9\xfe\x3f\xe8\x3d\xfc\xc3\xa7\xe0\x61\x52\xea\x2c\xe9\x05\xa3\x9f\x27\x17\x81\x05\x70\x6b\x81\x61\x44\x8a\xf8\x3b\x10\x80\x42\xed\x03\x2f\x00\x50\x21\xfc\x41\x54\x84\xa3\x54\xd5\x2e\xb2\x7a\x16\x4b\x2a\x1f\x2b\x66\x04\x2b"),
 ["\xe6\xd2\x31\x63\x40\x77\x8c\xc1\x10\x41\x06\xd7\x71\xb9\xce\xc1\xd2\x40\xf6\x96\x84\x86\xfb\xba\x87\x32\x1d\xfd\x1e\x37\x8e\x50"] = CTInfo($description="DigiCert Nessie2025 Log", $operator="DigiCert", $url="https://nessie2025.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xf2\xf0\xf0\xa7\x8b\x81\x2e\x09\x39\x3b\x9f\x42\xda\x38\x44\x5f\xb4\xcc\xed\x36\xbb\xd8\x43\x7f\x16\x49\x57\x87\x04\x7f\xa5\x01\x34\xf7\xe8\x68\x3f\xb7\x78\x1f\x60\x66\x2d\x67\x9a\x75\x80\xb7\x53\xa7\x85\xd5\xbc\xab\x47\x06\x55\xdb\xb5\xdf\x88\xa1\x6f\x38"),
 ["\x05\x9c\x01\xd3\x20\xe0\x07\x84\x13\x95\x80\x49\x8d\x11\x7c\x90\x32\x66\xaf\xaf\x72\x50\xb5\xaf\x3b\x46\xa4\x3e\x11\x84\x0d\x4a"] = CTInfo($description="DigiCert Yeti2022-2 Log", $operator="DigiCert", $url="https://yeti2022-2.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x1d\x69\x5e\x3f\x0a\xf2\x71\x77\xcd\x9d\x5d\xc3\x34\x49\x00\xee\x60\x77\xe1\x72\x76\x74\xa8\x7c\x5c\x7d\x09\xf2\x32\x1d\x05\x7e\x2e\xfe\x5b\x31\xd5\x3a\xfd\x73\x34\x6e\x49\x14\x4e\x50\x58\x96\x5a\xc4\xc7\xf4\xbe\x05\x64\xa4\xf7\xd7\xe5\xb1\x6d\x33\x0c\xc3"),
 ["\x55\x81\xd4\xc2\x16\x90\x36\x01\x4a\xea\x0b\x9b\x57\x3c\x53\xf0\xc0\xe4\x38\x78\x70\x25\x08\x17\x2f\xa3\xaa\x1d\x07\x13\xd3\x0c"] = CTInfo($description="Sectigo 'Sabre' CT log", $operator="Sectigo", $url="https://sabre.ct.comodo.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xf2\x6f\xd2\x89\x0f\x3f\xc5\xf8\x87\x1e\xab\x65\xb3\xd9\xbb\x17\x23\x8c\x06\x0e\x09\x55\x96\x3d\x0a\x08\xa2\xc5\x71\xb3\xd1\xa9\x2f\x28\x3e\x83\x10\xbf\x12\xd0\x44\x66\x15\xef\x54\xe1\x98\x80\xd0\xce\x24\x6d\x3e\x67\x9a\xe9\x37\x23\xce\x52\x93\x86\xda\x80"),
 ["\x6f\x53\x76\xac\x31\xf0\x31\x19\xd8\x99\x00\xa4\x51\x15\xff\x77\x15\x1c\x11\xd9\x02\xc1\x00\x29\x06\x8d\xb2\x08\x9a\x37\xd9\x13"] = CTInfo($description="Sectigo 'Mammoth' CT log", $operator="Sectigo", $url="https://mammoth.ct.comodo.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xef\xe4\x7d\x74\x2e\x15\x15\xb6\xe9\xbb\x23\x8b\xfb\x2c\xb5\xe1\xc7\x80\x98\x47\xfb\x40\x69\x68\xfc\x49\xad\x61\x4e\x83\x47\x3c\x1a\xb7\x8d\xdf\xff\x7b\x30\xb4\xba\xff\x2f\xcb\xa0\x14\xe3\xad\xd5\x85\x3f\x44\x59\x8c\x8c\x60\x8b\xd7\xb8\xb1\xbf\xae\x8c\x67"),
 ["\xdf\xa5\x5e\xab\x68\x82\x4f\x1f\x6c\xad\xee\xb8\x5f\x4e\x3e\x5a\xea\xcd\xa2\x12\xa4\x6a\x5e\x8e\x3b\x12\xc0\x20\x44\x5c\x2a\x73"] = CTInfo($description="Let's Encrypt 'Oak2022' log", $operator="Let's Encrypt", $url="https://oak.ct.letsencrypt.org/2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x86\x3c\xb1\x0d\x52\x23\x5a\xde\x6e\xf6\xc0\x7f\xa3\x64\xbc\xad\xc1\x89\xda\x97\x59\x4c\x60\x3c\xf8\x8a\x57\x84\x8f\xed\xbc\xa0\x63\x12\x51\x84\xe6\xbd\xdd\x7b\x8c\x80\x7d\xe3\x8f\x86\xa4\xea\xa9\xcf\xa8\xee\xf3\xe0\x5e\x70\xe0\xbb\xf6\xbd\xfc\x1f\x91\x2e"),
 ["\xb7\x3e\xfb\x24\xdf\x9c\x4d\xba\x75\xf2\x39\xc5\xba\x58\xf4\x6c\x5d\xfc\x42\xcf\x7a\x9f\x35\xc4\x9e\x1d\x09\x81\x25\xed\xb4\x99"] = CTInfo($description="Let's Encrypt 'Oak2023' log", $operator="Let's Encrypt", $url="https://oak.ct.letsencrypt.org/2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xb3\x3d\x0e\x78\xbe\xe3\xad\x5c\x44\x5c\x9b\xbe\xa3\x84\x16\x41\x82\xca\xca\x89\x17\x1e\x23\xce\x38\xa5\x54\x2f\x7f\xd3\x34\x51\x6a\xb9\x5c\xc3\x49\xea\xfb\x91\x9d\xe0\x8a\x3c\x73\x06\x9f\x7c\x65\x38\x11\x80\xc4\x9a\x5a\x00\xa6\x67\xc3\x83\xef\x89\x85\x51"),
 ["\x3b\x53\x77\x75\x3e\x2d\xb9\x80\x4e\x8b\x30\x5b\x06\xfe\x40\x3b\x67\xd8\x4f\xc3\xf4\xc7\xbd\x00\x0d\x2d\x72\x6f\xe1\xfa\xd4\x17"] = CTInfo($description="Let's Encrypt 'Oak2024H1' log", $operator="Let's Encrypt", $url="https://oak.ct.letsencrypt.org/2024h1/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x56\x43\xd7\x7e\x7b\xd4\x72\xb7\xba\xa9\x51\xbd\x36\x93\xb7\xe9\xb5\x92\x0f\xea\x5e\xb7\x45\xa3\x92\xfd\xc9\xa5\x3c\x80\xac\x1a\x20\xef\x25\x2f\xb8\xe1\x20\xf7\xa8\x3a\x2e\x07\x8d\xe6\xeb\xa4\xe2\x7d\x24\x63\x9f\x46\xbf\x94\x73\x52\x8d\x96\xae\xa9\x26\xfd"),
 ["\x3f\x17\x4b\x4f\xd7\x22\x47\x58\x94\x1d\x65\x1c\x84\xbe\x0d\x12\xed\x90\x37\x7f\x1f\x85\x6a\xeb\xc1\xbf\x28\x85\xec\xf8\x64\x6e"] = CTInfo($description="Let's Encrypt 'Oak2024H2' log", $operator="Let's Encrypt", $url="https://oak.ct.letsencrypt.org/2024h2/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd7\x73\xd6\x53\x47\xe9\xf3\xc9\xd5\x7c\x16\xc2\xd6\x8f\x70\x65\xfa\xf2\x51\x36\xa9\x13\x80\x2f\xed\xf9\x94\xd3\x5a\x8b\xe8\x4f\x33\xcf\xc3\xd3\x89\xd4\x5f\x5a\x66\x89\xba\x20\x1f\x71\xcb\xca\xbb\x9f\x9f\xf3\x5c\x2d\x1e\xa3\x81\x59\xaf\x92\xb3\x6d\x30\x68"),
 ["\xc3\x65\xf9\xb3\x65\x4f\x32\x83\xc7\x9d\xa9\x8e\x93\xd7\x41\x8f\x5b\xab\x7b\xe3\x25\x2c\x98\xe1\xd2\xf0\x4b\xb9\xeb\x42\x7d\x23"] = CTInfo($description="Trust Asia Log2022", $operator="TrustAsia", $url="https://ct.trustasia.com/log2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xbb\x52\xf2\x16\xcf\x92\x0b\xce\x79\xe6\x54\x6d\xc2\x37\x53\xa4\xf5\xf9\x3a\xa9\xb3\x05\xec\x1d\xbd\x16\xec\x30\xac\x2e\xf8\x79\x62\x35\x15\x8e\x1a\xd8\x16\x2e\xe4\x48\x6b\xf6\xc6\x13\xf1\x96\x2e\x5c\x10\xfe\x19\x1e\xa8\x18\xb8\x0f\x2d\xc3\xa4\x86\x51\x97"),
 ["\xe8\x7e\xa7\x66\x0b\xc2\x6c\xf6\x00\x2e\xf5\x72\x5d\x3f\xe0\xe3\x31\xb9\x39\x3b\xb9\x2f\xbf\x58\xeb\x3b\x90\x49\xda\xf5\x43\x5a"] = CTInfo($description="Trust Asia Log2023", $operator="TrustAsia", $url="https://ct.trustasia.com/log2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xa4\x11\x52\xdb\x17\x41\x4e\x90\xd4\x56\x51\x12\x30\x52\xf8\x9b\x03\xcf\x4c\x9f\xf8\x2e\x38\xb5\xf1\x5a\xba\xfa\x38\xb9\xd2\x8f\x1a\x81\xda\x95\xcc\x33\xec\x21\x28\x66\xc6\x56\x3e\x60\x36\x21\x20\xd9\xd4\xac\x5d\xfa\x5c\x19\xa1\x05\x7d\xfe\x20\x23\xfc\xf5"),
 ["\x87\x4f\xb5\x0d\xc0\x29\xd9\x93\x1d\xe5\x73\xe9\xf2\x89\x9e\x8e\x45\x33\xb3\x92\xd3\x8b\x0a\x46\x25\x74\xbf\x0f\xee\xb2\xfc\x1e"] = CTInfo($description="Trust Asia Log2024-2", $operator="TrustAsia", $url="https://ct2024.trustasia.com/log2024/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xa7\x64\xe2\x79\x81\x3f\x61\xd7\xec\xc6\xf8\x65\x28\x1d\xa0\xb4\x66\x33\xc3\x25\xd5\x0a\x95\x78\x9c\x8f\xfe\xa4\x2a\xd8\x8f\x7e\x72\xe0\xfe\xa8\x7f\xf8\xb1\x2d\x85\xc0\x8e\x12\x74\x0d\x2f\x8c\xab\xd7\x7f\x7a\x1e\xd9\x84\x33\x39\xe8\xfd\x89\x5f\x96\x48\x08"),
 };
--- a/scripts/base/protocols/ssl/main.zeek
+++ b/scripts/base/protocols/ssl/main.zeek
@ -528,5 +528,9 @@ event analyzer_violation_info(atype: AllAnalyzers::Tag, info: AnalyzerViolationI
 	{
 	if ( atype == Analyzer::ANALYZER_SSL || atype == Analyzer::ANALYZER_DTLS )
 		if ( info$c?$ssl )
-			finish(info$c, T);
+			{
 			# analyzer errored out; prevent us from trying to remove it later
 			delete info$c$ssl$analyzer_id;
 			finish(info$c, F);
 			}
 	}
--- a/scripts/base/protocols/ssl/mozilla-ca-list.zeek
+++ b/scripts/base/protocols/ssl/mozilla-ca-list.zeek
--- a/src/3rdparty
+++ b/src/3rdparty
@ -1 +1 @@
-Subproject commit 58e63b262e542895024c821e791214008604cd55
+Subproject commit 410ada8bbe5839807a459a99c1b77221f790f1be
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@ -1,23 +1,15 @@
-include_directories(BEFORE
+include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR}/include
-                    ${CMAKE_CURRENT_SOURCE_DIR}
+                    ${CMAKE_CURRENT_BINARY_DIR} ${CMAKE_CURRENT_BINARY_DIR}/include)
                    ${CMAKE_CURRENT_SOURCE_DIR}/include
                    ${CMAKE_CURRENT_BINARY_DIR}
                    ${CMAKE_CURRENT_BINARY_DIR}/include
 )
