Merge remote-tracking branch 'origin/master' into topic/johanna/dtls13

* origin/master: (35 commits) Update doc submodule [nomail] [skip ci] Updating submodule(s) [nomail] zeek.bif: Add log2() and ceil() Use the same rules as cmake submodule to reformat Zeek Update cmake submodule after reformat Fixup Val.h/Val.cc: Actually move ValFromJSON into zeek::detail Implement from_json bif Revert "Skip version.h by default for Zeek sources" BTest baseline updates for -O gen-C++ updates to C++ maintenance scripts to better handle uncompilable BTests added ZEEK_REPORT_UNCOMPILABLE environment variable for "-O report-uncompilable" Skip version.h by default for Zeek sources core.network_time.broker: Test reliability improvement cluster/supervisor: Multi-logger awareness Bump zeek-archiver submodule ci: Add public-ecr-vacuum.sh Update doc submodule [nomail] [skip ci] generate-docs: Only update submodule pointer during scheduled builds BTest baseline updates for ZAM NTP: Detect out-of-order packets ...
2025-10-02 14:48:21 +00:00 · 2023-05-10 13:02:08 +01:00 · 2023-05-10 13:02:08 +01:00 · 527c0dc09f
commit 527c0dc09f
parent a8e84c6192 c543387ce0
239 changed files with 3023 additions and 1862 deletions
--- a/.cirrus.yml
+++ b/.cirrus.yml
@ -612,6 +612,21 @@ container_image_manifest_docker_builder:
    - arm64_container_image
    - amd64_container_image
 # Once we've published new images in container_image_manifest, remove any untagged
 # images from the public ECR repository to stay within free-tier bounds.
 public_ecr_cleanup_docker_builder:
  cpu: 1
  only_if: >
    $CIRRUS_CRON == '' && $CIRRUS_REPO_FULL_NAME == 'zeek/zeek' && $CIRRUS_BRANCH == 'master'
  env:
    AWS_ACCESS_KEY_ID: ENCRYPTED[!eff52f6442e1bc78bce5b15a23546344df41bf519f6201924cb70c7af12db23f442c0e5f2b3687c2d856ceb11fcb8c49!]
    AWS_SECRET_ACCESS_KEY: ENCRYPTED[!748bc302dd196140a5fa8e89c9efd148882dc846d4e723787d2de152eb136fa98e8dea7e6d2d6779d94f72dd3c088228!]
    AWS_REGION: us-east-1
  cleanup_script:
    - ./ci/public-ecr-cleanup.sh
  depends_on:
    - container_image_manifest
 cluster_testing_docker_builder:
  cpu: *CPUS
  memory: *MEMORY
--- a/.cmake-format.json
+++ b/.cmake-format.json
@ -0,0 +1,80 @@
 {
    "parse": {
 	"additional_commands": {
            "CheckIPProto": {
 		"kwargs": {
                    "_proto": "*"
 		}
            },
            "CheckType": {
 		"kwargs": {
                    "_type": "*",
                    "_alt_type": "*",
                    "_var": "*"
 		}
            },
 	    "SetPackageVersion": {
 		"kwargs": {
 		    "_version": "*"
 		}
 	    },
 	    "SetPackageFileName": {
 		"kwargs": {
 		    "_version": "*"
 		}
 	    },
 	    "SetPackageInstallScripts": {
 		"kwargs": {
 		    "VERSION": "*"
 		}
 	    },
 	    "ConfigurePackaging": {
 		"kwargs": {
 		    "_version": "*"
 		}
 	    },
 	    "SetPackageGenerators": {},
 	    "SetPackageMetadata": {},
 	    "FindRequiredPackage": {
 		"kwargs": {
 		    "packageName": "*"
 		}
 	    },
 	    "InstallClobberImmune": {
 		"kwargs": {
 		    "_srcfile": "*",
 		    "_dstfile": "*"
 		}
 	    },
 	    "InstallPackageConfigFile": {
 		"kwargs": {
 		    "_srcfile": "*",
 		    "_dstdir": "*",
 		    "_dstfilename": "*"
 		}
 	    },
 	    "InstallShellScript": {
 		"kwargs": {
 		    "_srcfile": "*",
 		    "_dstfile": "*"
 		}
 	    },
 	    "InstallSymLink": {
 		"kwargs": {
 		    "_filepath": "*",
 		    "_sympath": "*"
 		}
 	    }
 	}
    },
    "format": {
 	"line_width": 100,
 	"tab_size": 4,
 	"separate_ctrl_name_with_space": true,
 	"max_subgroups_hwrap": 3,
 	"line_ending": "unix"
    },
    "markup": {
 	"enable_markup": false
    }
 }
--- a/.github/workflows/generate-docs.yml
+++ b/.github/workflows/generate-docs.yml
@ -34,7 +34,13 @@ jobs:
        with:
          submodules: "recursive"
      # Only reset the submodule pointer for scheduled builds. The reason to do
      # this is to pick up any merge commits or anything that may have been
      # missed in a merge, but not have any actual content. We don't want to do
      # it otherwise because PRs should just use the submodule they're pointing
      # at.
      - name: Switch doc submodule to master
        if: github.event_name == 'schedule'
        run: cd doc && git checkout master
      - name: Fetch Dependencies
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -17,3 +17,9 @@ repos:
  rev: v0.31.0
  hooks:
  - id: yapf
 - repo: https://github.com/cheshirekow/cmake-format-precommit
  rev: v0.6.13
  hooks:
  - id: cmake-format
    exclude: '^auxil/.*$'
--- a/166
+++ b/166
@ -1,3 +1,169 @@
 6.0.0-dev.533 | 2023-05-09 13:38:37 -0700
  * core.network_time.broker: Test reliability improvement (Arne Welzel, Corelight)
    I wasn't able to reproduce this locally, but after looking at
    -B main-loop,tm for a bit it dawned that if the manager is sending
    ticks too fast, the Broker IO source may consume two ticks in one go
    before expiring timers and that would explain the observed baseline
    differences.
    Solve this by removing the reliance on realtime delays and switch to
    a request-reply pattern instead.
 6.0.0-dev.531 | 2023-05-09 13:38:15 -0700
  * ci: Add public-ecr-vacuum.sh (Arne Welzel, Corelight)
 6.0.0-dev.529 | 2023-05-09 12:54:28 -0700
  * Updating submodule(s) [nomail] (Tim Wojtulewicz, Corelight)
 6.0.0-dev.527 | 2023-05-09 19:11:00 +0200
  * GH-2930: zeek.bif: Add log2() and ceil() (Arne Welzel, Corelight)
 6.0.0-dev.525 | 2023-05-09 09:05:51 -0700
  * Use the same rules as cmake submodule to reformat Zeek (Tim Wojtulewicz, Corelight)
  * Update cmake submodule after reformat (Tim Wojtulewicz, Corelight)
 6.0.0-dev.522 | 2023-05-09 15:19:43 +0200
  * cluster/supervisor: Multi-logger awareness (Arne Welzel, Corelight)
    When multiple loggers are configured in a Supervisor controlled cluster
    configuration, encode extra information into the rotated filename to
    identify which logger produced the log.
    This is similar to the approach taken for ZeekControl, re-using the
    log_suffix terminology, but as there's only a single zeek-archiver
    process and no postprocessors and no other side-channel for additional
    information, we encode extra metadata into the filename. zeek-archiver
    is extended to recognize the special metadata part of the filename.
    This also solves the issue that multiple loggers in a supervisor setup
    overwrite each others log files within a single log-queue directory.
  * Bump zeek-archiver submodule (Arne Welzel, Corelight)
 6.0.0-dev.519 | 2023-05-09 11:03:32 +0200
  * Fixup Val.h/Val.cc: Actually move ValFromJSON into zeek::detail (Arne Welzel, Corelight)
 6.0.0-dev.518 | 2023-05-09 10:19:46 +0200
  * Implement from_json bif (Fupeng Zhao)
 6.0.0-dev.516 | 2023-05-05 14:08:15 -0700
  * BTest baseline updates for -O gen-C++ (Vern Paxson, Corelight)
  * updates to C++ maintenance scripts to better handle uncompilable BTests (Vern Paxson, Corelight)
  * added ZEEK_REPORT_UNCOMPILABLE environment variable for "-O report-uncompilable" (Vern Paxson, Corelight)
  * BTest baseline updates for ZAM (Vern Paxson, Corelight)
 6.0.0-dev.511 | 2023-05-05 21:04:11 +0200
  * Revert "Skip version.h by default for Zeek sources" (Arne Welzel, Corelight)
    This reverts commit 8246baf25c692b658e7a39527f6652e37f5b5095.
    Actually fails the include_plugins CI test and I had just
    opened another related issue.
 6.0.0-dev.510 | 2023-05-05 20:14:21 +0200
  * Skip version.h by default for Zeek sources (Dominik Charousset, Corelight)
 6.0.0-dev.508 | 2023-05-05 08:48:10 -0700
  * generate-docs: Only update submodule pointer during scheduled builds (Tim Wojtulewicz, Corelight)
 6.0.0-dev.505 | 2023-05-04 20:08:33 +0200
  * GH-2998: NTP: Detect out-of-order packets (Arne Welzel, Corelight)
    The NTP mode provides us with the identity of the endpoints. For the
    simple CLIENT / SERVER modes, flip the connection if we detect
    orig/resp disagreeing with what the message says. This mainly
    results in the history getting a ^ and the ntp.log / conn.log
    showing the corrected endpoints.
 6.0.0-dev.503 | 2023-05-04 10:56:33 -0700
  * Include compiler in --show-config output (Dominik Charousset, Corelight)
  * Fix CMake option defaults on Windows (Dominik Charousset, Corelight)
  * Move build defaults from configure to CMake (Dominik Charousset, Corelight)
    Moving the defaults for build variables from the `configure` script to
    `CMakeLists.txt` gives the same default behavior on platforms where the
    `configure` script is not available (Windows) and also allows a pure
    CMake-based work flow (e.g., the standard `cmake -S . -B build`) without
    having to manually adjust the defaults.
    The `configure` script also becomes much simpler as a result.
 6.0.0-dev.498 | 2023-05-04 09:30:18 +0200
  * scripts/smb2-main: Reset script-level state upon smb2_discarded_messages_state() (Arne Welzel, Corelight)
    This is similar to what the external corelight/zeek-smb-clear-state script
    does, but leverages the smb2_discarded_messages_state() event instead of
    regularly checking on the state of SMB connections.
    The pcap was created using the dperson/samba container image and mounting
    a share with Linux's CIFS filesystem, then copying the content of a
    directory with 100 files. The test uses a BPF filter to imitate mostly
    "half-duplex" traffic.
  * smb2: Limit per-connection read/ioctl/tree state (Arne Welzel, Corelight)
    Users on Slack observed memory growth in an environment with a lot of
    SMB traffic. jeprof memory profiling pointed at the offset and fid maps
    kept per-connection for smb2 read requests.
    These maps can grow unbounded if responses are seen before requests, there's
    packet drops, just one side of the connection is visible, or we fail to parse
    responses properly.
    Forcefully wipe out these maps when they grow too large and raise
    smb2_discarded_messages_state() to notify script land about this.
 6.0.0-dev.493 | 2023-05-03 11:13:15 -0700
  * Update Mozilla CA and Google CT lists (Johanna Amann, Corelight)
 6.0.0-dev.491 | 2023-05-03 09:31:36 -0700
  * Surround string assignments in zeek-config in quotes (Tim Wojtulewicz, Corelight)
 6.0.0-dev.489 | 2023-05-03 09:31:19 -0700
  * Remove parser error message for bro_init, et al (Tim Wojtulewicz, Corelight)
 6.0.0-dev.487 | 2023-05-03 09:30:55 -0700
  * Add additional length check to IEEE 802.11 analyzer (Tim Wojtulewicz, Corelight)
 6.0.0-dev.484 | 2023-05-03 14:18:03 +0100
  * SSL: do not try to disable failed analyzer (Johanna Amann, Corelight)
    Currently, if a TLS/DTLS analyzer fails with a protocol violation, we
    will still try to remove the analyzer later, which results in the
    following error message:
    error: connection does not have analyzer specified to disable
    Now, instead we don't try removing the analyzer anymore, after a
    violation occurred.
 6.0.0-dev.480 | 2023-05-02 20:28:55 +0200
  * ip4_hdr: Add DF, MF, offset and sum fields (Arne Welzel, Corelight)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
--- a/47
+++ b/47
@ -59,6 +59,11 @@ Breaking Changes
 - The IRC_Data analyzer declaration has been moved to protocols/irc/IRC.h.
 - The error message returned when using ``bro_init``, ``bro_done``, and
  ``bro_script_loaded`` events is now removed.  removed. Usage of these events
  has returned that error during script parsing for a few years, and time has
  come to finally remove it.
 New Functionality
 -----------------
@ -86,6 +91,19 @@ New Functionality
  To disable this functionality, pass ``--disable-javascript`` to configure.
 - A new bif ``from_json()`` can be used to parse JSON strings into records.
 	type A: record { a: addr; };
 	local p = from_json({\"a\": \"192.168.0.1\"}", A);
 	if ( p$valid )
 		print (p$v as A)
  Implicit conversion from JSON to Zeek types is implemented for bool, int, count,
  real, interval (number as seconds) and time (number as unix timestamp), port
  (strings in "80/tcp" notation), patterns, addr, subnet, enum, sets, vectors
  and records similar to the rules of the input framework. Optional or default
  record fields are allowed to be missing or null in the input.
 - Zeek now provides native "Community ID" support with a new bif called
  ``community_id_v1()``. Two policy scripts ``protocols/conn/community-id-logging``
   and ``frameworks/notice/community-id`` extend the respective logs with a
@ -104,13 +122,17 @@ New Functionality
 	stats.11:18:57-11:19:00-logger-2.log.gz
  Previously, in a multi-logger setup, individual logger processes would overwrite
-  each others log files during rotation, causing data loss.
+  each other's log files during rotation, causing data loss.
  For setups with a single logger, there's no change in behavior. The naming
  of the final logs can be customized by providing an alternative
  ``make-archive-name`` script and using the new ``ZEEK_ARG_LOG_SUFFIX``
  environment variable.
 - A supervisor controlled Zeek cluster is now multi-logger aware. This avoids
  loggers overwriting each other's log files within a single log-queue directory.
  By default, a logger's name is appended to the rotated logs by zeek-archiver.
 - Introduce a new command-line option ``-V`` / ``--build-info``. It produces
  verbose output in JSON format about the repository state and any included
  plugins.
@ -211,6 +233,13 @@ New Functionality
  messages being correctly parsed and raising the typical SSL/TLS events, the biggest
  visible change is the newly added ``ssl_extension_connection_id`` event.
 - The NTP analyzer now recognizes when client and server mode messages disagree
  with the notion of "originator" and "responder" and flips the connection. This
  can happen in packet loss or packet re-ordering scenarios. Such connections will
  have a ``^`` added to their history.
 - New bifs for ``ceil()`` and ``log2()`` have been added.
 Changed Functionality
 ---------------------
@ -310,8 +339,20 @@ Changed Functionality
 - Libpcap based packet source now avoids the 32bit wraparound of link and
  dropped packet counters as reported by users.
- The ``ssl_history`` field of ``ssl.log`` now correctly logs Hello Retry Request
+- The `ssl_history` field in ssl.log indicates that the letter `j` is reserved
-  messages. Before, they were incorrectly logged as Server Hellos.
+  for hello retry requests. However, this logging was never fully implemented;
  instead, hello retry requests were logged like as a server hello (with the letter
  `s`). This oversight was fixed, and hello retry requests are now correctly logged.
 - When per-connection SMB parser state (read offsets, tree ids, ...) exceeds
  ``SMB::max_pending_messages`` (default 1000), Zeek discards such per-connection
  state and raises a new ``smb2_discarded_messages_state()`` event. This event is
  used to reset script-layer SMB state. This change provides protection against
  unbounded state growth due to partial or one-sided SMB connections.
  Setting ``SMB::max_pending_messages`` to 0 can be used to switch back to the
  previous behavior of not discarding state. Setting ``SMB::enable_state_clear``
  to ``F`` skips the script-layer state clearing logic.
 Removed Functionality
 ---------------------
--- a/2
+++ b/2
@ -1 +1 @@
-6.0.0-dev.480
+6.0.0-dev.533
--- a/auxil/bifcl
+++ b/auxil/bifcl
@ -1 +1 @@
-Subproject commit b6f138be79f7d4408302b1297b0c63092b019773
+Subproject commit 4ad7a297223121b91c94caea6d28ca8888ec6dc1
--- a/auxil/binpac
+++ b/auxil/binpac
@ -1 +1 @@
-Subproject commit e820c29116a50a18079e783f47b96111eb7b5b0b
+Subproject commit e4c7b7027d6053c66d8c278a8dbb9a7c2bac09ad
--- a/auxil/broker
+++ b/auxil/broker
@ -1 +1 @@
-Subproject commit 4fc4c31592c4823d675314bc981931de9e246057
+Subproject commit 000834f60ab7540041c431a3657c23c7476e368d
--- a/auxil/btest
+++ b/auxil/btest
@ -1 +1 @@
-Subproject commit f1183514cd12468d34cb01b147c8d1859a657c31
+Subproject commit 0c3cafb2ed638f88a446732fa03d90af9bcf796c
--- a/auxil/filesystem
+++ b/auxil/filesystem
@ -1 +1 @@
-Subproject commit 3e5b930d9690ef6b87dd034916598e0771f8688d
+Subproject commit 8a2edd6d92ed820521d42c94d179462bf06b5ed3
--- a/auxil/gen-zam
+++ b/auxil/gen-zam
@ -1 +1 @@
-Subproject commit 8534f719a0a384769383bbd4ad71c9eb2084823d
+Subproject commit 94eb4798e5cb1b749e42c84f2d4034c16f6cb9db
--- a/auxil/libunistd
+++ b/auxil/libunistd
@ -1 +1 @@
-Subproject commit 8011410a8a2ba9b57a544d20efd077f83ecb7eda
+Subproject commit 2766a0c45a6dbcdcf26cd1209a73a13323854961
--- a/auxil/package-manager
+++ b/auxil/package-manager
@ -1 +1 @@
-Subproject commit 5ade27d716fd65342be592abf277eea114fefaa7
+Subproject commit e1d8271af1f499b3d072c99ae717d2593f551645
--- a/auxil/zeek-archiver
+++ b/auxil/zeek-archiver
@ -1 +1 @@
-Subproject commit 2b40a6bafedbbf3fba16d292fd9fe8ba6e9de1bf
+Subproject commit e36862b3a6e70bf8557885e12e74cbc91507a693
--- a/auxil/zeek-aux
+++ b/auxil/zeek-aux
@ -1 +1 @@
-Subproject commit fd326e9ced4c078f19ddd32e0afcbe1fe4817a3c
+Subproject commit 1f16b5047b7478cd38eeb8cae7e11479932135fe
--- a/auxil/zeekctl
+++ b/auxil/zeekctl
@ -1 +1 @@
-Subproject commit 7178d15edb4c737a5d6c28d100c0e457b7afed58
+Subproject commit 98301f54336144272d17439ea43b889ffd79a65f
--- a/ci/public-ecr-cleanup.sh
+++ b/ci/public-ecr-cleanup.sh
@ -0,0 +1,63 @@
 #!/bin/bash
 #
 # Script to batch-delete all untagged images from ECR public repositories,
 # defaulting to the zeek/zeek-dev repository.
 # First scans for manifest list images that are referencing other images and
 # deletes them, then deletes all remaining untagged images.
 set -eu
 if ! command -v aws >/dev/null; then
    echo "missing aws command" >&2
    exit 1
 fi
 REGISTRY_ID=${REGISTRY_ID:-103243056077}
 REPOSITORY_NAME=${REPOSITORY_NAME:-zeek-dev}
 BATCH_DELETE_SIZE=${BATCH_DELETE_SIZE:-50}
 # Chunk up "$1" into BATCH_DELETE_SIZE entries and batch-delete them at once
 # via aws batch-delete.
 #
 # Expected input looks as follows to keep things simple:
 #
 #    imageDigest=sha256:db6...366
 #    imageDigest=sha256:2ad...9b0
 #
 function batch_delete {
    while read -r batch; do
        if [ -z "${batch}" ]; then
            break
        fi
        echo "Deleting ${batch}"
        aws ecr-public batch-delete-image \
            --registry-id "${REGISTRY_ID}" \
            --repository-name "${REPOSITORY_NAME}" \
            --image-ids ${batch}
    done < <(xargs -L ${BATCH_DELETE_SIZE} <<<"$1")
 }
 # Find all untagged manifest lists with the following media types:
 #
 #    application/vnd.docker.distribution.manifest.list.v2+json
 #    application/vnd.oci.image.index.v1+json
 #
 # These reference other images, so we need to delete them first as
 # otherwise the referenced images can not be deleted.
 IMAGE_DIGESTS=$(aws ecr-public describe-images \
    --registry-id "${REGISTRY_ID}" \
    --repository-name "${REPOSITORY_NAME}" \
    --query 'imageDetails[?!imageTags && (contains(imageManifestMediaType, `manifest.list.v2`) || contains(imageManifestMediaType, `image.index.v1`))].{imageDigest: join(`=`, [`imageDigest`, imageDigest])}' \
    --output text)
 batch_delete "${IMAGE_DIGESTS}"
 # Now find all untagged manifests that are left.
 IMAGE_DIGESTS=$(aws ecr-public describe-images \
    --registry-id "${REGISTRY_ID}" \
    --repository-name "${REPOSITORY_NAME}" \
    --query 'imageDetails[?!imageTags].{imageDigest: join(`=`, [`imageDigest`, imageDigest])}' \
    --output text)
 batch_delete "${IMAGE_DIGESTS}"
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 70c6180afcc06767d0ab031d7c36cb0dd6503094
+Subproject commit a90d69179607c5083158f926be6d37f3db18f110
--- a/57
+++ b/57
@ -12,6 +12,9 @@ command="$0 $*"
 usage="\
 Usage: $0 [OPTION]... [VAR=VALUE]...