 # Force creation of includes symlink. This can't just be in the src directory
 # because MSVC will end up with an include loop.
-execute_process(COMMAND "${CMAKE_COMMAND}" -E make_directory
+execute_process(COMMAND "${CMAKE_COMMAND}" -E make_directory "${CMAKE_CURRENT_SOURCE_DIR}/include")
-                "${CMAKE_CURRENT_SOURCE_DIR}/include")
+execute_process(COMMAND "${CMAKE_COMMAND}" -E create_symlink ".."
 execute_process(COMMAND "${CMAKE_COMMAND}" -E create_symlink
                ".."
                        "${CMAKE_CURRENT_SOURCE_DIR}/include/zeek")
 # Allows header file inclusion via zeek/ within the build tree
-execute_process(COMMAND "${CMAKE_COMMAND}" -E make_directory
+execute_process(COMMAND "${CMAKE_COMMAND}" -E make_directory "${CMAKE_CURRENT_BINARY_DIR}/include")
-                "${CMAKE_CURRENT_BINARY_DIR}/include")
+execute_process(COMMAND "${CMAKE_COMMAND}" -E create_symlink ".."
 execute_process(COMMAND "${CMAKE_COMMAND}" -E create_symlink
                ".."
                        "${CMAKE_CURRENT_BINARY_DIR}/include/zeek")
 # Poor man's JSON escaping as this is rendered into a C string.
@ -26,27 +18,25 @@ string(REPLACE "\n" "\\n" ZEEK_BUILD_INFO_ESCAPED "${ZEEK_BUILD_INFO_ESCAPED}")
 configure_file(version.c.in ${CMAKE_CURRENT_BINARY_DIR}/version.c)
 configure_file(util-config.h.in ${CMAKE_CURRENT_BINARY_DIR}/util-config.h)
-# This creates a custom command to transform a bison output file (inFile)
+# This creates a custom command to transform a bison output file (inFile) into
-# into outFile in order to avoid symbol conflicts:
+# outFile in order to avoid symbol conflicts: - replaces instances of 'yylex' in
-# - replaces instances of 'yylex' in inFile with yylexPrefix
+# inFile with yylexPrefix - replaces instances of 'yy' in inFile with yyPrefix -
-# - replaces instances of 'yy' in inFile with yyPrefix
+# deletes instances of 'extern char.*getenv' in inFile - writes results to
-# - deletes instances of 'extern char.*getenv' in inFile
+# outFile and adds it to list TRANSFORMED_BISON_OUTPUTS
 # - writes results to outFile and adds it to list TRANSFORMED_BISON_OUTPUTS
 macro (REPLACE_YY_PREFIX_TARGET inFile outFile yylexPrefix yyPrefix)
    set(args "\"/extern char.*getenv/d")
    set(args "${args}\;s/yylex/${yylexPrefix}lex/")
    set(args "${args}\;s/yy/${yyPrefix}/g\"" < ${inFile} > ${outFile})
-    add_custom_command(OUTPUT ${outFile}
+    add_custom_command(
-                       COMMAND ${SED_EXE}
+        OUTPUT ${outFile}
-                       ARGS ${args}
+        COMMAND ${SED_EXE} ARGS ${args}
        DEPENDS ${inFile}
-                       COMMENT "[sed] replacing stuff in ${inFile}"
+        COMMENT "[sed] replacing stuff in ${inFile}")
    )
    list(APPEND TRANSFORMED_BISON_OUTPUTS ${outFile})
 endmacro (REPLACE_YY_PREFIX_TARGET)
-########################################################################
+# ##############################################################################
-## Create targets to generate parser and scanner code
+# Create targets to generate parser and scanner code
 set(BISON_FLAGS "--debug")
@ -57,65 +47,56 @@ else()
 endif ()
 # Rule parser/scanner
-bison_target(RuleParser rule-parse.y
+bison_target(
-             ${CMAKE_CURRENT_BINARY_DIR}/rup.cc
+    RuleParser rule-parse.y ${CMAKE_CURRENT_BINARY_DIR}/rup.cc HEADER
-             HEADER ${CMAKE_CURRENT_BINARY_DIR}/rup.h
+    ${CMAKE_CURRENT_BINARY_DIR}/rup.h
    # VERBOSE ${CMAKE_CURRENT_BINARY_DIR}/rule_parse.output
    COMPILE_FLAGS "${BISON_FLAGS}")
 replace_yy_prefix_target(${CMAKE_CURRENT_BINARY_DIR}/rup.cc
-                         ${CMAKE_CURRENT_BINARY_DIR}/rule-parse.cc
+                         ${CMAKE_CURRENT_BINARY_DIR}/rule-parse.cc rules_ rules_)
-                         rules_ rules_)
+replace_yy_prefix_target(${CMAKE_CURRENT_BINARY_DIR}/rup.h ${CMAKE_CURRENT_BINARY_DIR}/rule-parse.h
 replace_yy_prefix_target(${CMAKE_CURRENT_BINARY_DIR}/rup.h
                         ${CMAKE_CURRENT_BINARY_DIR}/rule-parse.h
                         rules_ rules_)
 flex_target(RuleScanner rule-scan.l ${CMAKE_CURRENT_BINARY_DIR}/rule-scan.cc
            COMPILE_FLAGS "-Prules_")
 set_property(SOURCE rule-scan.cc APPEND_STRING PROPERTY COMPILE_FLAGS "${SIGN_COMPARE_FLAG}")
 # RE parser/scanner
-bison_target(REParser re-parse.y
+bison_target(
-             ${CMAKE_CURRENT_BINARY_DIR}/rep.cc
+    REParser re-parse.y ${CMAKE_CURRENT_BINARY_DIR}/rep.cc HEADER
-             HEADER ${CMAKE_CURRENT_BINARY_DIR}/re-parse.h
+    ${CMAKE_CURRENT_BINARY_DIR}/re-parse.h
    # VERBOSE ${CMAKE_CURRENT_BINARY_DIR}/re_parse.output
    COMPILE_FLAGS "${BISON_FLAGS}")
-replace_yy_prefix_target(${CMAKE_CURRENT_BINARY_DIR}/rep.cc
+replace_yy_prefix_target(${CMAKE_CURRENT_BINARY_DIR}/rep.cc ${CMAKE_CURRENT_BINARY_DIR}/re-parse.cc
                         ${CMAKE_CURRENT_BINARY_DIR}/re-parse.cc
                         re_ RE_)
-flex_target(REScanner re-scan.l ${CMAKE_CURRENT_BINARY_DIR}/re-scan.cc
+flex_target(REScanner re-scan.l ${CMAKE_CURRENT_BINARY_DIR}/re-scan.cc COMPILE_FLAGS "-Pre_")
            COMPILE_FLAGS "-Pre_")
 add_flex_bison_dependency(REScanner REParser)
 set_property(SOURCE re-scan.cc APPEND_STRING PROPERTY COMPILE_FLAGS "${SIGN_COMPARE_FLAG}")
 # Parser/Scanner
-bison_target(Parser parse.y
+bison_target(
-             ${CMAKE_CURRENT_BINARY_DIR}/p.cc
+    Parser parse.y ${CMAKE_CURRENT_BINARY_DIR}/p.cc HEADER ${CMAKE_CURRENT_BINARY_DIR}/zeekparse.h
             HEADER ${CMAKE_CURRENT_BINARY_DIR}/zeekparse.h
    # VERBOSE ${CMAKE_CURRENT_BINARY_DIR}/parse.output
    COMPILE_FLAGS "${BISON_FLAGS}")
-replace_yy_prefix_target(${CMAKE_CURRENT_BINARY_DIR}/p.cc
+replace_yy_prefix_target(${CMAKE_CURRENT_BINARY_DIR}/p.cc ${CMAKE_CURRENT_BINARY_DIR}/parse.cc zeek
-                         ${CMAKE_CURRENT_BINARY_DIR}/parse.cc
+                         yy)
-                         zeek yy)
+flex_target(Scanner scan.l ${CMAKE_CURRENT_BINARY_DIR}/scan.cc COMPILE_FLAGS "-Pzeek")
 flex_target(Scanner scan.l ${CMAKE_CURRENT_BINARY_DIR}/scan.cc
            COMPILE_FLAGS "-Pzeek")
 set_property(SOURCE scan.cc APPEND_STRING PROPERTY COMPILE_FLAGS "${SIGN_COMPARE_FLAG}")
 # Add a dependency for the generated files to zeek_autogen_files.
 add_custom_target(
    zeek_bison_outputs
-    DEPENDS
+    DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/parse.cc
        ${CMAKE_CURRENT_BINARY_DIR}/parse.cc
            ${CMAKE_CURRENT_BINARY_DIR}/re-parse.cc
            ${CMAKE_CURRENT_BINARY_DIR}/re-parse.h
            ${CMAKE_CURRENT_BINARY_DIR}/re-scan.cc
            ${CMAKE_CURRENT_BINARY_DIR}/rule-parse.cc
            ${CMAKE_CURRENT_BINARY_DIR}/rule-parse.h
            ${CMAKE_CURRENT_BINARY_DIR}/rule-scan.cc
-        ${CMAKE_CURRENT_BINARY_DIR}/scan.cc
+            ${CMAKE_CURRENT_BINARY_DIR}/scan.cc)
 )
 add_dependencies(zeek_autogen_files zeek_bison_outputs)
-########################################################################
+# ##############################################################################
-## bifcl-dependent targets
+# bifcl-dependent targets
 include(BifCl)
@ -131,34 +112,30 @@ set(BIF_SRCS
    strings.bif
    reporter.bif
    option.bif
-    # Note: the supervisor BIF file is treated like other top-level BIFs
+    # Note: the supervisor BIF file is treated like other top-level BIFs instead
-    # instead of contained in its own subdirectory CMake logic because
+    # of contained in its own subdirectory CMake logic because subdirectory BIFs
-    # subdirectory BIFs are treated differently and don't support being called
+    # are treated differently and don't support being called *during* parsing
-    # *during* parsing (e.g. within an @if directive).
+    # (e.g. within an @if directive).
    supervisor/supervisor.bif
-    # The packet analysis BIF is treated like other top-level BIFs because
+    # The packet analysis BIF is treated like other top-level BIFs because it's
-    # it's needed before parsing the packet protocol scripts, which happen
+    # needed before parsing the packet protocol scripts, which happen very near
-    # very near to the start of parsing.
+    # to the start of parsing.
    packet_analysis/packet_analysis.bif
-    # The C++ loading BIF is treated like other top-level BIFs to give
+    # The C++ loading BIF is treated like other top-level BIFs to give us
-    # us flexibility regarding when it's called.
+    # flexibility regarding when it's called.
-    script_opt/CPP/CPP-load.bif
+    script_opt/CPP/CPP-load.bif)
 )
 foreach (bift ${BIF_SRCS})
    bif_target(${bift} "standard")
 endforeach ()
-########################################################################
+# ##############################################################################
-## BinPAC-dependent targets
+# BinPAC-dependent targets
 include(BinPAC)
-set(BINPAC_AUXSRC
+set(BINPAC_AUXSRC ${CMAKE_CURRENT_SOURCE_DIR}/binpac.pac ${CMAKE_CURRENT_SOURCE_DIR}/zeek.pac
-    ${CMAKE_CURRENT_SOURCE_DIR}/binpac.pac
+                  ${CMAKE_CURRENT_SOURCE_DIR}/binpac_zeek.h)
    ${CMAKE_CURRENT_SOURCE_DIR}/zeek.pac
    ${CMAKE_CURRENT_SOURCE_DIR}/binpac_zeek.h
 )
 set(BINPAC_OUTPUTS "")
@ -168,8 +145,8 @@ list(APPEND BINPAC_OUTPUTS "${BINPAC_OUTPUT_CC}")
 binpac_target(binpac_zeek-lib.pac)
 list(APPEND BINPAC_OUTPUTS "${BINPAC_OUTPUT_CC}")
-########################################################################
+# ##############################################################################
-## Gen-ZAM setup
+# Gen-ZAM setup
 include(Gen-ZAM)
@ -177,9 +154,9 @@ set(GEN_ZAM_SRC ${CMAKE_CURRENT_SOURCE_DIR}/script_opt/ZAM/Ops.in)
 gen_zam_target(${GEN_ZAM_SRC})
-########################################################################
+# ##############################################################################
-## Including subdirectories.
+# Including subdirectories.
-########################################################################
+# ##############################################################################
 option(USE_SQLITE "Should Zeek use SQLite?" ON)
@ -195,8 +172,8 @@ add_subdirectory(logging)
 add_subdirectory(probabilistic)
 add_subdirectory(session)
-########################################################################
+# ##############################################################################
-## Build in the discovered external plugins and create the autogenerated scripts.
+# Build in the discovered external plugins and create the autogenerated scripts.
 set(PRELOAD_SCRIPT ${PROJECT_BINARY_DIR}/scripts/builtin-plugins/__preload__.zeek)
 file(WRITE ${PRELOAD_SCRIPT} "# Warning, this is an autogenerated file!\n")
@ -204,8 +181,8 @@ set(LOAD_SCRIPT ${PROJECT_BINARY_DIR}/scripts/builtin-plugins/__load__.zeek)
 file(WRITE ${LOAD_SCRIPT} "# Warning, this is an autogenerated file!\n")
 # TODO: this really should be a function to make sure we have an isolated scope.
-#       However, for historic reasons, we're not doing that yet. Some plugin
+# However, for historic reasons, we're not doing that yet. Some plugin modify
-#       modify global state such as `zeekdeps`.
+# global state such as `zeekdeps`.
 macro (add_extra_builtin_plugin plugin_dir)
    get_filename_component(plugin_name "${plugin_dir}" NAME)
@ -231,13 +208,13 @@ endforeach()
 install(FILES ${PRELOAD_SCRIPT} DESTINATION ${ZEEK_SCRIPT_INSTALL_PATH}/builtin-plugins/)
 install(FILES ${LOAD_SCRIPT} DESTINATION ${ZEEK_SCRIPT_INSTALL_PATH}/builtin-plugins/)
-########################################################################
+# ##############################################################################
-## This has to happen after the parts for builtin plugins, or else
+# This has to happen after the parts for builtin plugins, or else symbols are
-## symbols are missing when it goes to link the fuzzer binaries.
+# missing when it goes to link the fuzzer binaries.
 add_subdirectory(fuzzers)
-########################################################################
+# ##############################################################################
-## zeek target
+# zeek target
 find_package(Threads)
@ -249,8 +226,8 @@ if (POLICY CMP0012)
    cmake_policy(SET CMP0012 NEW)
 endif ()
-# This macro stores associated headers for any C/C++ source files given
+# This macro stores associated headers for any C/C++ source files given as
-# as arguments (past _var) as a list in the CMake variable named "_var".
+# arguments (past _var) as a list in the CMake variable named "_var".
 macro (COLLECT_HEADERS _var)
    foreach (src ${ARGN})
        get_filename_component(ext ${src} EXT)
@ -270,30 +247,25 @@ endmacro(COLLECT_HEADERS _var)
 cmake_policy(POP)
-# define a command that's used to run the make_dbg_constants.py script
+# define a command that's used to run the make_dbg_constants.py script building
-# building the zeek binary depends on the outputs of this script
+# the zeek binary depends on the outputs of this script
-add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/DebugCmdConstants.h
+add_custom_command(
    OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/DebugCmdConstants.h
           ${CMAKE_CURRENT_BINARY_DIR}/DebugCmdInfoConstants.cc
-                   COMMAND ${PYTHON_EXECUTABLE}
+    COMMAND ${PYTHON_EXECUTABLE} ARGS ${CMAKE_CURRENT_SOURCE_DIR}/make_dbg_constants.py
                   ARGS ${CMAKE_CURRENT_SOURCE_DIR}/make_dbg_constants.py
            ${CMAKE_CURRENT_SOURCE_DIR}/DebugCmdInfoConstants.in
    DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/make_dbg_constants.py
            ${CMAKE_CURRENT_SOURCE_DIR}/DebugCmdInfoConstants.in
    COMMENT "[Python] Processing debug commands"
-                   WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
+    WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR})
 )
-add_custom_target(
+add_custom_target(zeek_debugcmd_gen DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/DebugCmdConstants.h
-  zeek_debugcmd_gen
+                                            ${CMAKE_CURRENT_BINARY_DIR}/DebugCmdInfoConstants.cc)
  DEPENDS
    ${CMAKE_CURRENT_BINARY_DIR}/DebugCmdConstants.h
    ${CMAKE_CURRENT_BINARY_DIR}/DebugCmdInfoConstants.cc
 )
 add_dependencies(zeek_autogen_files zeek_debugcmd_gen)
 set(_gen_zeek_script_cpp ${CMAKE_CURRENT_BINARY_DIR}/../CPP-gen.cc)
-add_custom_command(OUTPUT ${_gen_zeek_script_cpp}
+add_custom_command(OUTPUT ${_gen_zeek_script_cpp} COMMAND ${CMAKE_COMMAND} -E touch
-		   COMMAND ${CMAKE_COMMAND} -E touch ${_gen_zeek_script_cpp})
+                                                          ${_gen_zeek_script_cpp})
 if (!MSVC)
    set_source_files_properties(legacy-netvar-init.cc PROPERTIES COMPILE_FLAGS
@ -386,9 +358,7 @@ set(MAIN_SRCS
    ZeekArgs.cc
    ZeekString.cc
    ZVal.cc
    ${SUPERVISOR_SRCS}
    threading/BasicThread.cc
    threading/Formatter.cc
    threading/Manager.cc
@ -396,12 +366,10 @@ set(MAIN_SRCS
    threading/SerialTypes.cc
    threading/formatters/Ascii.cc
    threading/formatters/JSON.cc
    plugin/Component.cc
    plugin/ComponentManager.h
    plugin/Manager.cc
    plugin/Plugin.cc
    script_opt/CPP/Attrs.cc
    script_opt/CPP/Consts.cc
    script_opt/CPP/DeclFunc.cc
@ -421,9 +389,7 @@ set(MAIN_SRCS
    script_opt/CPP/Types.cc
    script_opt/CPP/Util.cc
    script_opt/CPP/Vars.cc
    ${_gen_zeek_script_cpp}
    script_opt/Expr.cc
    script_opt/GenIDDefs.cc
    script_opt/IDOptInfo.cc
@ -435,7 +401,6 @@ set(MAIN_SRCS
    script_opt/TempVar.cc
    script_opt/UsageAnalyzer.cc
    script_opt/UseDefs.cc
    script_opt/ZAM/AM-Opt.cc
    script_opt/ZAM/Branches.cc
    script_opt/ZAM/BuiltIn.cc
@ -450,9 +415,7 @@ set(MAIN_SRCS
    script_opt/ZAM/ZBody.cc
    script_opt/ZAM/ZInst.cc
    script_opt/ZAM/ZOp.cc
-
+    digest.h)
    digest.h
 )
 set(THIRD_PARTY_SRCS
    3rdparty/bro_inet_ntop.c # Remove in v6.1.
@ -464,10 +427,10 @@ set(THIRD_PARTY_SRCS
    3rdparty/patricia.c
    3rdparty/setsignal.c
    $<$<BOOL:USE_SQLITE>:3rdparty/sqlite3.c>
-    3rdparty/strsep.c
+    3rdparty/strsep.c)
 )
-# Highwayhash. Highwayhash is a bit special since it has architecture dependent code...