  -h, --help                    display this help and exit
  --show-config                 display the most relevant config parameters of an existing build
  Build Options:
    --cmake=PATH                custom path to a CMake binary
    --builddir=DIR              place build files in directory [build]
@ -149,42 +152,10 @@ append_cache_entry() {
    CMakeCacheEntries="$CMakeCacheEntries -D $1:$2=$3"
 }
 # Function to remove a CMake cache entry definition from the
 # CMakeCacheEntries variable
 #   $1 is the cache entry variable name
 remove_cache_entry() {
    CMakeCacheEntries="$CMakeCacheEntries -U $1"
    # Even with -U, cmake still warns by default if
    # added previously with -D.
    CMakeCacheEntries="$CMakeCacheEntries --no-warn-unused-cli"
 }
 # set defaults
 builddir=build
 prefix=/usr/local/zeek
 CMakeCacheEntries=""
 display_cmake=0
 append_cache_entry CMAKE_INSTALL_PREFIX PATH $prefix
 append_cache_entry ZEEK_ROOT_DIR PATH $prefix
 append_cache_entry ZEEK_SCRIPT_INSTALL_PATH STRING $prefix/share/zeek
 append_cache_entry ZEEK_ETC_INSTALL_DIR PATH $prefix/etc
 append_cache_entry ENABLE_DEBUG BOOL false
 append_cache_entry ENABLE_PERFTOOLS BOOL false
 append_cache_entry ENABLE_JEMALLOC BOOL false
 append_cache_entry ENABLE_ZEEK_UNIT_TESTS BOOL true
 append_cache_entry BUILD_SHARED_LIBS BOOL true
 append_cache_entry INSTALL_AUX_TOOLS BOOL true
 append_cache_entry INSTALL_BTEST BOOL true
 append_cache_entry INSTALL_BTEST_PCAPS BOOL true
 append_cache_entry INSTALL_ZEEK_ARCHIVER BOOL true
 append_cache_entry INSTALL_ZEEK_CLIENT BOOL true
 append_cache_entry INSTALL_ZEEKCTL BOOL true
 append_cache_entry INSTALL_ZKG BOOL true
 append_cache_entry CPACK_SOURCE_IGNORE_FILES STRING
 append_cache_entry ZEEK_SANITIZERS STRING ""
 append_cache_entry ZEEK_INCLUDE_PLUGINS STRING ""
 append_cache_entry PREALLOCATE_PORT_ARRAY BOOL true
 # parse arguments
 while [ $# -ne 0 ]; do
@ -198,6 +169,14 @@ while [ $# -ne 0 ]; do
            echo "${usage}" 1>&2
            exit 1
            ;;
        --show-config)
            if [ ! -f "$builddir/CMakeCache.txt" ]; then
                echo "Error: no CMake build found under '$builddir'." 1>&2
                exit 1
            fi
            grep -E "^ENABLE_|^ZEEK_|^INSTALL_|^CMAKE_INSTALL_PRE|^CMAKE_C.*_FLAGS|^CMAKE_C.*_COMPILER|^CMAKE_.*_LINKER_FLAGS|^CMAKE_BUILD" "$builddir/CMakeCache.txt" | grep -v ':INTERNAL'
            exit 0
            ;;
        -D)
            shift
            if [ $# -eq 0 ]; then
@ -217,10 +196,6 @@ while [ $# -ne 0 ]; do
            ;;
        --build-type=*)
            append_cache_entry CMAKE_BUILD_TYPE STRING $optarg
            if [ $(echo "$optarg" | tr [:upper:] [:lower:]) = "debug" ]; then
                append_cache_entry ENABLE_DEBUG BOOL true
            fi
            ;;
        --generator=*)
            CMakeGenerator="$optarg"
@ -235,9 +210,7 @@ while [ $# -ne 0 ]; do
            append_cache_entry ZEEK_INCLUDE_PLUGINS STRING \"$optarg\"
            ;;
        --prefix=*)
            prefix=$optarg
            append_cache_entry CMAKE_INSTALL_PREFIX PATH $optarg
            append_cache_entry ZEEK_ROOT_DIR PATH $optarg
            ;;
        --libdir=*)
            append_cache_entry CMAKE_INSTALL_LIBDIR PATH $optarg
@ -454,14 +427,6 @@ if [ -z "$CMakeCommand" ]; then
    fi
 fi
 if [ "$user_set_scriptdir" != "true" ]; then
    append_cache_entry ZEEK_SCRIPT_INSTALL_PATH STRING $prefix/share/zeek
 fi
 if [ "$user_set_conffilesdir" != "true" ]; then
    append_cache_entry ZEEK_ETC_INSTALL_DIR PATH $prefix/etc
 fi
 if [ -d $builddir ]; then
    # If build directory exists, check if it has a CMake cache
    if [ -f $builddir/CMakeCache.txt ]; then
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit f3f85f68ecec844e5770900aa871361627451ae1
+Subproject commit 6da8036bebf01361acee8b15fc3239ccea3e15b4
--- a/man/CMakeLists.txt
+++ b/man/CMakeLists.txt
@ -1,5 +1,5 @@
-
+install(
-install(DIRECTORY . DESTINATION ${ZEEK_MAN_INSTALL_PATH}/man8 FILES_MATCHING
+    DIRECTORY .
-        PATTERN "*.8"
+    DESTINATION ${ZEEK_MAN_INSTALL_PATH}/man8
-)
+    FILES_MATCHING
-
+    PATTERN "*.8")
--- a/scripts/CMakeLists.txt
+++ b/scripts/CMakeLists.txt
@ -1,22 +1,22 @@
 include(InstallPackageConfigFile)
-install(DIRECTORY ./ DESTINATION ${ZEEK_SCRIPT_INSTALL_PATH} FILES_MATCHING
+install(
-        PATTERN "site/local*" EXCLUDE
+    DIRECTORY ./
-        PATTERN "*.zeek"
+    DESTINATION ${ZEEK_SCRIPT_INSTALL_PATH}
-        PATTERN "*.sig"
+    FILES_MATCHING
-        PATTERN "*.fp"
+    PATTERN "site/local*" EXCLUDE
-)
+    PATTERN "*.zeek"
    PATTERN "*.sig"
    PATTERN "*.fp")
-# Install local script as a config file since it's meant to be modified directly.
+# Install local script as a config file since it's meant to be modified
-InstallPackageConfigFile(
+# directly.
-    ${CMAKE_CURRENT_SOURCE_DIR}/site/local.zeek
+InstallPackageConfigFile(${CMAKE_CURRENT_SOURCE_DIR}/site/local.zeek
-    ${ZEEK_SCRIPT_INSTALL_PATH}/site
+                         ${ZEEK_SCRIPT_INSTALL_PATH}/site local.zeek)
    local.zeek)
 # Substitute values in templated script files, and install them.
-configure_file(
+configure_file(${CMAKE_CURRENT_SOURCE_DIR}/base/misc/installation.zeek.in
-    ${CMAKE_CURRENT_SOURCE_DIR}/base/misc/installation.zeek.in
+               ${CMAKE_CURRENT_BINARY_DIR}/base/misc/installation.zeek @ONLY)
    ${CMAKE_CURRENT_BINARY_DIR}/base/misc/installation.zeek @ONLY)
 install(FILES ${CMAKE_CURRENT_BINARY_DIR}/base/misc/installation.zeek
-    DESTINATION ${ZEEK_SCRIPT_INSTALL_PATH}/base/misc)
+        DESTINATION ${ZEEK_SCRIPT_INSTALL_PATH}/base/misc)
--- a/scripts/base/frameworks/cluster/nodes/logger.zeek
+++ b/scripts/base/frameworks/cluster/nodes/logger.zeek
@ -22,6 +22,32 @@ redef Log::default_rotation_interval = 1 hrs;
 ## Alarm summary mail interval.
 redef Log::default_mail_alarms_interval = 24 hrs;
 ## Generic log metadata rendered into the filename that zeek-archiver may interpret.
 ## This is populated with a log_suffix entry within zeek_init() when multiple
 ## logger nodes are defined in cluster-layout.zeek.
 global log_metadata: table[string] of string;
 ## Encode the given table as zeek-archiver understood metadata part.
 function encode_log_metadata(tbl: table[string] of string): string
 	{
 	local metadata_vec: vector of string;
 	for ( k, v in log_metadata )
 		{
 		if ( |v| == 0 )  # Assume concious decision to skip this entry.
 			next;
 		if ( /[,=]/ in k || /[,=]/ in v )
 			{
 			Reporter::warning(fmt("Invalid log_metadata: k='%s' v='%s'", k, v));
 			next;
 			}
 		metadata_vec += fmt("%s=%s", strip(k), strip(v));
 		}
 	return join_string_vec(metadata_vec, ",");
 	}
 ## This function will rotate logs in a format compatible with zeek-archiver.
 ## If you're using the Supervisor framework, this function will be used,
 ## if not, you can set :zeek:see:`Log::rotation_format_func` to this function.
@ -30,6 +56,10 @@ function archiver_rotation_format_func(ri: Log::RotationFmtInfo): Log::RotationP
 	local open_str = strftime(Log::default_rotation_date_format, ri$open);
 	local close_str = strftime(Log::default_rotation_date_format, ri$close);
 	local base = fmt("%s__%s__%s__", ri$path, open_str, close_str);
 	if ( |log_metadata| > 0 )
 		base = fmt("%s%s__", base, encode_log_metadata(log_metadata));
 	local rval = Log::RotationPath($file_basename=base);
 	return rval;
 	}
@ -42,6 +72,14 @@ redef Log::rotation_format_func = archiver_rotation_format_func;
 redef LogAscii::enable_leftover_log_rotation = T;
 event zeek_init()
 	{
 	if ( "log_suffix" in log_metadata )
 		return;
 	if ( Cluster::get_node_count(Cluster::LOGGER) > 1 )
 		log_metadata["log_suffix"] = Cluster::node;
 	}
@else
 ## Use the cluster's archive logging script.
--- a/scripts/base/frameworks/notice/weird.zeek
+++ b/scripts/base/frameworks/notice/weird.zeek
@ -210,6 +210,7 @@ export {
 		["spontaneous_FIN"]                     = ACTION_IGNORE,
 		["spontaneous_RST"]                     = ACTION_IGNORE,
 		["SMB_parsing_error"]                   = ACTION_LOG,
 		["SMB_discarded_messages_state"]        = ACTION_LOG,
 		["no_smb_session_using_parsesambamsg"]  = ACTION_LOG,
 		["smb_andx_command_failed_to_parse"]    = ACTION_LOG,
 		["smb_tree_connect_andx_response_without_tree"] = ACTION_LOG_PER_CONN,
--- a/scripts/base/init-bare.zeek
+++ b/scripts/base/init-bare.zeek
@ -1094,6 +1094,14 @@ type entropy_test_result: record {
 	serial_correlation: double;	##< Serial correlation coefficient.
 };
 ## Return type for from_json BIF.
 ##
 ## .. zeek:see:: from_json
 type from_json_result: record { 
 	v: any &optional;	##< Parsed value.
 	valid: bool;	##< True if parsing was successful.
 };
 # TCP values for :zeek:see:`endpoint` *state* field.
 # todo:: these should go into an enum to make them autodoc'able.
 const TCP_INACTIVE = 0;	##< Endpoint is still inactive.
@ -2988,6 +2996,16 @@ export {
 	##
 	## .. zeek:see:: smb_pipe_connect_heuristic
 	const SMB::pipe_filenames: set[string] &redef;
 	## The maximum number of messages for which to retain state
 	## about offsets, fids, or tree ids within the parser. When
 	## the limit is reached, internal parser state is discarded
 	## and :zeek:see:`smb2_discarded_messages_state` raised.
 	##
 	## Setting this to zero will disable the functionality.
 	##
 	## .. zeek:see:: smb2_discarded_messages_state
 	const SMB::max_pending_messages = 1000 &redef;
 }
 module SMB1;
--- a/scripts/base/protocols/smb/main.zeek
+++ b/scripts/base/protocols/smb/main.zeek
@ -44,6 +44,13 @@ export {
 		PRINT_CLOSE,
 	};
 	## Whether to reset a connection's SMB script state whenever a
 	## :zeek:see:`smb2_discarded_messages_state` event is raised.
 	##
 	## This setting protects from unbounded script state growth in
 	## environments with high capture loss or traffic anomalies.
 	option enable_clear_script_state = T;
 	## This record is for the smb_files.log
 	type FileInfo: record {
 		## Time when the file was first discovered.
--- a/scripts/base/protocols/smb/smb2-main.zeek
+++ b/scripts/base/protocols/smb/smb2-main.zeek
@ -1,3 +1,5 @@
@load base/frameworks/notice/weird
@load ./main
 module SMB2;
@ -344,3 +346,25 @@ event smb2_close_request(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID)
 		#Reporter::warning("attempting to close an unknown file!");
 		}
 	}
 event smb2_discarded_messages_state(c: connection, state: string)
 	{
 	if ( ! c?$smb_state )
 		return;
 	local addl = fmt("state=%s fid_map=%s tid_map=%s pending_cmds=%s pipe_map=%s",
 	                 state, |c$smb_state$fid_map|, |c$smb_state$tid_map|,
 	                 |c$smb_state$pending_cmds|, |c$smb_state$pipe_map|);
 	Reporter::conn_weird("SMB_discarded_messages_state", c, addl, "SMB2");
 	if ( ! SMB::enable_clear_script_state )
 		return;
 	# Wipe out script-level state for this connection.
 	c$smb_state$fid_map = table();
 	c$smb_state$pending_cmds = table();
 	# Not expected to grow overly large and the original
 	# zeek-smb-clear-state package didn't reset these either.
 	# c$smb_state$tid_map = table();
 	# c$smb_state$pipe_map = table();
 	}
--- a/scripts/base/protocols/ssl/ct-list.zeek
+++ b/scripts/base/protocols/ssl/ct-list.zeek
@ -1,44 +1,35 @@
 #
 # Do not edit this file. This file is automatically generated by gen-ct-list.pl
-# File generated at Thu Oct  6 13:17:02 2022
+# File generated at Wed May  3 10:30:21 2023
 # File generated from https://www.gstatic.com/ct/log_list/v3/log_list.json
-# Source file generated at: 2022-10-05T12:55:24Z
+# Source file generated at: 2023-05-02T12:55:51Z
-# Source file version: 13.6
+# Source file version: 20.60
 #
@load base/protocols/ssl
 module SSL;
 redef ct_logs += {
 ["\x29\x79\xbe\xf0\x9e\x39\x39\x21\xf0\x56\x73\x9f\x63\xa5\x77\xe5\xbe\x57\x7d\x9c\x60\x0a\xf8\xf9\x4d\x5d\x26\x5c\x25\x5d\xc7\x84"] = CTInfo($description="Google 'Argon2022' log", $operator="Google", $url="https://ct.googleapis.com/logs/argon2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x78\x83\xdc\xe9\xf1\xa6\xb8\x18\x3a\x00\x99\x2f\xff\x3e\xcd\x15\xc9\x26\x1e\xf7\xff\x3a\xa9\xa3\x72\x16\x49\xeb\x09\xb6\xa8\xdd\xb4\xd2\x47\x91\x0e\x0d\xf9\xd9\xd5\xa9\x8b\xb0\x87\x9d\x25\x79\xd4\x1a\x50\x60\x08\xf5\x09\x06\x39\x26\xe4\x40\xc2\xba\xc3\xc2"),
 ["\xe8\x3e\xd0\xda\x3e\xf5\x06\x35\x32\xe7\x57\x28\xbc\x89\x6b\xc9\x03\xd3\xcb\xd1\x11\x6b\xec\xeb\x69\xe1\x77\x7d\x6d\x06\xbd\x6e"] = CTInfo($description="Google 'Argon2023' log", $operator="Google", $url="https://ct.googleapis.com/logs/argon2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd0\x90\x8f\x64\x52\x4e\x42\xac\x84\xb6\x2e\x4c\xf2\x3d\x77\x00\xb3\x77\x08\x05\x47\xaa\x45\x4c\xe3\x2c\x8e\x70\xa5\x82\xbb\x6c\xb2\x7b\x9c\x98\x7a\xa0\xe9\x11\x76\x28\x00\xb2\x20\xb4\xcd\xd3\x98\x7b\x4d\x96\x27\xe6\xb7\xee\x22\x6a\xd1\xb0\x2e\x91\x77\x78"),
 ["\xee\xcd\xd0\x64\xd5\xdb\x1a\xce\xc5\x5c\xb7\x9d\xb4\xcd\x13\xa2\x32\x87\x46\x7c\xbc\xec\xde\xc3\x51\x48\x59\x46\x71\x1f\xb5\x9b"] = CTInfo($description="Google 'Argon2024' log", $operator="Google", $url="https://ct.googleapis.com/logs/us1/argon2024/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x1d\xb9\x6c\xa9\xcb\x69\x94\xc5\x5c\xe6\xb6\xa6\x03\xbb\xd2\xb8\xdc\x54\x43\x17\x28\x99\x0c\x06\x01\x50\x1d\x9d\x64\xc0\x59\x46\x2b\xdc\xc8\x03\x1d\x05\xb4\x2d\xa8\x09\xf7\x99\x41\xed\x04\xfb\xe5\x57\xba\x26\x04\xf6\x11\x52\xce\x14\x65\x3b\x2f\x76\x2b\xc0"),
 ["\x46\xa5\x55\xeb\x75\xfa\x91\x20\x30\xb5\xa2\x89\x69\xf4\xf3\x7d\x11\x2c\x41\x74\xbe\xfd\x49\xb8\x85\xab\xf2\xfc\x70\xfe\x6d\x47"] = CTInfo($description="Google 'Xenon2022' log", $operator="Google", $url="https://ct.googleapis.com/logs/xenon2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xf9\x64\xbd\x15\x2c\x40\x62\x50\x95\x13\x38\x3c\xc7\x21\xb0\x3a\xb9\x8f\xa2\x7a\x15\xd7\x89\xd6\x8e\x31\x13\x00\x87\x59\xbc\xbb\xee\x90\xfc\xc8\x58\x13\x0a\xbf\xab\x43\x36\x54\x23\xa4\x81\xcd\xad\x47\x14\xb7\x58\xa0\x44\xfa\x6a\xa0\xa0\xd7\xc3\x63\x1e\x2b"),
 ["\xad\xf7\xbe\xfa\x7c\xff\x10\xc8\x8b\x9d\x3d\x9c\x1e\x3e\x18\x6a\xb4\x67\x29\x5d\xcf\xb1\x0c\x24\xca\x85\x86\x34\xeb\xdc\x82\x8a"] = CTInfo($description="Google 'Xenon2023' log", $operator="Google", $url="https://ct.googleapis.com/logs/xenon2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x72\x16\x3e\x0b\xef\xef\xce\x3e\x60\xdd\x95\xcb\x63\x7a\xb9\xa9\x8d\x4a\x6f\x6c\xdc\x61\x80\xa6\x45\x5e\x2f\x83\xac\x94\xf3\x85\x88\xd0\xa5\x74\xd0\x7b\x8e\xff\xc5\xee\x42\xa2\xf0\x2d\x93\xe3\xc2\xd0\xb2\x99\xe2\xe1\x42\xe9\xd2\xc6\x00\x27\x69\x74\xae\xce"),
 ["\x76\xff\x88\x3f\x0a\xb6\xfb\x95\x51\xc2\x61\xcc\xf5\x87\xba\x34\xb4\xa4\xcd\xbb\x29\xdc\x68\x42\x0a\x9f\xe6\x67\x4c\x5a\x3a\x74"] = CTInfo($description="Google 'Xenon2024' log", $operator="Google", $url="https://ct.googleapis.com/logs/eu1/xenon2024/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xb9\x60\xe0\x34\x1e\x35\xe4\x65\x00\x93\x4f\x90\x09\xbd\x5a\xec\x44\xdd\x8c\x0f\xce\xed\x11\x3e\x2a\x59\x46\x9a\x31\xb6\xc7\x99\xf7\xdc\xef\x3d\xcd\x8f\x86\xc2\x35\xa5\x3e\xdc\x29\xba\xbb\xf2\x54\xe2\xa8\x0c\x83\x08\x51\x06\xde\x21\x6d\x36\x50\x8e\x38\x4d"),
 ["\x29\x3c\x51\x96\x54\xc8\x39\x65\xba\xaa\x50\xfc\x58\x07\xd4\xb7\x6f\xbf\x58\x7a\x29\x72\xdc\xa4\xc3\x0c\xf4\xe5\x45\x47\xf4\x78"] = CTInfo($description="Google 'Icarus' log", $operator="Google", $url="https://ct.googleapis.com/icarus/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x4e\xd2\xbc\xbf\xb3\x08\x0a\xf7\xb9\xea\xa4\xc7\x1c\x38\x61\x04\xeb\x95\xe0\x89\x54\x68\x44\xb1\x66\xbc\x82\x7e\x4f\x50\x6c\x6f\x5c\xa3\xf0\xaa\x3e\xf4\xec\x80\xf0\xdb\x0a\x9a\x7a\xa0\x5b\x72\x00\x7c\x25\x0e\x19\xef\xaf\xb2\x62\x8d\x74\x43\xf4\x26\xf6\x14"),