+# Highwayhash. Highwayhash is a bit special since it has architecture dependent
 # code...
 set(hhash_dir ${PROJECT_SOURCE_DIR}/auxil/highwayhash/highwayhash)
 zeek_add_subdir_library(
    hhash
@ -479,54 +442,43 @@ zeek_add_subdir_library(
    ${hhash_dir}/instruction_sets.cc
    ${hhash_dir}/nanobenchmark.cc
    ${hhash_dir}/os_specific.cc
-        ${hhash_dir}/hh_portable.cc
+    ${hhash_dir}/hh_portable.cc)
 )
 if (${COMPILER_ARCHITECTURE} STREQUAL "arm")
-  check_c_source_compiles("
+    check_c_source_compiles(
        "
      #if defined(__ARM_NEON__) || defined(__ARM_NEON)
      int main() { return 0; }
      #else
      #error
      #endif
-  " test_arm_neon)
+  "
        test_arm_neon)
    if (test_arm_neon)
        target_sources(zeek_hhash_obj PRIVATE ${hhash_dir}/hh_neon.cc)
    endif ()
-  target_compile_options(
+    target_compile_options(zeek_hhash_obj PRIVATE -mfloat-abi=hard -march=armv7-a -mfpu=neon)
    zeek_hhash_obj
    PRIVATE
      -mfloat-abi=hard
      -march=armv7-a
      -mfpu=neon
  )
 elseif (${COMPILER_ARCHITECTURE} STREQUAL "aarch64")
    target_sources(zeek_hhash_obj PRIVATE ${hhash_dir}/hh_neon.cc)
 elseif (${COMPILER_ARCHITECTURE} STREQUAL "power")
    target_sources(zeek_hhash_obj PRIVATE ${hhash_dir}/hh_vsx.cc)
-  set_source_files_properties(${hhash_dir}/hh_vsx.cc PROPERTIES COMPILE_FLAGS
+    set_source_files_properties(${hhash_dir}/hh_vsx.cc PROPERTIES COMPILE_FLAGS -mvsx)
                              -mvsx)
 elseif (${COMPILER_ARCHITECTURE} STREQUAL "x86_64")
-  target_sources(
+    target_sources(zeek_hhash_obj PRIVATE ${hhash_dir}/hh_avx2.cc ${hhash_dir}/hh_sse41.cc)
    zeek_hhash_obj
    PRIVATE
      ${hhash_dir}/hh_avx2.cc
      ${hhash_dir}/hh_sse41.cc)
    if (MSVC)
        set(_avx_flag /arch:AVX2)
-    # Using an undocumentd compiler flag: https://stackoverflow.com/questions/64053597/how-do-i-enable-sse4-1-and-sse3-but-not-avx-in-msvc/69328426#69328426
+        # Using an undocumentd compiler flag:
        # https://stackoverflow.com/questions/64053597/how-do-i-enable-sse4-1-and-sse3-but-not-avx-in-msvc/69328426#69328426
        set(_sse_flag /d2archSSE42)
    else ()
        set(_avx_flag -mavx2)
        set(_sse_flag -msse4.1)
    endif ()
-  set_source_files_properties(${hhash_dir}/hh_avx2.cc PROPERTIES COMPILE_FLAGS
+    set_source_files_properties(${hhash_dir}/hh_avx2.cc PROPERTIES COMPILE_FLAGS ${_avx_flag})
-                              ${_avx_flag})
+    set_source_files_properties(${hhash_dir}/hh_sse41.cc PROPERTIES COMPILE_FLAGS ${_sse_flag})
  set_source_files_properties(${hhash_dir}/hh_sse41.cc PROPERTIES COMPILE_FLAGS
                              ${_sse_flag})
 endif ()
 set(zeek_SRCS
@ -550,8 +502,7 @@ set(zeek_SRCS
    ${CMAKE_CURRENT_BINARY_DIR}/ZAM-MethodDecls.h
    ${THIRD_PARTY_SRCS}
    ${HH_SRCS}
-    ${MAIN_SRCS}
+    ${MAIN_SRCS})
 )
 collect_headers(zeek_HEADERS ${zeek_SRCS})
@ -564,9 +515,10 @@ zeek_target_link_libraries(zeek_objs)
 if (TARGET zeek_exe)
    target_sources(zeek_exe PRIVATE main.cc ${zeek_HEADERS})
-    # npcap/winpcap need to be loaded in delayed mode so that we can set the load path
+    # npcap/winpcap need to be loaded in delayed mode so that we can set the load
-    # correctly at runtime. See https://npcap.com/guide/npcap-devguide.html#npcap-feature-native
+    # path correctly at runtime. See
-    # for why this is necessary.
+    # https://npcap.com/guide/npcap-devguide.html#npcap-feature-native for why
    # this is necessary.
    if (MSVC AND HAVE_WPCAP)
        set(zeekdeps ${zeekdeps} delayimp.lib)
        set_target_properties(zeek_exe PROPERTIES LINK_FLAGS "/DELAYLOAD:wpcap.dll")
@ -586,12 +538,7 @@ endif()
 if (TARGET zeek_lib)
    target_sources(zeek_lib PRIVATE ${zeek_HEADERS})
-    target_link_libraries(
+    target_link_libraries(zeek_lib PUBLIC ${zeekdeps} ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS})
        zeek_lib
        PUBLIC
            ${zeekdeps}
            ${CMAKE_THREAD_LIBS_INIT}
            ${CMAKE_DL_LIBS})
 endif ()
 zeek_include_directories(
@ -601,21 +548,23 @@ zeek_include_directories(
    ${CMAKE_CURRENT_BINARY_DIR}
    ${CMAKE_CURRENT_SOURCE_DIR}/include
    ${CMAKE_SOURCE_DIR}/zeek/src
-    ${CMAKE_SOURCE_DIR}/zeek/src/include
+    ${CMAKE_SOURCE_DIR}/zeek/src/include)
 )
 # Install *.bif.zeek.
-install(DIRECTORY ${PROJECT_BINARY_DIR}/scripts/base/bif DESTINATION ${ZEEK_SCRIPT_INSTALL_PATH}/base)
+install(DIRECTORY ${PROJECT_BINARY_DIR}/scripts/base/bif
        DESTINATION ${ZEEK_SCRIPT_INSTALL_PATH}/base)
 # Create plugin directory at install time.
 install(DIRECTORY DESTINATION ${ZEEK_PLUGIN_DIR})
 # Make clean removes the bif directory.
-set_directory_properties(PROPERTIES ADDITIONAL_MAKE_CLEAN_FILES ${PROJECT_BINARY_DIR}/scripts/base/bif)
+set_directory_properties(PROPERTIES ADDITIONAL_MAKE_CLEAN_FILES
                                    ${PROJECT_BINARY_DIR}/scripts/base/bif)
-# Remove some stale files and scripts that previous Zeek versions put in
+# Remove some stale files and scripts that previous Zeek versions put in place,
-# place, yet make confuse us now. This makes upgrading easier.
+# yet make confuse us now. This makes upgrading easier.
-install(CODE "
+install(
    CODE "
   file(REMOVE_RECURSE
       ${ZEEK_SCRIPT_INSTALL_PATH}/base/frameworks/logging/writers/dataseries.bro
       ${ZEEK_SCRIPT_INSTALL_PATH}/base/frameworks/logging/writers/elasticsearch.bro
@ -623,19 +572,21 @@ install(CODE "
   )
 ")
-# Make sure to escape a bunch of special characters in the path before trying to use it as a
+# Make sure to escape a bunch of special characters in the path before trying to
-# regular expression below.
+# use it as a regular expression below.
-string(REGEX REPLACE "([][+.*()^])" "\\\\\\1" escaped_include_path "${CMAKE_CURRENT_SOURCE_DIR}/include/*")
+string(REGEX REPLACE "([][+.*()^])" "\\\\\\1" escaped_include_path
                     "${CMAKE_CURRENT_SOURCE_DIR}/include/*")
 if (WIN32)
-    install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/windows/usr.include/
+    install(
        DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/windows/usr.include/
        DESTINATION include/
        FILES_MATCHING
-            PATTERN "*.h"
+        PATTERN "*.h")
    )
 endif ()
-install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/
+install(
    DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/
    DESTINATION include/zeek
    FILES_MATCHING
    PATTERN "*.h"
@ -643,15 +594,14 @@ install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/
    PATTERN "3rdparty/*" EXCLUDE
    # The "zeek -> ." symlink isn't needed in the install-tree
    REGEX "${escaped_include_path}$" EXCLUDE
    # FILES_MATCHING creates empty directories:
-	# https://gitlab.kitware.com/cmake/cmake/-/issues/17122
+    # https://gitlab.kitware.com/cmake/cmake/-/issues/17122 Exclude the ones that
-	# Exclude the ones that this affects explicitly.
+    # this affects explicitly.
    PATTERN "script_opt/CPP/maint" EXCLUDE
-	PATTERN "fuzzers/corpora" EXCLUDE
+    PATTERN "fuzzers/corpora" EXCLUDE)
 )
-install(DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/
+install(
    DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/
    DESTINATION include/zeek
    FILES_MATCHING
    PATTERN "*.bif.func_h"
@ -659,11 +609,10 @@ install(DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/
    PATTERN "*.bif.h"
    PATTERN "CMakeFiles" EXCLUDE
    # The "include/zeek -> .." symlink isn't needed in the install-tree
-        REGEX "${escaped_include_path}$" EXCLUDE
+    REGEX "${escaped_include_path}$" EXCLUDE)
 )
-install(FILES
+install(
-        ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/ConvertUTF.h
+    FILES ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/ConvertUTF.h
          ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/bro_inet_ntop.h # Remove in v6.1
          ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/zeek_inet_ntop.h
          ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/bsd-getopt-long.h
@ -672,11 +621,10 @@ install(FILES
          ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/setsignal.h
          $<$<BOOL:USE_SQLITE>:${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/sqlite3.h>
          ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/doctest.h
-        DESTINATION include/zeek/3rdparty
+    DESTINATION include/zeek/3rdparty)
 )
-########################################################################
+# ##############################################################################
-## Clang-tidy target now that we have all of the sources
+# Clang-tidy target now that we have all of the sources
 add_clang_tidy_files(${MAIN_SRCS})
@ -685,8 +633,8 @@ add_clang_tidy_files(${MAIN_SRCS})
 # *.bif.register.cc)
 create_clang_tidy_target()
-########################################################################
+# ##############################################################################
-## CTest setup.
+# CTest setup.