 ["\xa4\xb9\x09\x90\xb4\x18\x58\x14\x87\xbb\x13\xa2\xcc\x67\x70\x0a\x3c\x35\x98\x04\xf9\x1b\xdf\xb8\xe3\x77\xcd\x0e\xc8\x0d\xdc\x10"] = CTInfo($description="Google 'Pilot' log", $operator="Google", $url="https://ct.googleapis.com/pilot/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x7d\xa8\x4b\x12\x29\x80\xa3\x3d\xad\xd3\x5a\x77\xb8\xcc\xe2\x88\xb3\xa5\xfd\xf1\xd3\x0c\xcd\x18\x0c\xe8\x41\x46\xe8\x81\x01\x1b\x15\xe1\x4b\xf1\x1b\x62\xdd\x36\x0a\x08\x18\xba\xed\x0b\x35\x84\xd0\x9e\x40\x3c\x2d\x9e\x9b\x82\x65\xbd\x1f\x04\x10\x41\x4c\xa0"),
 ["\xee\x4b\xbd\xb7\x75\xce\x60\xba\xe1\x42\x69\x1f\xab\xe1\x9e\x66\xa3\x0f\x7e\x5f\xb0\x72\xd8\x83\x00\xc4\x7b\x89\x7a\xa8\xfd\xcb"] = CTInfo($description="Google 'Rocketeer' log", $operator="Google", $url="https://ct.googleapis.com/rocketeer/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x20\x5b\x18\xc8\x3c\xc1\x8b\xb3\x31\x08\x00\xbf\xa0\x90\x57\x2b\xb7\x47\x8c\x6f\xb5\x68\xb0\x8e\x90\x78\xe9\xa0\x73\xea\x4f\x28\x21\x2e\x9c\xc0\xf4\x16\x1b\xaa\xf9\xd5\xd7\xa9\x80\xc3\x4e\x2f\x52\x3c\x98\x01\x25\x46\x24\x25\x28\x23\x77\x2d\x05\xc2\x40\x7a"),
 ["\xbb\xd9\xdf\xbc\x1f\x8a\x71\xb5\x93\x94\x23\x97\xaa\x92\x7b\x47\x38\x57\x95\x0a\xab\x52\xe8\x1a\x90\x96\x64\x36\x8e\x1e\xd1\x85"] = CTInfo($description="Google 'Skydiver' log", $operator="Google", $url="https://ct.googleapis.com/skydiver/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x12\x6c\x86\x0e\xf6\x17\xb1\x12\x6c\x37\x25\xd2\xad\x87\x3d\x0e\x31\xec\x21\xad\xb1\xcd\xbe\x14\x47\xb6\x71\x56\x85\x7a\x9a\xb7\x3d\x89\x90\x7b\xc6\x32\x3a\xf8\xda\xce\x8b\x01\xfe\x3f\xfc\x71\x91\x19\x8e\x14\x6e\x89\x7a\x5d\xb4\xab\x7e\xe1\x4e\x1e\x7c\xac"),
 ["\x41\xc8\xca\xb1\xdf\x22\x46\x4a\x10\xc6\xa1\x3a\x09\x42\x87\x5e\x4e\x31\x8b\x1b\x03\xeb\xeb\x4b\xc7\x68\xf0\x90\x62\x96\x06\xf6"] = CTInfo($description="Cloudflare 'Nimbus2022' Log", $operator="Cloudflare", $url="https://ct.cloudflare.com/logs/nimbus2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x48\xb2\x47\x4e\x50\x32\x72\x62\x4a\x0d\x0c\x48\xbf\xad\x29\x64\x6f\x20\xdf\x79\x52\x63\x16\x29\x0a\x2e\x60\xb5\xe2\x3a\x1c\xb7\xaf\x59\xb1\x55\x09\xdb\x59\xc7\xe9\xbd\x6f\xed\x0b\xaf\x05\x96\x97\xff\x3b\x9a\x43\x4d\xeb\x11\x34\x33\x8a\xe7\xac\x83\xc0\xff"),
 ["\x7a\x32\x8c\x54\xd8\xb7\x2d\xb6\x20\xea\x38\xe0\x52\x1e\xe9\x84\x16\x70\x32\x13\x85\x4d\x3b\xd2\x2b\xc1\x3a\x57\xa3\x52\xeb\x52"] = CTInfo($description="Cloudflare 'Nimbus2023' Log", $operator="Cloudflare", $url="https://ct.cloudflare.com/logs/nimbus2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x8b\xff\x2d\x92\x18\xcb\x46\x9d\x12\x5e\xb9\x59\x75\x3c\xcd\x91\x37\x7a\x1e\xa9\x9c\x99\x78\x83\x27\x3d\xdf\x01\xd5\x8b\x80\xe8\x63\x9a\xfe\x26\xa2\x1b\xd1\x87\x05\xee\x97\xd6\xe0\x5b\x43\x83\x81\x1c\x02\xf5\x41\x80\x80\x7f\xef\xa4\x61\xcf\xbc\x84\xb5\xa8"),
 ["\xda\xb6\xbf\x6b\x3f\xb5\xb6\x22\x9f\x9b\xc2\xbb\x5c\x6b\xe8\x70\x91\x71\x6c\xbb\x51\x84\x85\x34\xbd\xa4\x3d\x30\x48\xd7\xfb\xab"] = CTInfo($description="Cloudflare 'Nimbus2024' Log", $operator="Cloudflare", $url="https://ct.cloudflare.com/logs/nimbus2024/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x77\xb1\x9b\x7b\x8f\xe6\x8b\x35\xfe\x3a\x92\x29\x2d\xac\x8a\x8d\x51\x8a\x25\xfc\x93\xb6\xd7\xa0\x8b\x29\x37\x71\x1d\x33\xca\xcc\x33\xea\x28\xb9\x1f\xe2\xac\xc3\xa9\x5d\xdd\x97\xbe\xf6\x9e\x94\x25\xdd\x36\x81\xd1\xeb\x5d\x29\xc3\x2b\x44\xf1\x5b\xca\x15\x48"),
 ["\x56\x14\x06\x9a\x2f\xd7\xc2\xec\xd3\xf5\xe1\xbd\x44\xb2\x3e\xc7\x46\x76\xb9\xbc\x99\x11\x5c\xc0\xef\x94\x98\x55\xd6\x89\xd0\xdd"] = CTInfo($description="DigiCert Log Server", $operator="DigiCert", $url="https://ct1.digicert-ct.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x02\x46\xc5\xbe\x1b\xbb\x82\x40\x16\xe8\xc1\xd2\xac\x19\x69\x13\x59\xf8\xf8\x70\x85\x46\x40\xb9\x38\xb0\x23\x82\xa8\x64\x4c\x7f\xbf\xbb\x34\x9f\x4a\x5f\x28\x8a\xcf\x19\xc4\x00\xf6\x36\x06\x93\x65\xed\x4c\xf5\xa9\x21\x62\x5a\xd8\x91\xeb\x38\x24\x40\xac\xe8"),
 ["\x87\x75\xbf\xe7\x59\x7c\xf8\x8c\x43\x99\x5f\xbd\xf3\x6e\xff\x56\x8d\x47\x56\x36\xff\x4a\xb5\x60\xc1\xb4\xea\xff\x5e\xa0\x83\x0f"] = CTInfo($description="DigiCert Log Server 2", $operator="DigiCert", $url="https://ct2.digicert-ct.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xcc\x5d\x39\x2f\x66\xb8\x4c\x7f\xc1\x2e\x03\xa1\x34\xa3\xe8\x8a\x86\x02\xae\x4a\x11\xc6\xf7\x26\x6a\x37\x9b\xf0\x38\xf8\x5d\x09\x8d\x63\xe8\x31\x6b\x86\x66\xcf\x79\xb3\x25\x3c\x1e\xdf\x78\xb4\xa8\xc5\x69\xfa\xb7\xf0\x82\x79\x62\x43\xf6\xcc\xfe\x81\x66\x84"),
 ["\x22\x45\x45\x07\x59\x55\x24\x56\x96\x3f\xa1\x2f\xf1\xf7\x6d\x86\xe0\x23\x26\x63\xad\xc0\x4b\x7f\x5d\xc6\x83\x5c\x6e\xe2\x0f\x02"] = CTInfo($description="DigiCert Yeti2022 Log", $operator="DigiCert", $url="https://yeti2022.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x9f\xf8\xd8\x1d\xde\xfb\x5b\x51\xb5\xfb\x5d\xf5\xb5\xde\x66\x11\xb0\x9d\x5f\xfd\x6f\xfc\xa8\x98\x5b\x98\x4f\x2d\xc3\x91\x3a\xfb\xfe\xc4\x0f\x0d\xc3\x60\x43\x8c\x1e\xf2\xf9\x11\xb2\xba\xd0\xf6\xbc\xa5\xd2\xb6\x9f\xf9\x5c\x87\xa2\x7d\xfc\xd4\x7d\xd6\x13\x26"),
 ["\x35\xcf\x19\x1b\xbf\xb1\x6c\x57\xbf\x0f\xad\x4c\x6d\x42\xcb\xbb\xb6\x27\x20\x26\x51\xea\x3f\xe1\x2a\xef\xa8\x03\xc3\x3b\xd6\x4c"] = CTInfo($description="DigiCert Yeti2023 Log", $operator="DigiCert", $url="https://yeti2023.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x7d\x0d\x03\xb1\xd5\x98\x8a\xdc\xf0\x15\x3b\xc6\xdc\x5e\x0d\x6e\x3f\x0d\xbf\x95\xc8\x55\x8c\xd0\xa6\x4c\x96\xb1\x4e\x27\xb9\x26\x25\x99\xcc\x2b\x02\x9e\xa6\xd3\xdd\x9f\xb1\xd5\xc4\xc3\xac\x35\x04\x07\x87\x97\x36\xaa\xad\x28\x0d\x7f\x2b\xd9\x68\x9f\x72\xd1"),
 ["\x48\xb0\xe3\x6b\xda\xa6\x47\x34\x0f\xe5\x6a\x02\xfa\x9d\x30\xeb\x1c\x52\x01\xcb\x56\xdd\x2c\x81\xd9\xbb\xbf\xab\x39\xd8\x84\x73"] = CTInfo($description="DigiCert Yeti2024 Log", $operator="DigiCert", $url="https://yeti2024.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x57\xb8\xc1\x6f\x30\xa4\x7f\x2e\xe4\xf0\xd0\xd9\x60\x62\x13\x95\xe3\x7a\xe3\x4e\x53\xc3\xb3\xb8\x73\x85\xc1\x18\x0d\x23\x0e\x58\x84\xd2\x78\xef\x9b\xb3\x1e\x2c\x1a\xde\xc1\x8f\x81\x1b\x19\x44\x58\xb7\x00\x77\x60\x20\x1a\x72\xd8\x82\xde\xae\x9e\xb1\xc6\x4b"),
 ["\x7d\x59\x1e\x12\xe1\x78\x2a\x7b\x1c\x61\x67\x7c\x5e\xfd\xf8\xd0\x87\x5c\x14\xa0\x4e\x95\x9e\xb9\x03\x2f\xd9\x0e\x8c\x2e\x79\xb8"] = CTInfo($description="DigiCert Yeti2025 Log", $operator="DigiCert", $url="https://yeti2025.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xdf\x95\x00\x5e\x10\xc1\x01\xf7\x37\xe3\x10\x74\xd1\xff\xb2\xca\x90\xed\x32\x99\x5f\x0c\x39\xfe\xa1\xd1\x13\x11\xac\xd1\xb3\x73\x93\x20\xc2\x13\x3c\x4c\xb5\x7a\x52\x86\x86\x3d\xe3\x95\x24\x7c\xd8\x91\x98\x48\x3b\xf0\xf0\xdf\x21\xf1\xb0\x81\x5a\x59\x25\x43"),
 ["\x51\xa3\xb0\xf5\xfd\x01\x79\x9c\x56\x6d\xb8\x37\x78\x8f\x0c\xa4\x7a\xcc\x1b\x27\xcb\xf7\x9e\x88\x42\x9a\x0d\xfe\xd4\x8b\x05\xe5"] = CTInfo($description="DigiCert Nessie2022 Log", $operator="DigiCert", $url="https://nessie2022.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x27\x24\xdd\x68\x03\x28\xcb\xfe\x63\xbe\x0e\x11\x47\x4d\x7d\x17\x68\xa1\x11\x5d\x4c\x71\xc9\x41\x28\xc7\xb6\xa2\x4b\x97\xec\xc0\xaf\xfc\x2f\x3b\xbf\xe9\xf1\xb1\xfc\xf5\x01\xff\xa9\xfb\x49\x40\x0c\x63\x24\x98\xd7\x79\x2e\xa6\x55\xab\x16\xc6\xbe\x51\xd8\x71"),