 # Scan all .cc files for TEST_CASE macros and generate CTest targets.
 if (ENABLE_ZEEK_UNIT_TESTS)
@ -699,9 +647,8 @@ if (ENABLE_ZEEK_UNIT_TESTS)
        endforeach ()
    endforeach ()
    list(LENGTH test_cases num_test_cases)
-    MESSAGE(STATUS "-- Found ${num_test_cases} test cases for CTest")
+    message(STATUS "-- Found ${num_test_cases} test cases for CTest")
    foreach (test_case ${test_cases})
-        add_test(NAME "\"${test_case}\""
+        add_test(NAME "\"${test_case}\"" COMMAND zeek --test "--test-case=${test_case}")
                 COMMAND zeek --test "--test-case=${test_case}")
    endforeach ()
 endif ()
--- a/src/Val.cc
+++ b/src/Val.cc
@ -6,6 +6,9 @@
 #include <netdb.h>
 #include <netinet/in.h>
 #define RAPIDJSON_HAS_STDSTRING 1
 #include <rapidjson/document.h>
 #include <rapidjson/error/en.h>
 #include <sys/param.h>
 #include <sys/types.h>
 #include <unistd.h>
@ -1061,6 +1064,333 @@ StringValPtr StringVal::Replace(RE_Matcher* re, const String& repl, bool do_all)
 	return make_intrusive<StringVal>(new String(true, result, r - result));
 	}
 static std::variant<ValPtr, std::string> BuildVal(const rapidjson::Value& j, const TypePtr& t)
 	{
 	auto mismatch_err = [t, &j]()
 	{
 		std::string json_type;
 		switch ( j.GetType() )
 			{
 			case rapidjson::Type::kNullType:
 				json_type = "null";
 				break;
 			case rapidjson::Type::kFalseType:
 			case rapidjson::Type::kTrueType:
 				json_type = "bool";
 				break;
 			case rapidjson::Type::kObjectType:
 				json_type = "object";
 				break;
 			case rapidjson::Type::kArrayType:
 				json_type = "array";
 				break;
 			case rapidjson::Type::kStringType:
 				json_type = "string";
 				break;
 			case rapidjson::Type::kNumberType:
 				json_type = "number";
 				break;
 			default:
 				json_type = "unknown";
 			}
 		return util::fmt("cannot convert JSON type '%s' to Zeek type '%s'", json_type.c_str(),
 		                 type_name(t->Tag()));
 	};
 	if ( j.IsNull() )
 		return Val::nil;
 	switch ( t->Tag() )
 		{
 		case TYPE_BOOL:
 			{
 			if ( ! j.IsBool() )
 				return mismatch_err();
 			return val_mgr->Bool(j.GetBool());
 			}
 		case TYPE_INT:
 			{
 			if ( ! j.IsInt64() )
 				return mismatch_err();
 			return val_mgr->Int(j.GetInt64());
 			}
 		case TYPE_COUNT:
 			{
 			if ( ! j.IsUint64() )
 				return mismatch_err();
 			return val_mgr->Count(j.GetUint64());
 			}
 		case TYPE_TIME:
 			{
 			if ( ! j.IsNumber() )
 				return mismatch_err();
 			return make_intrusive<TimeVal>(j.GetDouble());
 			}
 		case TYPE_DOUBLE:
 			{
 			if ( ! j.IsNumber() )
 				return mismatch_err();
 			return make_intrusive<DoubleVal>(j.GetDouble());
 			}
 		case TYPE_INTERVAL:
 			{
 			if ( ! j.IsNumber() )
 				return mismatch_err();
 			return make_intrusive<IntervalVal>(j.GetDouble());
 			}
 		case TYPE_PORT:
 			{
 			if ( ! j.IsString() )
 				return mismatch_err();
 			int port = 0;
 			if ( j.GetStringLength() > 0 && j.GetStringLength() < 10 )
 				{
 				char* slash;
 				errno = 0;
 				port = strtol(j.GetString(), &slash, 10);
 				if ( ! errno )
 					{
 					++slash;
 					if ( util::streq(slash, "tcp") )
 						return val_mgr->Port(port, TRANSPORT_TCP);
 					else if ( util::streq(slash, "udp") )
 						return val_mgr->Port(port, TRANSPORT_UDP);
 					else if ( util::streq(slash, "icmp") )
 						return val_mgr->Port(port, TRANSPORT_ICMP);
 					else if ( util::streq(slash, "unknown") )
 						return val_mgr->Port(port, TRANSPORT_UNKNOWN);
 					}
 				}
 			return "wrong port format, must be /[0-9]{1,5}\\/(tcp|udp|icmp|unknown)/";
 			}
 		case TYPE_PATTERN:
 			{
 			if ( ! j.IsString() )
 				return mismatch_err();
 			std::string candidate(j.GetString(), j.GetStringLength());
 			if ( candidate.size() > 2 && candidate.front() == candidate.back() &&
 			     candidate.back() == '/' )
 				{
 				// Remove the '/'s
 				candidate.erase(0, 1);
 				candidate.erase(candidate.size() - 1);
 				}
 			auto re = std::make_unique<RE_Matcher>(candidate.c_str());
 			if ( ! re->Compile() )
 				return "error compiling pattern";
 			return make_intrusive<PatternVal>(re.release());
 			}
 		case TYPE_ADDR:
 		case TYPE_SUBNET:
 			{
 			if ( ! j.IsString() )
 				return mismatch_err();
 			int width = 0;
 			std::string candidate;
 			if ( t->Tag() == TYPE_ADDR )
 				candidate = std::string(j.GetString(), j.GetStringLength());
 			else
 				{
 				std::string_view subnet_sv(j.GetString(), j.GetStringLength());
 				auto pos = subnet_sv.find('/');
 				if ( pos == subnet_sv.npos )
 					return util::fmt("invalid value for subnet: '%s'", j.GetString());
 				candidate = std::string(j.GetString(), pos);
 				errno = 0;
 				char* end;
 				width = strtol(subnet_sv.data() + pos + 1, &end, 10);
 				if ( subnet_sv.data() + pos + 1 == end || errno )
 					return util::fmt("invalid value for subnet: '%s'", j.GetString());
 				}
 			if ( candidate.front() == '[' )
 				candidate.erase(0, 1);
 			if ( candidate.back() == ']' )
 				candidate.erase(candidate.size() - 1);
 			if ( t->Tag() == TYPE_ADDR )
 				return make_intrusive<AddrVal>(candidate);
 			else
 				return make_intrusive<SubNetVal>(candidate.c_str(), width);
 			}
 		case TYPE_ENUM:
 			{
 			if ( ! j.IsString() )
 				return mismatch_err();
 			auto et = t->AsEnumType();
 			auto intval = et->Lookup({j.GetString(), j.GetStringLength()});
 			if ( intval < 0 )
 				return util::fmt("'%s' is not a valid enum for '%s'.", j.GetString(),
 				                 et->GetName().c_str());
 			return et->GetEnumVal(intval);
 			}
 		case TYPE_STRING:
 			{
 			if ( ! j.IsString() )
 				return mismatch_err();
 			return make_intrusive<StringVal>(j.GetStringLength(), j.GetString());
 			}
 		case TYPE_TABLE:
 			{
 			if ( ! j.IsArray() )
 				return mismatch_err();
 			if ( ! t->IsSet() )
 				return util::fmt("tables are not supported");
 			auto tt = t->AsSetType();
 			auto tl = tt->GetIndices();
 			auto tv = make_intrusive<TableVal>(IntrusivePtr{NewRef{}, tt});
 			for ( const auto& item : j.GetArray() )
 				{
 				std::variant<ValPtr, std::string> v;
 				if ( tl->GetTypes().size() == 1 )
 					v = BuildVal(item, tl->GetPureType());
 				else
 					v = BuildVal(item, tl);
 				if ( ! get_if<ValPtr>(&v) )
 					return v;
 				if ( ! std::get<ValPtr>(v) )
 					continue;
 				tv->Assign(std::move(std::get<ValPtr>(v)), nullptr);
 				}
 			return tv;
 			}
 		case TYPE_RECORD:
 			{
 			if ( ! j.IsObject() )
 				return mismatch_err();
 			auto rt = t->AsRecordType();
 			auto rv = make_intrusive<RecordVal>(IntrusivePtr{NewRef{}, rt});
 			for ( int i = 0; i < rt->NumFields(); ++i )
 				{
 				auto td_i = rt->FieldDecl(i);
 				auto m_it = j.FindMember(td_i->id);
 				bool has_member = m_it != j.MemberEnd();
 				bool member_is_null = has_member && m_it->value.IsNull();
 				if ( ! has_member || member_is_null )
 					{
 					if ( ! td_i->GetAttr(detail::ATTR_OPTIONAL) &&
 					     ! td_i->GetAttr(detail::ATTR_DEFAULT) )
 						return util::fmt("required field %s$%s is %s in JSON", t->GetName().c_str(),
 						                 td_i->id, member_is_null ? "null" : "missing");
 					continue;
 					}
 				auto v = BuildVal(m_it->value, td_i->type);
 				if ( ! get_if<ValPtr>(&v) )
 					return v;
 				rv->Assign(i, std::move(std::get<ValPtr>(v)));
 				}
 			return rv;
 			}
 		case TYPE_LIST:
 			{
 			if ( ! j.IsArray() )
 				return mismatch_err();
 			auto lt = t->AsTypeList();
 			if ( j.GetArray().Size() < lt->GetTypes().size() )
 				return "index type doesn't match";
 			auto lv = make_intrusive<ListVal>(TYPE_ANY);
 			for ( size_t i = 0; i < lt->GetTypes().size(); i++ )
 				{
 				auto v = BuildVal(j.GetArray()[i], lt->GetTypes()[i]);
 				if ( ! get_if<ValPtr>(&v) )
 					return v;
 				lv->Append(std::move(std::get<ValPtr>(v)));
 				}
 			return lv;
 			}
 		case TYPE_VECTOR:
 			{
 			if ( ! j.IsArray() )
 				return mismatch_err();
 			auto vt = t->AsVectorType();
 			auto vv = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, vt});
 			for ( const auto& item : j.GetArray() )
 				{
 				auto v = BuildVal(item, vt->Yield());
 				if ( ! get_if<ValPtr>(&v) )
 					return v;
 				if ( ! std::get<ValPtr>(v) )
 					continue;
 				vv->Assign(vv->Size(), std::move(std::get<ValPtr>(v)));
 				}
 			return vv;
 			}
 		default:
 			return util::fmt("type '%s' unsupport", type_name(t->Tag()));
 		}
 	}
 std::variant<ValPtr, std::string> detail::ValFromJSON(std::string_view json_str, const TypePtr& t)
 	{
 	rapidjson::Document doc;
 	rapidjson::ParseResult ok = doc.Parse(json_str.data(), json_str.length());
 	if ( ! ok )
 		return util::fmt("JSON parse error: %s Offset: %lu", rapidjson::GetParseError_En(ok.Code()),
 		                 ok.Offset());
 	return BuildVal(doc, t);
 	}
 ValPtr StringVal::DoClone(CloneState* state)
 	{
 	// We could likely treat this type as immutable and return a reference
--- a/src/Val.h
+++ b/src/Val.h
@ -6,6 +6,7 @@
 #include <array>
 #include <list>
 #include <unordered_map>
 #include <variant>
 #include <vector>
 #include "zeek/IntrusivePtr.h"
@ -1794,4 +1795,12 @@ extern bool can_cast_value_to_type(const Val* v, Type* t);
 // specific instance later.
 extern bool can_cast_value_to_type(const Type* s, Type* t);
 namespace detail
 	{
 // Parses a JSON string into arbitrary Zeek data using std::variant to simulate functional exception
 // handling. Returns a ValPtr if parsing was successful, or a std::string containing an error
 // message if an error occurred.
 extern std::variant<ValPtr, std::string> ValFromJSON(std::string_view json_str, const TypePtr& t);
 	}
 	} // namespace zeek
--- a/src/analyzer/CMakeLists.txt
+++ b/src/analyzer/CMakeLists.txt
@ -1,12 +1,14 @@
 zeek_add_subdir_library(
    analyzer
-    INTERNAL_DEPENDENCIES ${BIF_BUILD_TARGET}
+    INTERNAL_DEPENDENCIES
-    INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}
+    ${BIF_BUILD_TARGET}
    INCLUDE_DIRS
    ${CMAKE_CURRENT_SOURCE_DIR}
    ${CMAKE_CURRENT_BINARY_DIR}
    SOURCES
    Analyzer.cc
    Component.cc
-        Manager.cc
+    Manager.cc)
 )
 # Treat BIFs as builtin (alternative mode).
 bif_target(analyzer.bif)
--- a/src/analyzer/protocol/bittorrent/CMakeLists.txt
+++ b/src/analyzer/protocol/bittorrent/CMakeLists.txt
@ -10,5 +10,4 @@ zeek_add_plugin(
    PAC
    bittorrent.pac
    bittorrent-analyzer.pac
-        bittorrent-protocol.pac
+    bittorrent-protocol.pac)
 )
--- a/src/analyzer/protocol/conn-size/CMakeLists.txt
+++ b/src/analyzer/protocol/conn-size/CMakeLists.txt
@ -6,5 +6,4 @@ zeek_add_plugin(
    Plugin.cc
    BIFS
    events.bif
-        functions.bif
+    functions.bif)
 )
--- a/src/analyzer/protocol/dce-rpc/CMakeLists.txt
+++ b/src/analyzer/protocol/dce-rpc/CMakeLists.txt
@ -14,5 +14,4 @@ zeek_add_plugin(
    dce_rpc-analyzer.pac
    dce_rpc-auth.pac
    endpoint-atsvc.pac
-        endpoint-epmapper.pac
+    endpoint-epmapper.pac)
 )
--- a/src/analyzer/protocol/dhcp/CMakeLists.txt
+++ b/src/analyzer/protocol/dhcp/CMakeLists.txt
@ -11,5 +11,4 @@ zeek_add_plugin(
    dhcp.pac
    dhcp-protocol.pac
    dhcp-analyzer.pac
-        dhcp-options.pac
+    dhcp-options.pac)
 )
--- a/src/analyzer/protocol/dnp3/CMakeLists.txt
+++ b/src/analyzer/protocol/dnp3/CMakeLists.txt
@ -10,5 +10,4 @@ zeek_add_plugin(
    dnp3.pac
    dnp3-analyzer.pac
    dnp3-protocol.pac
-        dnp3-objects.pac
+    dnp3-objects.pac)
 )
--- a/src/analyzer/protocol/dns/CMakeLists.txt
+++ b/src/analyzer/protocol/dns/CMakeLists.txt
@ -5,5 +5,4 @@ zeek_add_plugin(
    DNS.cc
    Plugin.cc
    BIFS
-        events.bif
+    events.bif)
 )
--- a/src/analyzer/protocol/file/CMakeLists.txt
+++ b/src/analyzer/protocol/file/CMakeLists.txt
@ -5,5 +5,4 @@ zeek_add_plugin(
    File.cc
    Plugin.cc
    BIFS
-        events.bif
+    events.bif)
 )
--- a/src/analyzer/protocol/finger/CMakeLists.txt
+++ b/src/analyzer/protocol/finger/CMakeLists.txt
@ -5,5 +5,4 @@ spicy_add_analyzer(
    finger.spicy
    finger.evt
    LEGACY
-    legacy
+    legacy)
 )
--- a/src/analyzer/protocol/finger/legacy/CMakeLists.txt
+++ b/src/analyzer/protocol/finger/legacy/CMakeLists.txt
@ -5,5 +5,4 @@ zeek_add_plugin(
    Finger.cc
    Plugin.cc
    BIFS
-        events.bif
+    events.bif)
 )
--- a/src/analyzer/protocol/ftp/CMakeLists.txt
+++ b/src/analyzer/protocol/ftp/CMakeLists.txt
@ -6,5 +6,4 @@ zeek_add_plugin(
    Plugin.cc
    BIFS
    events.bif
-        functions.bif
+    functions.bif)
 )
--- a/src/analyzer/protocol/gnutella/CMakeLists.txt
+++ b/src/analyzer/protocol/gnutella/CMakeLists.txt
@ -5,5 +5,4 @@ zeek_add_plugin(
    Gnutella.cc
    Plugin.cc
    BIFS
-        events.bif
+    events.bif)
 )
--- a/src/analyzer/protocol/gssapi/CMakeLists.txt
+++ b/src/analyzer/protocol/gssapi/CMakeLists.txt
@ -10,5 +10,4 @@ zeek_add_plugin(
    gssapi.pac
    gssapi-protocol.pac
    gssapi-analyzer.pac
-        ${PROJECT_SOURCE_DIR}/src/analyzer/protocol/asn1/asn1.pac
+    ${PROJECT_SOURCE_DIR}/src/analyzer/protocol/asn1/asn1.pac)
 )
--- a/src/analyzer/protocol/http/CMakeLists.txt
+++ b/src/analyzer/protocol/http/CMakeLists.txt
@ -6,5 +6,4 @@ zeek_add_plugin(
    Plugin.cc
    BIFS
    events.bif
-        functions.bif
+    functions.bif)
 )
--- a/src/analyzer/protocol/ident/CMakeLists.txt
+++ b/src/analyzer/protocol/ident/CMakeLists.txt
@ -5,5 +5,4 @@ zeek_add_plugin(
    Ident.cc
    Plugin.cc
    BIFS
-        events.bif
+    events.bif)
 )
--- a/src/analyzer/protocol/imap/CMakeLists.txt
+++ b/src/analyzer/protocol/imap/CMakeLists.txt
@ -9,5 +9,4 @@ zeek_add_plugin(
    PAC
    imap.pac
    imap-analyzer.pac
-        imap-protocol.pac
+    imap-protocol.pac)
 )
--- a/src/analyzer/protocol/irc/CMakeLists.txt
+++ b/src/analyzer/protocol/irc/CMakeLists.txt
@ -5,5 +5,4 @@ zeek_add_plugin(
    IRC.cc
    Plugin.cc
    BIFS
-        events.bif
+    events.bif)
 )
--- a/src/analyzer/protocol/krb/CMakeLists.txt
+++ b/src/analyzer/protocol/krb/CMakeLists.txt
@ -25,5 +25,4 @@ zeek_add_plugin(
    krb-defs.pac
    krb-types.pac
    krb-padata.pac
-        ${PROJECT_SOURCE_DIR}/src/analyzer/protocol/asn1/asn1.pac
+    ${PROJECT_SOURCE_DIR}/src/analyzer/protocol/asn1/asn1.pac)
 )
--- a/src/analyzer/protocol/login/CMakeLists.txt
+++ b/src/analyzer/protocol/login/CMakeLists.txt
@ -10,5 +10,4 @@ zeek_add_plugin(
    Plugin.cc
    BIFS
    events.bif
-        functions.bif
+    functions.bif)
 )
--- a/src/analyzer/protocol/mime/CMakeLists.txt
+++ b/src/analyzer/protocol/mime/CMakeLists.txt
@ -10,5 +10,4 @@ zeek_add_plugin(
    MIME.cc
    Plugin.cc
    BIFS
-        events.bif
+    events.bif)
 )
--- a/src/analyzer/protocol/modbus/CMakeLists.txt
+++ b/src/analyzer/protocol/modbus/CMakeLists.txt
@ -9,5 +9,4 @@ zeek_add_plugin(
    PAC
    modbus.pac
    modbus-analyzer.pac
-        modbus-protocol.pac
+    modbus-protocol.pac)
 )
--- a/src/analyzer/protocol/mqtt/CMakeLists.txt
+++ b/src/analyzer/protocol/mqtt/CMakeLists.txt
@ -23,5 +23,4 @@ zeek_add_plugin(
    commands/unsubscribe.pac
    commands/disconnect.pac
    commands/pingreq.pac
-        commands/pingresp.pac
+    commands/pingresp.pac)
 )
--- a/src/analyzer/protocol/mysql/CMakeLists.txt
+++ b/src/analyzer/protocol/mysql/CMakeLists.txt
@ -9,5 +9,4 @@ zeek_add_plugin(
    PAC
    mysql.pac
    mysql-analyzer.pac
-        mysql-protocol.pac
+    mysql-protocol.pac)
 )
--- a/src/analyzer/protocol/ncp/CMakeLists.txt
+++ b/src/analyzer/protocol/ncp/CMakeLists.txt
@ -8,5 +8,4 @@ zeek_add_plugin(
    events.bif
    consts.bif
    PAC
-        ncp.pac
+    ncp.pac)
 )
--- a/src/analyzer/protocol/netbios/CMakeLists.txt
+++ b/src/analyzer/protocol/netbios/CMakeLists.txt
@ -6,5 +6,4 @@ zeek_add_plugin(
    Plugin.cc
    BIFS
    events.bif
-        functions.bif
+    functions.bif)
 )
--- a/src/analyzer/protocol/ntlm/CMakeLists.txt
+++ b/src/analyzer/protocol/ntlm/CMakeLists.txt
@ -10,5 +10,4 @@ zeek_add_plugin(
    PAC
    ntlm.pac
    ntlm-protocol.pac
-        ntlm-analyzer.pac
+    ntlm-analyzer.pac)
 )
--- a/src/analyzer/protocol/ntp/CMakeLists.txt
+++ b/src/analyzer/protocol/ntp/CMakeLists.txt
@ -11,5 +11,4 @@ zeek_add_plugin(
    ntp.pac
    ntp-analyzer.pac
    ntp-mode7.pac
-        ntp-protocol.pac
+    ntp-protocol.pac)
 )
--- a/src/analyzer/protocol/ntp/ntp-analyzer.pac
+++ b/src/analyzer/protocol/ntp/ntp-analyzer.pac
@ -130,11 +130,25 @@
 refine flow NTP_Flow += {
 	%member{
 		bool flipped_;
 	%}
 	%init{
 		flipped_ = false;
 	%}
 	function proc_ntp_message(msg: NTP_PDU): bool
 		%{
 		connection()->zeek_analyzer()->AnalyzerConfirmation();
 		// Flip roles for SERVER mode message from orig or a CLIENT mode message from resp.