 ["\xb3\x73\x77\x07\xe1\x84\x50\xf8\x63\x86\xd6\x05\xa9\xdc\x11\x09\x4a\x79\x2d\xb1\x67\x0c\x0b\x87\xdc\xf0\x03\x0e\x79\x36\xa5\x9a"] = CTInfo($description="DigiCert Nessie2023 Log", $operator="DigiCert", $url="https://nessie2023.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x11\x7b\xbc\x89\x0c\x12\x09\x14\x9f\xd8\x26\xc8\x4c\x6a\x54\xa4\x1b\x45\x56\xdf\x3e\x23\x42\x14\xd1\xdd\x42\xdf\xa2\xdf\x7b\x5f\x9f\x6f\x07\x5a\x23\x46\x79\x16\x4b\x5f\x33\x67\xc1\xa0\x8d\x5b\x5c\x17\x75\xf2\x4d\xa0\x80\xa1\x98\x1a\x07\x59\x06\x02\xca\x4e"),
 ["\x73\xd9\x9e\x89\x1b\x4c\x96\x78\xa0\x20\x7d\x47\x9d\xe6\xb2\xc6\x1c\xd0\x51\x5e\x71\x19\x2a\x8c\x6b\x80\x10\x7a\xc1\x77\x72\xb5"] = CTInfo($description="DigiCert Nessie2024 Log", $operator="DigiCert", $url="https://nessie2024.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x2d\xfc\xa2\x7b\x36\xbf\x56\x91\xe9\xfe\x3f\xe8\x3d\xfc\xc3\xa7\xe0\x61\x52\xea\x2c\xe9\x05\xa3\x9f\x27\x17\x81\x05\x70\x6b\x81\x61\x44\x8a\xf8\x3b\x10\x80\x42\xed\x03\x2f\x00\x50\x21\xfc\x41\x54\x84\xa3\x54\xd5\x2e\xb2\x7a\x16\x4b\x2a\x1f\x2b\x66\x04\x2b"),
 ["\xe6\xd2\x31\x63\x40\x77\x8c\xc1\x10\x41\x06\xd7\x71\xb9\xce\xc1\xd2\x40\xf6\x96\x84\x86\xfb\xba\x87\x32\x1d\xfd\x1e\x37\x8e\x50"] = CTInfo($description="DigiCert Nessie2025 Log", $operator="DigiCert", $url="https://nessie2025.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xf2\xf0\xf0\xa7\x8b\x81\x2e\x09\x39\x3b\x9f\x42\xda\x38\x44\x5f\xb4\xcc\xed\x36\xbb\xd8\x43\x7f\x16\x49\x57\x87\x04\x7f\xa5\x01\x34\xf7\xe8\x68\x3f\xb7\x78\x1f\x60\x66\x2d\x67\x9a\x75\x80\xb7\x53\xa7\x85\xd5\xbc\xab\x47\x06\x55\xdb\xb5\xdf\x88\xa1\x6f\x38"),
 ["\x05\x9c\x01\xd3\x20\xe0\x07\x84\x13\x95\x80\x49\x8d\x11\x7c\x90\x32\x66\xaf\xaf\x72\x50\xb5\xaf\x3b\x46\xa4\x3e\x11\x84\x0d\x4a"] = CTInfo($description="DigiCert Yeti2022-2 Log", $operator="DigiCert", $url="https://yeti2022-2.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x1d\x69\x5e\x3f\x0a\xf2\x71\x77\xcd\x9d\x5d\xc3\x34\x49\x00\xee\x60\x77\xe1\x72\x76\x74\xa8\x7c\x5c\x7d\x09\xf2\x32\x1d\x05\x7e\x2e\xfe\x5b\x31\xd5\x3a\xfd\x73\x34\x6e\x49\x14\x4e\x50\x58\x96\x5a\xc4\xc7\xf4\xbe\x05\x64\xa4\xf7\xd7\xe5\xb1\x6d\x33\x0c\xc3"),
 ["\x55\x81\xd4\xc2\x16\x90\x36\x01\x4a\xea\x0b\x9b\x57\x3c\x53\xf0\xc0\xe4\x38\x78\x70\x25\x08\x17\x2f\xa3\xaa\x1d\x07\x13\xd3\x0c"] = CTInfo($description="Sectigo 'Sabre' CT log", $operator="Sectigo", $url="https://sabre.ct.comodo.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xf2\x6f\xd2\x89\x0f\x3f\xc5\xf8\x87\x1e\xab\x65\xb3\xd9\xbb\x17\x23\x8c\x06\x0e\x09\x55\x96\x3d\x0a\x08\xa2\xc5\x71\xb3\xd1\xa9\x2f\x28\x3e\x83\x10\xbf\x12\xd0\x44\x66\x15\xef\x54\xe1\x98\x80\xd0\xce\x24\x6d\x3e\x67\x9a\xe9\x37\x23\xce\x52\x93\x86\xda\x80"),
 ["\x6f\x53\x76\xac\x31\xf0\x31\x19\xd8\x99\x00\xa4\x51\x15\xff\x77\x15\x1c\x11\xd9\x02\xc1\x00\x29\x06\x8d\xb2\x08\x9a\x37\xd9\x13"] = CTInfo($description="Sectigo 'Mammoth' CT log", $operator="Sectigo", $url="https://mammoth.ct.comodo.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xef\xe4\x7d\x74\x2e\x15\x15\xb6\xe9\xbb\x23\x8b\xfb\x2c\xb5\xe1\xc7\x80\x98\x47\xfb\x40\x69\x68\xfc\x49\xad\x61\x4e\x83\x47\x3c\x1a\xb7\x8d\xdf\xff\x7b\x30\xb4\xba\xff\x2f\xcb\xa0\x14\xe3\xad\xd5\x85\x3f\x44\x59\x8c\x8c\x60\x8b\xd7\xb8\xb1\xbf\xae\x8c\x67"),
 ["\xdf\xa5\x5e\xab\x68\x82\x4f\x1f\x6c\xad\xee\xb8\x5f\x4e\x3e\x5a\xea\xcd\xa2\x12\xa4\x6a\x5e\x8e\x3b\x12\xc0\x20\x44\x5c\x2a\x73"] = CTInfo($description="Let's Encrypt 'Oak2022' log", $operator="Let's Encrypt", $url="https://oak.ct.letsencrypt.org/2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x86\x3c\xb1\x0d\x52\x23\x5a\xde\x6e\xf6\xc0\x7f\xa3\x64\xbc\xad\xc1\x89\xda\x97\x59\x4c\x60\x3c\xf8\x8a\x57\x84\x8f\xed\xbc\xa0\x63\x12\x51\x84\xe6\xbd\xdd\x7b\x8c\x80\x7d\xe3\x8f\x86\xa4\xea\xa9\xcf\xa8\xee\xf3\xe0\x5e\x70\xe0\xbb\xf6\xbd\xfc\x1f\x91\x2e"),
 ["\xb7\x3e\xfb\x24\xdf\x9c\x4d\xba\x75\xf2\x39\xc5\xba\x58\xf4\x6c\x5d\xfc\x42\xcf\x7a\x9f\x35\xc4\x9e\x1d\x09\x81\x25\xed\xb4\x99"] = CTInfo($description="Let's Encrypt 'Oak2023' log", $operator="Let's Encrypt", $url="https://oak.ct.letsencrypt.org/2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xb3\x3d\x0e\x78\xbe\xe3\xad\x5c\x44\x5c\x9b\xbe\xa3\x84\x16\x41\x82\xca\xca\x89\x17\x1e\x23\xce\x38\xa5\x54\x2f\x7f\xd3\x34\x51\x6a\xb9\x5c\xc3\x49\xea\xfb\x91\x9d\xe0\x8a\x3c\x73\x06\x9f\x7c\x65\x38\x11\x80\xc4\x9a\x5a\x00\xa6\x67\xc3\x83\xef\x89\x85\x51"),
 ["\x3b\x53\x77\x75\x3e\x2d\xb9\x80\x4e\x8b\x30\x5b\x06\xfe\x40\x3b\x67\xd8\x4f\xc3\xf4\xc7\xbd\x00\x0d\x2d\x72\x6f\xe1\xfa\xd4\x17"] = CTInfo($description="Let's Encrypt 'Oak2024H1' log", $operator="Let's Encrypt", $url="https://oak.ct.letsencrypt.org/2024h1/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x56\x43\xd7\x7e\x7b\xd4\x72\xb7\xba\xa9\x51\xbd\x36\x93\xb7\xe9\xb5\x92\x0f\xea\x5e\xb7\x45\xa3\x92\xfd\xc9\xa5\x3c\x80\xac\x1a\x20\xef\x25\x2f\xb8\xe1\x20\xf7\xa8\x3a\x2e\x07\x8d\xe6\xeb\xa4\xe2\x7d\x24\x63\x9f\x46\xbf\x94\x73\x52\x8d\x96\xae\xa9\x26\xfd"),
 ["\x3f\x17\x4b\x4f\xd7\x22\x47\x58\x94\x1d\x65\x1c\x84\xbe\x0d\x12\xed\x90\x37\x7f\x1f\x85\x6a\xeb\xc1\xbf\x28\x85\xec\xf8\x64\x6e"] = CTInfo($description="Let's Encrypt 'Oak2024H2' log", $operator="Let's Encrypt", $url="https://oak.ct.letsencrypt.org/2024h2/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd7\x73\xd6\x53\x47\xe9\xf3\xc9\xd5\x7c\x16\xc2\xd6\x8f\x70\x65\xfa\xf2\x51\x36\xa9\x13\x80\x2f\xed\xf9\x94\xd3\x5a\x8b\xe8\x4f\x33\xcf\xc3\xd3\x89\xd4\x5f\x5a\x66\x89\xba\x20\x1f\x71\xcb\xca\xbb\x9f\x9f\xf3\x5c\x2d\x1e\xa3\x81\x59\xaf\x92\xb3\x6d\x30\x68"),
 ["\xc3\x65\xf9\xb3\x65\x4f\x32\x83\xc7\x9d\xa9\x8e\x93\xd7\x41\x8f\x5b\xab\x7b\xe3\x25\x2c\x98\xe1\xd2\xf0\x4b\xb9\xeb\x42\x7d\x23"] = CTInfo($description="Trust Asia Log2022", $operator="TrustAsia", $url="https://ct.trustasia.com/log2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xbb\x52\xf2\x16\xcf\x92\x0b\xce\x79\xe6\x54\x6d\xc2\x37\x53\xa4\xf5\xf9\x3a\xa9\xb3\x05\xec\x1d\xbd\x16\xec\x30\xac\x2e\xf8\x79\x62\x35\x15\x8e\x1a\xd8\x16\x2e\xe4\x48\x6b\xf6\xc6\x13\xf1\x96\x2e\x5c\x10\xfe\x19\x1e\xa8\x18\xb8\x0f\x2d\xc3\xa4\x86\x51\x97"),
 ["\xe8\x7e\xa7\x66\x0b\xc2\x6c\xf6\x00\x2e\xf5\x72\x5d\x3f\xe0\xe3\x31\xb9\x39\x3b\xb9\x2f\xbf\x58\xeb\x3b\x90\x49\xda\xf5\x43\x5a"] = CTInfo($description="Trust Asia Log2023", $operator="TrustAsia", $url="https://ct.trustasia.com/log2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xa4\x11\x52\xdb\x17\x41\x4e\x90\xd4\x56\x51\x12\x30\x52\xf8\x9b\x03\xcf\x4c\x9f\xf8\x2e\x38\xb5\xf1\x5a\xba\xfa\x38\xb9\xd2\x8f\x1a\x81\xda\x95\xcc\x33\xec\x21\x28\x66\xc6\x56\x3e\x60\x36\x21\x20\xd9\xd4\xac\x5d\xfa\x5c\x19\xa1\x05\x7d\xfe\x20\x23\xfc\xf5"),
 ["\x87\x4f\xb5\x0d\xc0\x29\xd9\x93\x1d\xe5\x73\xe9\xf2\x89\x9e\x8e\x45\x33\xb3\x92\xd3\x8b\x0a\x46\x25\x74\xbf\x0f\xee\xb2\xfc\x1e"] = CTInfo($description="Trust Asia Log2024-2", $operator="TrustAsia", $url="https://ct2024.trustasia.com/log2024/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xa7\x64\xe2\x79\x81\x3f\x61\xd7\xec\xc6\xf8\x65\x28\x1d\xa0\xb4\x66\x33\xc3\x25\xd5\x0a\x95\x78\x9c\x8f\xfe\xa4\x2a\xd8\x8f\x7e\x72\xe0\xfe\xa8\x7f\xf8\xb1\x2d\x85\xc0\x8e\x12\x74\x0d\x2f\x8c\xab\xd7\x7f\x7a\x1e\xd9\x84\x33\x39\xe8\xfd\x89\x5f\x96\x48\x08"),
 };
--- a/scripts/base/protocols/ssl/main.zeek
+++ b/scripts/base/protocols/ssl/main.zeek
@ -528,5 +528,9 @@ event analyzer_violation_info(atype: AllAnalyzers::Tag, info: AnalyzerViolationI
 	{
 	if ( atype == Analyzer::ANALYZER_SSL || atype == Analyzer::ANALYZER_DTLS )
 		if ( info$c?$ssl )
-			finish(info$c, T);
+			{
 			# analyzer errored out; prevent us from trying to remove it later
 			delete info$c$ssl$analyzer_id;
 			finish(info$c, F);
 			}
 	}
--- a/scripts/base/protocols/ssl/mozilla-ca-list.zeek
+++ b/scripts/base/protocols/ssl/mozilla-ca-list.zeek
--- a/src/3rdparty
+++ b/src/3rdparty
@ -1 +1 @@
-Subproject commit 58e63b262e542895024c821e791214008604cd55
+Subproject commit 410ada8bbe5839807a459a99c1b77221f790f1be
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@ -1,24 +1,16 @@
-include_directories(BEFORE
+include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR}/include
-                    ${CMAKE_CURRENT_SOURCE_DIR}
+                    ${CMAKE_CURRENT_BINARY_DIR} ${CMAKE_CURRENT_BINARY_DIR}/include)
                    ${CMAKE_CURRENT_SOURCE_DIR}/include
                    ${CMAKE_CURRENT_BINARY_DIR}
                    ${CMAKE_CURRENT_BINARY_DIR}/include
 )
 # Force creation of includes symlink. This can't just be in the src directory
 # because MSVC will end up with an include loop.
-execute_process(COMMAND "${CMAKE_COMMAND}" -E make_directory
+execute_process(COMMAND "${CMAKE_COMMAND}" -E make_directory "${CMAKE_CURRENT_SOURCE_DIR}/include")
-                "${CMAKE_CURRENT_SOURCE_DIR}/include")
+execute_process(COMMAND "${CMAKE_COMMAND}" -E create_symlink ".."
-execute_process(COMMAND "${CMAKE_COMMAND}" -E create_symlink
+                        "${CMAKE_CURRENT_SOURCE_DIR}/include/zeek")
                ".."
                "${CMAKE_CURRENT_SOURCE_DIR}/include/zeek")
 # Allows header file inclusion via zeek/ within the build tree
-execute_process(COMMAND "${CMAKE_COMMAND}" -E make_directory
+execute_process(COMMAND "${CMAKE_COMMAND}" -E make_directory "${CMAKE_CURRENT_BINARY_DIR}/include")
-                "${CMAKE_CURRENT_BINARY_DIR}/include")
+execute_process(COMMAND "${CMAKE_COMMAND}" -E create_symlink ".."
-execute_process(COMMAND "${CMAKE_COMMAND}" -E create_symlink
+                        "${CMAKE_CURRENT_BINARY_DIR}/include/zeek")
                ".."
                "${CMAKE_CURRENT_BINARY_DIR}/include/zeek")
 # Poor man's JSON escaping as this is rendered into a C string.
 string(REPLACE "\"" "\\\"" ZEEK_BUILD_INFO_ESCAPED "${ZEEK_BUILD_INFO}")
@ -26,96 +18,85 @@ string(REPLACE "\n" "\\n" ZEEK_BUILD_INFO_ESCAPED "${ZEEK_BUILD_INFO_ESCAPED}")
 configure_file(version.c.in ${CMAKE_CURRENT_BINARY_DIR}/version.c)
 configure_file(util-config.h.in ${CMAKE_CURRENT_BINARY_DIR}/util-config.h)
-# This creates a custom command to transform a bison output file (inFile)
+# This creates a custom command to transform a bison output file (inFile) into
-# into outFile in order to avoid symbol conflicts:
+# outFile in order to avoid symbol conflicts: - replaces instances of 'yylex' in
-# - replaces instances of 'yylex' in inFile with yylexPrefix
+# inFile with yylexPrefix - replaces instances of 'yy' in inFile with yyPrefix -
-# - replaces instances of 'yy' in inFile with yyPrefix
+# deletes instances of 'extern char.*getenv' in inFile - writes results to
-# - deletes instances of 'extern char.*getenv' in inFile
+# outFile and adds it to list TRANSFORMED_BISON_OUTPUTS
-# - writes results to outFile and adds it to list TRANSFORMED_BISON_OUTPUTS
+macro (REPLACE_YY_PREFIX_TARGET inFile outFile yylexPrefix yyPrefix)
 macro(REPLACE_YY_PREFIX_TARGET inFile outFile yylexPrefix yyPrefix)
    set(args "\"/extern char.*getenv/d")
    set(args "${args}\;s/yylex/${yylexPrefix}lex/")
    set(args "${args}\;s/yy/${yyPrefix}/g\"" < ${inFile} > ${outFile})
-    add_custom_command(OUTPUT ${outFile}
+    add_custom_command(
-                       COMMAND ${SED_EXE}
+        OUTPUT ${outFile}
-                       ARGS ${args}
+        COMMAND ${SED_EXE} ARGS ${args}
-                       DEPENDS ${inFile}
+        DEPENDS ${inFile}
-                       COMMENT "[sed] replacing stuff in ${inFile}"
+        COMMENT "[sed] replacing stuff in ${inFile}")
    )
    list(APPEND TRANSFORMED_BISON_OUTPUTS ${outFile})
-endmacro(REPLACE_YY_PREFIX_TARGET)
+endmacro (REPLACE_YY_PREFIX_TARGET)
-########################################################################
+# ##############################################################################
-## Create targets to generate parser and scanner code
+# Create targets to generate parser and scanner code
 set(BISON_FLAGS "--debug")
-if ( MSVC )
+if (MSVC)
    set(SIGN_COMPARE_FLAG "/wd4018")
-else()
+else ()
    set(SIGN_COMPARE_FLAG "-Wno-sign-compare")
-endif()
+endif ()
 # Rule parser/scanner
-bison_target(RuleParser rule-parse.y
+bison_target(
-             ${CMAKE_CURRENT_BINARY_DIR}/rup.cc
+    RuleParser rule-parse.y ${CMAKE_CURRENT_BINARY_DIR}/rup.cc HEADER
-             HEADER ${CMAKE_CURRENT_BINARY_DIR}/rup.h
+    ${CMAKE_CURRENT_BINARY_DIR}/rup.h
-             #VERBOSE ${CMAKE_CURRENT_BINARY_DIR}/rule_parse.output
+    # VERBOSE ${CMAKE_CURRENT_BINARY_DIR}/rule_parse.output
-             COMPILE_FLAGS "${BISON_FLAGS}")
+    COMPILE_FLAGS "${BISON_FLAGS}")
 replace_yy_prefix_target(${CMAKE_CURRENT_BINARY_DIR}/rup.cc
-                         ${CMAKE_CURRENT_BINARY_DIR}/rule-parse.cc
+                         ${CMAKE_CURRENT_BINARY_DIR}/rule-parse.cc rules_ rules_)
-                         rules_ rules_)
+replace_yy_prefix_target(${CMAKE_CURRENT_BINARY_DIR}/rup.h ${CMAKE_CURRENT_BINARY_DIR}/rule-parse.h
 replace_yy_prefix_target(${CMAKE_CURRENT_BINARY_DIR}/rup.h
                         ${CMAKE_CURRENT_BINARY_DIR}/rule-parse.h
                         rules_ rules_)
 flex_target(RuleScanner rule-scan.l ${CMAKE_CURRENT_BINARY_DIR}/rule-scan.cc
            COMPILE_FLAGS "-Prules_")
 set_property(SOURCE rule-scan.cc APPEND_STRING PROPERTY COMPILE_FLAGS "${SIGN_COMPARE_FLAG}")
 # RE parser/scanner
-bison_target(REParser re-parse.y
+bison_target(
-             ${CMAKE_CURRENT_BINARY_DIR}/rep.cc
+    REParser re-parse.y ${CMAKE_CURRENT_BINARY_DIR}/rep.cc HEADER
-             HEADER ${CMAKE_CURRENT_BINARY_DIR}/re-parse.h
+    ${CMAKE_CURRENT_BINARY_DIR}/re-parse.h
-             #VERBOSE ${CMAKE_CURRENT_BINARY_DIR}/re_parse.output
+    # VERBOSE ${CMAKE_CURRENT_BINARY_DIR}/re_parse.output
-             COMPILE_FLAGS "${BISON_FLAGS}")
+    COMPILE_FLAGS "${BISON_FLAGS}")
-replace_yy_prefix_target(${CMAKE_CURRENT_BINARY_DIR}/rep.cc
+replace_yy_prefix_target(${CMAKE_CURRENT_BINARY_DIR}/rep.cc ${CMAKE_CURRENT_BINARY_DIR}/re-parse.cc
                         ${CMAKE_CURRENT_BINARY_DIR}/re-parse.cc
                         re_ RE_)
-flex_target(REScanner re-scan.l ${CMAKE_CURRENT_BINARY_DIR}/re-scan.cc
+flex_target(REScanner re-scan.l ${CMAKE_CURRENT_BINARY_DIR}/re-scan.cc COMPILE_FLAGS "-Pre_")
            COMPILE_FLAGS "-Pre_")
 add_flex_bison_dependency(REScanner REParser)
 set_property(SOURCE re-scan.cc APPEND_STRING PROPERTY COMPILE_FLAGS "${SIGN_COMPARE_FLAG}")
 # Parser/Scanner
-bison_target(Parser parse.y