 		if ( ((${msg.mode} == SERVER && is_orig()) || (${msg.mode} == CLIENT && ! is_orig())) && ! flipped_ )
 			{
 			connection()->zeek_analyzer()->Conn()->FlipRoles();
 			flipped_ = true;
 			}
 		if ( ! ntp_message )
 			return false;
--- a/src/analyzer/protocol/ntp/ntp-protocol.pac
+++ b/src/analyzer/protocol/ntp/ntp-protocol.pac
@ -1,5 +1,14 @@
 # This is the common part in the header format.
 # See RFC 5905 for details
 enum NTP_Mode {
 	SYMMETRIC_ACTIVE = 1,
 	SYMMETRIC_PASSIVE = 2,
 	CLIENT = 3,
 	SERVER = 4,
 	BROADCAST_SERVER = 5,
 	BROADCAST_CLIENT = 6,
 };
 type NTP_PDU(is_orig: bool) = record {
 	# The first byte of the NTP header contains the leap indicator,
 	# the version and the mode
--- a/src/analyzer/protocol/pia/CMakeLists.txt
+++ b/src/analyzer/protocol/pia/CMakeLists.txt
@ -1,7 +1 @@
-zeek_add_plugin(
+zeek_add_plugin(Zeek PIA SOURCES PIA.cc Plugin.cc)
    Zeek
    PIA
    SOURCES
        PIA.cc
        Plugin.cc
 )
--- a/src/analyzer/protocol/pop3/CMakeLists.txt
+++ b/src/analyzer/protocol/pop3/CMakeLists.txt
@ -5,5 +5,4 @@ zeek_add_plugin(
    POP3.cc
    Plugin.cc
    BIFS
-        events.bif
+    events.bif)
 )
--- a/src/analyzer/protocol/radius/CMakeLists.txt
+++ b/src/analyzer/protocol/radius/CMakeLists.txt
@ -9,5 +9,4 @@ zeek_add_plugin(
    PAC
    radius.pac
    radius-analyzer.pac
-        radius-protocol.pac
+    radius-protocol.pac)
 )
--- a/src/analyzer/protocol/rdp/CMakeLists.txt
+++ b/src/analyzer/protocol/rdp/CMakeLists.txt
@ -16,5 +16,4 @@ zeek_add_plugin(
    PAC
    rdpeudp.pac
    rdpeudp-analyzer.pac
-        rdpeudp-protocol.pac
+    rdpeudp-protocol.pac)
 )
--- a/src/analyzer/protocol/rfb/CMakeLists.txt
+++ b/src/analyzer/protocol/rfb/CMakeLists.txt
@ -9,5 +9,4 @@ zeek_add_plugin(
    PAC
    rfb.pac
    rfb-analyzer.pac
-        rfb-protocol.pac
+    rfb-protocol.pac)
 )
--- a/src/analyzer/protocol/rpc/CMakeLists.txt
+++ b/src/analyzer/protocol/rpc/CMakeLists.txt
@ -9,5 +9,4 @@ zeek_add_plugin(
    XDR.cc
    Plugin.cc
    BIFS
-        events.bif
+    events.bif)
 )
--- a/src/analyzer/protocol/sip/CMakeLists.txt
+++ b/src/analyzer/protocol/sip/CMakeLists.txt
@ -14,5 +14,4 @@ zeek_add_plugin(
    PAC
    sip_TCP.pac
    sip-protocol.pac
-        sip-analyzer.pac
+    sip-analyzer.pac)
 )
--- a/src/analyzer/protocol/smb/CMakeLists.txt
+++ b/src/analyzer/protocol/smb/CMakeLists.txt
@ -85,5 +85,4 @@ zeek_add_plugin(
    smb2-com-tree-connect.pac
    smb2-com-tree-disconnect.pac
    smb2-com-write.pac
-	      smb2-com-transform-header.pac
+    smb2-com-transform-header.pac)
 )
--- a/src/analyzer/protocol/smb/consts.bif
+++ b/src/analyzer/protocol/smb/consts.bif
@ -1 +1,2 @@
 const SMB::pipe_filenames: string_set;
 const SMB::max_pending_messages: count;
--- a/src/analyzer/protocol/smb/smb2-com-ioctl.pac
+++ b/src/analyzer/protocol/smb/smb2-com-ioctl.pac
@ -17,6 +17,17 @@ refine connection SMB_Conn += {
 	function proc_smb2_ioctl_request(val: SMB2_ioctl_request) : bool
 		%{
 		if ( zeek::BifConst::SMB::max_pending_messages > 0 &&
 		     smb2_ioctl_fids.size() >= zeek::BifConst::SMB::max_pending_messages )
 			{
 			if ( smb2_discarded_messages_state )
 				zeek::BifEvent::enqueue_smb2_discarded_messages_state(zeek_analyzer(), zeek_analyzer()->Conn(),
 				                                                     zeek::make_intrusive<zeek::StringVal>("ioctl"));
 			smb2_ioctl_fids.clear();
 			}
 		smb2_ioctl_fids[${val.header.message_id}] = ${val.file_id.persistent} + ${val.file_id._volatile};
 		return true;
 		%}
--- a/src/analyzer/protocol/smb/smb2-com-read.pac
+++ b/src/analyzer/protocol/smb/smb2-com-read.pac
@ -34,6 +34,17 @@ refine connection SMB_Conn += {
 			                                    ${val.read_len});
 			}
 		if ( zeek::BifConst::SMB::max_pending_messages > 0 &&
 		     (smb2_read_offsets.size() >= zeek::BifConst::SMB::max_pending_messages ||
 		      smb2_read_fids.size() >= zeek::BifConst::SMB::max_pending_messages) )
 			{
 			if ( smb2_discarded_messages_state )
 				zeek::BifEvent::enqueue_smb2_discarded_messages_state(zeek_analyzer(), zeek_analyzer()->Conn(),
 				                                                      zeek::make_intrusive<zeek::StringVal>("read"));
 			smb2_read_offsets.clear();
 			smb2_read_fids.clear();
 			}
 		smb2_read_offsets[${h.message_id}] = ${val.offset};
 		smb2_read_fids[${h.message_id}] = ${val.file_id.persistent} + ${val.file_id._volatile};
--- a/src/analyzer/protocol/smb/smb2-protocol.pac
+++ b/src/analyzer/protocol/smb/smb2-protocol.pac
@ -230,6 +230,16 @@ refine connection SMB_Conn += {
 		%{
 		if ( is_orig )
 			{
 			if ( zeek::BifConst::SMB::max_pending_messages > 0 &&
 			     smb2_request_tree_id.size() >= zeek::BifConst::SMB::max_pending_messages )
 				{
 				if ( smb2_discarded_messages_state )
 					zeek::BifEvent::enqueue_smb2_discarded_messages_state(zeek_analyzer(), zeek_analyzer()->Conn(),
 					                                                     zeek::make_intrusive<zeek::StringVal>("tree"));
 				smb2_request_tree_id.clear();
 				}
 			// Store the tree_id
 			smb2_request_tree_id[${h.message_id}] = ${h.tree_id};
 			}
--- a/src/analyzer/protocol/smb/smb2_events.bif
+++ b/src/analyzer/protocol/smb/smb2_events.bif
@ -15,3 +15,16 @@
 ##
 ## .. zeek:see:: smb1_message
 event smb2_message%(c: connection, hdr: SMB2::Header, is_orig: bool%);
 ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)`
 ## version 2 connections for which pending read, ioctl or tree requests exceeds
 ## the :zeek:see:`SMB::max_pending_messages` setting. This event indicates either
 ## traffic loss, traffic load-balancing issues, or failures to parse or match
 ## SMB responses with SMB requests. When this event is raised, internal per-connection
 ## parser state has been reset.
 ##
 ## c: The affected connection.
 ##
 ## state: String describing what kind of state was affected.
 ##        One of read, ioctl or tree.
 event smb2_discarded_messages_state%(c: connection, state: string%);
--- a/src/analyzer/protocol/smtp/CMakeLists.txt
+++ b/src/analyzer/protocol/smtp/CMakeLists.txt
@ -6,5 +6,4 @@ zeek_add_plugin(
    Plugin.cc
    BIFS
    events.bif
-        functions.bif
+    functions.bif)
 )
--- a/src/analyzer/protocol/snmp/CMakeLists.txt
+++ b/src/analyzer/protocol/snmp/CMakeLists.txt
@ -11,5 +11,4 @@ zeek_add_plugin(
    snmp.pac
    snmp-protocol.pac
    snmp-analyzer.pac
-        ${PROJECT_SOURCE_DIR}/src/analyzer/protocol/asn1/asn1.pac
+    ${PROJECT_SOURCE_DIR}/src/analyzer/protocol/asn1/asn1.pac)
 )
--- a/src/analyzer/protocol/socks/CMakeLists.txt
+++ b/src/analyzer/protocol/socks/CMakeLists.txt
@ -9,5 +9,4 @@ zeek_add_plugin(
    PAC
    socks.pac
    socks-protocol.pac
-        socks-analyzer.pac
+    socks-analyzer.pac)
 )
--- a/src/analyzer/protocol/ssh/CMakeLists.txt
+++ b/src/analyzer/protocol/ssh/CMakeLists.txt
@ -11,5 +11,4 @@ zeek_add_plugin(
    ssh.pac
    ssh-analyzer.pac
    ssh-protocol.pac
-        consts.pac
+    consts.pac)
 )
--- a/src/analyzer/protocol/ssl/CMakeLists.txt
+++ b/src/analyzer/protocol/ssl/CMakeLists.txt
@ -31,5 +31,4 @@ zeek_add_plugin(
    dtls-analyzer.pac
    ssl-dtls-protocol.pac
    dtls-protocol.pac
-        ssl-defs.pac
+    ssl-defs.pac)
 )
--- a/src/analyzer/protocol/syslog/CMakeLists.txt
+++ b/src/analyzer/protocol/syslog/CMakeLists.txt
@ -5,5 +5,4 @@ spicy_add_analyzer(
    syslog.spicy
    syslog.evt
    LEGACY
-    legacy
+    legacy)
 )
--- a/src/analyzer/protocol/syslog/legacy/CMakeLists.txt
+++ b/src/analyzer/protocol/syslog/legacy/CMakeLists.txt
@ -9,5 +9,4 @@ zeek_add_plugin(
    PAC
    syslog.pac
    syslog-analyzer.pac
-        syslog-protocol.pac
+    syslog-protocol.pac)
 )
--- a/src/analyzer/protocol/tcp/CMakeLists.txt
+++ b/src/analyzer/protocol/tcp/CMakeLists.txt
@ -10,5 +10,4 @@ zeek_add_plugin(
    BIFS
    events.bif
    types.bif
-        functions.bif
+    functions.bif)
 )
--- a/src/analyzer/protocol/xmpp/CMakeLists.txt
+++ b/src/analyzer/protocol/xmpp/CMakeLists.txt
@ -9,5 +9,4 @@ zeek_add_plugin(
    PAC
    xmpp.pac
    xmpp-analyzer.pac
-        xmpp-protocol.pac
+    xmpp-protocol.pac)
 )
--- a/src/analyzer/protocol/zip/CMakeLists.txt
+++ b/src/analyzer/protocol/zip/CMakeLists.txt
@ -1,7 +1 @@
-zeek_add_plugin(
+zeek_add_plugin(Zeek ZIP SOURCES ZIP.cc Plugin.cc)
    Zeek
    ZIP
    SOURCES
        ZIP.cc
        Plugin.cc
 )
--- a/src/broker/CMakeLists.txt
+++ b/src/broker/CMakeLists.txt
@ -1,6 +1,8 @@
 zeek_add_subdir_library(
    comm
-    INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}
+    INCLUDE_DIRS
    ${CMAKE_CURRENT_SOURCE_DIR}
    ${CMAKE_CURRENT_BINARY_DIR}
    SOURCES
    Data.cc
    Manager.cc
@ -9,5 +11,4 @@ zeek_add_subdir_library(
    comm.bif
    data.bif
    messaging.bif
-        store.bif
+    store.bif)
 )
--- a/src/file_analysis/CMakeLists.txt
+++ b/src/file_analysis/CMakeLists.txt
@ -1,6 +1,8 @@
 zeek_add_subdir_library(
    file_analysis
-    INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}
+    INCLUDE_DIRS
    ${CMAKE_CURRENT_SOURCE_DIR}
    ${CMAKE_CURRENT_BINARY_DIR}
    SOURCES
    Manager.cc
    File.cc
@ -10,7 +12,6 @@ zeek_add_subdir_library(
    AnalyzerSet.cc
    Component.cc
    BIFS
-        file_analysis.bif
+    file_analysis.bif)
 )
 add_subdirectory(analyzer)
--- a/src/file_analysis/analyzer/data_event/CMakeLists.txt
+++ b/src/file_analysis/analyzer/data_event/CMakeLists.txt
@ -5,5 +5,4 @@ zeek_add_plugin(
    DataEvent.cc
    Plugin.cc
    INCLUDE_DIRS
-        "${CMAKE_CURRENT_SOURCE_DIR}"
+    "${CMAKE_CURRENT_SOURCE_DIR}")
 )
--- a/src/file_analysis/analyzer/entropy/CMakeLists.txt
+++ b/src/file_analysis/analyzer/entropy/CMakeLists.txt
@ -5,5 +5,4 @@ zeek_add_plugin(
    Entropy.cc
    Plugin.cc
    BIFS
-        events.bif
+    events.bif)
 )
--- a/src/file_analysis/analyzer/extract/CMakeLists.txt
+++ b/src/file_analysis/analyzer/extract/CMakeLists.txt
@ -6,5 +6,4 @@ zeek_add_plugin(
    Plugin.cc
    BIFS
    events.bif
-        functions.bif
+    functions.bif)
 )
--- a/src/file_analysis/analyzer/hash/CMakeLists.txt
+++ b/src/file_analysis/analyzer/hash/CMakeLists.txt
@ -5,5 +5,4 @@ zeek_add_plugin(
    Hash.cc
    Plugin.cc
    BIFS
-        events.bif
+    events.bif)
 )
--- a/src/file_analysis/analyzer/pe/CMakeLists.txt
+++ b/src/file_analysis/analyzer/pe/CMakeLists.txt
@ -12,5 +12,4 @@ zeek_add_plugin(
    pe-file-headers.pac
    pe-file-idata.pac
    pe-file.pac
-        pe-file-types.pac
+    pe-file-types.pac)
 )
--- a/src/file_analysis/analyzer/x509/CMakeLists.txt
+++ b/src/file_analysis/analyzer/x509/CMakeLists.txt
@ -13,5 +13,4 @@ zeek_add_plugin(
    ocsp_events.bif
    PAC
    x509-extension.pac
-        x509-signed_certificate_timestamp.pac
+    x509-signed_certificate_timestamp.pac)
 )
--- a/src/fuzzers/CMakeLists.txt
+++ b/src/fuzzers/CMakeLists.txt
@ -1,5 +1,5 @@
-########################################################################
+# ##############################################################################
-## Fuzzing targets
+# Fuzzing targets
 if (NOT ZEEK_ENABLE_FUZZERS)
    return()
@ -10,7 +10,7 @@ if ( NOT DEFINED ZEEK_FUZZING_ENGINE AND DEFINED ENV{LIB_FUZZING_ENGINE} )
        # Empty LIB_FUZZING_ENGINE, assume libFuzzer
        set(ZEEK_FUZZING_ENGINE "-fsanitize=fuzzer" CACHE INTERNAL "" FORCE)
    else ()
-        STRING(SUBSTRING "$ENV{LIB_FUZZING_ENGINE}" 0 1 _first_char)
+        string(SUBSTRING "$ENV{LIB_FUZZING_ENGINE}" 0 1 _first_char)
        if ("${_first_char}" STREQUAL "-" OR EXISTS "$ENV{LIB_FUZZING_ENGINE}")
            # Looks like a linker flag or valid file, use it
@ -23,10 +23,10 @@ if ( NOT DEFINED ZEEK_FUZZING_ENGINE AND DEFINED ENV{LIB_FUZZING_ENGINE} )
 endif ()
 # The bind library is handled a bit hack-ishly since it defaults to linking it
-# as static library by default on Linux, but at least on one common distro,
+# as static library by default on Linux, but at least on one common distro, that
-# that static library wasn't compiled with -fPIC and so not usable in the
+# static library wasn't compiled with -fPIC and so not usable in the shared
-# shared library we're trying to build.  So instead, the fuzzer executable, not
+# library we're trying to build.  So instead, the fuzzer executable, not the
-# the shared lib, links it.
+# shared lib, links it.
 string(REGEX MATCH ".*\\.a$" _have_static_bind_lib "${BIND_LIBRARY}")
 macro (SETUP_FUZZ_TARGET _fuzz_target _fuzz_source)
@ -42,8 +42,7 @@ macro(SETUP_FUZZ_TARGET _fuzz_target _fuzz_source)
    if (DEFINED ZEEK_FUZZING_ENGINE)
        target_link_libraries(${_fuzz_target} ${ZEEK_FUZZING_ENGINE})
    else ()
-        target_link_libraries(${_fuzz_target}
+        target_link_libraries(${_fuzz_target} $<TARGET_OBJECTS:zeek_fuzzer_standalone>)
                              $<TARGET_OBJECTS:zeek_fuzzer_standalone>)
    endif ()
 endmacro ()
@ -78,8 +77,7 @@ foreach(_dep ${zeekdeps} )
    endif ()
 endforeach ()
-target_link_libraries(zeek_fuzzer_shared PUBLIC
+target_link_libraries(zeek_fuzzer_shared PUBLIC ${zeek_fuzzer_shared_deps}
                      ${zeek_fuzzer_shared_deps}
                                                ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS})
 add_fuzz_target(packet)
@ -116,14 +114,15 @@ add_generic_analyzer_fuzz_target(syslog)
 # add_generic_analyzer_fuzz_target(finger)  # no pcap files
 # add_generic_analyzer_fuzz_target(gssapi)  # only samples are embedded in smb
 # add_generic_analyzer_fuzz_target(ident)   # no pcap files
-#add_generic_analyzer_fuzz_target(krb)     # should these just be handled by smb?
+# add_generic_analyzer_fuzz_target(krb)     # should these just be handled by
-#add_generic_analyzer_fuzz_target(krb_tcp) # should these just be handled by smb?
+# smb? add_generic_analyzer_fuzz_target(krb_tcp) # should these just be handled
-#add_generic_analyzer_fuzz_target(rsh)     # login - no pcap files
+# by smb? add_generic_analyzer_fuzz_target(rsh)     # login - no pcap files
 # add_generic_analyzer_fuzz_target(rlogin)  # login - no pcap files
 # add_generic_analyzer_fuzz_target(telnet)  # login - no pcap files
 # add_generic_analyzer_fuzz_target(netbios) # no pcap files
-#add_generic_analyzer_fuzz_target(ntlm)    # only samples are embedded in dce-rpc or smb
+# add_generic_analyzer_fuzz_target(ntlm)    # only samples are embedded in
-#add_generic_analyzer_fuzz_target(xdr)     # rpc - no pcap files
+# dce-rpc or smb add_generic_analyzer_fuzz_target(xdr)     # rpc - no pcap files
 # add_generic_analyzer_fuzz_target(sip_tcp) # unnecessary?
-#add_generic_analyzer_fuzz_target(socks)   # can this one be tested by adding SOCKS pkts to the HTTP corpus?
+# add_generic_analyzer_fuzz_target(socks)   # can this one be tested by adding
-#add_generic_analyzer_fuzz_target(xmpp)    # no pcap files
+# SOCKS pkts to the HTTP corpus? add_generic_analyzer_fuzz_target(xmpp)    # no
 # pcap files
--- a/src/input/CMakeLists.txt
+++ b/src/input/CMakeLists.txt
@ -6,7 +6,6 @@ zeek_add_subdir_library(
    ReaderBackend.cc
    ReaderFrontend.cc
    BIFS
-        input.bif
+    input.bif)
 )
 add_subdirectory(readers)
--- a/src/input/readers/CMakeLists.txt
+++ b/src/input/readers/CMakeLists.txt
@ -1,4 +1,3 @@
 add_subdirectory(ascii)
 add_subdirectory(benchmark)
 add_subdirectory(binary)
--- a/Show more
+++ b/Show more
		`@ -1 +1 @@`
			`Subproject commit b6f138be79f7d4408302b1297b0c63092b019773`				`Subproject commit 4ad7a297223121b91c94caea6d28ca8888ec6dc1`
		`@ -1 +1 @@`
			`Subproject commit e820c29116a50a18079e783f47b96111eb7b5b0b`				`Subproject commit e4c7b7027d6053c66d8c278a8dbb9a7c2bac09ad`
		`@ -1 +1 @@`
			`Subproject commit 4fc4c31592c4823d675314bc981931de9e246057`				`Subproject commit 000834f60ab7540041c431a3657c23c7476e368d`
		`@ -1 +1 @@`
			`Subproject commit f1183514cd12468d34cb01b147c8d1859a657c31`				`Subproject commit 0c3cafb2ed638f88a446732fa03d90af9bcf796c`
		`@ -1 +1 @@`
			`Subproject commit 3e5b930d9690ef6b87dd034916598e0771f8688d`				`Subproject commit 8a2edd6d92ed820521d42c94d179462bf06b5ed3`
		`@ -1 +1 @@`
			`Subproject commit 8534f719a0a384769383bbd4ad71c9eb2084823d`				`Subproject commit 94eb4798e5cb1b749e42c84f2d4034c16f6cb9db`
		`@ -1 +1 @@`
			`Subproject commit 8011410a8a2ba9b57a544d20efd077f83ecb7eda`				`Subproject commit 2766a0c45a6dbcdcf26cd1209a73a13323854961`
		`@ -1 +1 @@`
			`Subproject commit 5ade27d716fd65342be592abf277eea114fefaa7`				`Subproject commit e1d8271af1f499b3d072c99ae717d2593f551645`
		`@ -1 +1 @@`
			`Subproject commit 2b40a6bafedbbf3fba16d292fd9fe8ba6e9de1bf`				`Subproject commit e36862b3a6e70bf8557885e12e74cbc91507a693`
		`@ -1 +1 @@`
			`Subproject commit fd326e9ced4c078f19ddd32e0afcbe1fe4817a3c`				`Subproject commit 1f16b5047b7478cd38eeb8cae7e11479932135fe`