+bison_target(
-             ${CMAKE_CURRENT_BINARY_DIR}/p.cc
+    Parser parse.y ${CMAKE_CURRENT_BINARY_DIR}/p.cc HEADER ${CMAKE_CURRENT_BINARY_DIR}/zeekparse.h
-             HEADER ${CMAKE_CURRENT_BINARY_DIR}/zeekparse.h
+    # VERBOSE ${CMAKE_CURRENT_BINARY_DIR}/parse.output
-             #VERBOSE ${CMAKE_CURRENT_BINARY_DIR}/parse.output
+    COMPILE_FLAGS "${BISON_FLAGS}")
-             COMPILE_FLAGS "${BISON_FLAGS}")
+replace_yy_prefix_target(${CMAKE_CURRENT_BINARY_DIR}/p.cc ${CMAKE_CURRENT_BINARY_DIR}/parse.cc zeek
-replace_yy_prefix_target(${CMAKE_CURRENT_BINARY_DIR}/p.cc
+                         yy)
-                         ${CMAKE_CURRENT_BINARY_DIR}/parse.cc
+flex_target(Scanner scan.l ${CMAKE_CURRENT_BINARY_DIR}/scan.cc COMPILE_FLAGS "-Pzeek")
                         zeek yy)
 flex_target(Scanner scan.l ${CMAKE_CURRENT_BINARY_DIR}/scan.cc
            COMPILE_FLAGS "-Pzeek")
 set_property(SOURCE scan.cc APPEND_STRING PROPERTY COMPILE_FLAGS "${SIGN_COMPARE_FLAG}")
 # Add a dependency for the generated files to zeek_autogen_files.
 add_custom_target(
    zeek_bison_outputs
-    DEPENDS
+    DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/parse.cc
-        ${CMAKE_CURRENT_BINARY_DIR}/parse.cc
+            ${CMAKE_CURRENT_BINARY_DIR}/re-parse.cc
-        ${CMAKE_CURRENT_BINARY_DIR}/re-parse.cc
+            ${CMAKE_CURRENT_BINARY_DIR}/re-parse.h
-        ${CMAKE_CURRENT_BINARY_DIR}/re-parse.h
+            ${CMAKE_CURRENT_BINARY_DIR}/re-scan.cc
-        ${CMAKE_CURRENT_BINARY_DIR}/re-scan.cc
+            ${CMAKE_CURRENT_BINARY_DIR}/rule-parse.cc
-        ${CMAKE_CURRENT_BINARY_DIR}/rule-parse.cc
+            ${CMAKE_CURRENT_BINARY_DIR}/rule-parse.h
-        ${CMAKE_CURRENT_BINARY_DIR}/rule-parse.h
+            ${CMAKE_CURRENT_BINARY_DIR}/rule-scan.cc
-        ${CMAKE_CURRENT_BINARY_DIR}/rule-scan.cc
+            ${CMAKE_CURRENT_BINARY_DIR}/scan.cc)
        ${CMAKE_CURRENT_BINARY_DIR}/scan.cc
 )
 add_dependencies(zeek_autogen_files zeek_bison_outputs)
-########################################################################
+# ##############################################################################
-## bifcl-dependent targets
+# bifcl-dependent targets
 include(BifCl)
@ -131,34 +112,30 @@ set(BIF_SRCS
    strings.bif
    reporter.bif
    option.bif
-    # Note: the supervisor BIF file is treated like other top-level BIFs
+    # Note: the supervisor BIF file is treated like other top-level BIFs instead
-    # instead of contained in its own subdirectory CMake logic because
+    # of contained in its own subdirectory CMake logic because subdirectory BIFs
-    # subdirectory BIFs are treated differently and don't support being called
+    # are treated differently and don't support being called *during* parsing
-    # *during* parsing (e.g. within an @if directive).
+    # (e.g. within an @if directive).
    supervisor/supervisor.bif
-    # The packet analysis BIF is treated like other top-level BIFs because
+    # The packet analysis BIF is treated like other top-level BIFs because it's
-    # it's needed before parsing the packet protocol scripts, which happen
+    # needed before parsing the packet protocol scripts, which happen very near
-    # very near to the start of parsing.
+    # to the start of parsing.
    packet_analysis/packet_analysis.bif
-    # The C++ loading BIF is treated like other top-level BIFs to give
+    # The C++ loading BIF is treated like other top-level BIFs to give us
-    # us flexibility regarding when it's called.
+    # flexibility regarding when it's called.
-    script_opt/CPP/CPP-load.bif
+    script_opt/CPP/CPP-load.bif)
 )
 foreach (bift ${BIF_SRCS})
    bif_target(${bift} "standard")
 endforeach ()
-########################################################################
+# ##############################################################################
-## BinPAC-dependent targets
+# BinPAC-dependent targets
 include(BinPAC)
-set(BINPAC_AUXSRC
+set(BINPAC_AUXSRC ${CMAKE_CURRENT_SOURCE_DIR}/binpac.pac ${CMAKE_CURRENT_SOURCE_DIR}/zeek.pac
-    ${CMAKE_CURRENT_SOURCE_DIR}/binpac.pac
+                  ${CMAKE_CURRENT_SOURCE_DIR}/binpac_zeek.h)
    ${CMAKE_CURRENT_SOURCE_DIR}/zeek.pac
    ${CMAKE_CURRENT_SOURCE_DIR}/binpac_zeek.h
 )
 set(BINPAC_OUTPUTS "")
@ -168,8 +145,8 @@ list(APPEND BINPAC_OUTPUTS "${BINPAC_OUTPUT_CC}")
 binpac_target(binpac_zeek-lib.pac)
 list(APPEND BINPAC_OUTPUTS "${BINPAC_OUTPUT_CC}")
-########################################################################
+# ##############################################################################
-## Gen-ZAM setup
+# Gen-ZAM setup
 include(Gen-ZAM)
@ -177,9 +154,9 @@ set(GEN_ZAM_SRC ${CMAKE_CURRENT_SOURCE_DIR}/script_opt/ZAM/Ops.in)
 gen_zam_target(${GEN_ZAM_SRC})
-########################################################################
+# ##############################################################################
-## Including subdirectories.
+# Including subdirectories.
-########################################################################
+# ##############################################################################
 option(USE_SQLITE "Should Zeek use SQLite?" ON)
@ -195,8 +172,8 @@ add_subdirectory(logging)
 add_subdirectory(probabilistic)
 add_subdirectory(session)
-########################################################################
+# ##############################################################################
-## Build in the discovered external plugins and create the autogenerated scripts.
+# Build in the discovered external plugins and create the autogenerated scripts.
 set(PRELOAD_SCRIPT ${PROJECT_BINARY_DIR}/scripts/builtin-plugins/__preload__.zeek)
 file(WRITE ${PRELOAD_SCRIPT} "# Warning, this is an autogenerated file!\n")
@ -204,14 +181,14 @@ set(LOAD_SCRIPT ${PROJECT_BINARY_DIR}/scripts/builtin-plugins/__load__.zeek)
 file(WRITE ${LOAD_SCRIPT} "# Warning, this is an autogenerated file!\n")
 # TODO: this really should be a function to make sure we have an isolated scope.
-#       However, for historic reasons, we're not doing that yet. Some plugin
+# However, for historic reasons, we're not doing that yet. Some plugin modify
-#       modify global state such as `zeekdeps`.
+# global state such as `zeekdeps`.
-macro(add_extra_builtin_plugin plugin_dir)
+macro (add_extra_builtin_plugin plugin_dir)
    get_filename_component(plugin_name "${plugin_dir}" NAME)
-    if(IS_DIRECTORY "${plugin_dir}/cmake")
+    if (IS_DIRECTORY "${plugin_dir}/cmake")
        list(APPEND CMAKE_MODULE_PATH "${plugin_dir}/cmake")
-    endif()
+    endif ()
    # Set this flag so that ZeekPluginStatic.cmake knows that this plugin is not
    # from our source tree but from an external source (or git submodule). This
@ -222,36 +199,36 @@ macro(add_extra_builtin_plugin plugin_dir)
    # TODO: drop once we turn this into a function.
    set(ZEEK_BUILDING_EXTRA_PLUGINS OFF)
-endmacro()
+endmacro ()
 foreach (plugin_dir ${BUILTIN_PLUGIN_LIST})
    add_extra_builtin_plugin("${plugin_dir}")
-endforeach()
+endforeach ()
 install(FILES ${PRELOAD_SCRIPT} DESTINATION ${ZEEK_SCRIPT_INSTALL_PATH}/builtin-plugins/)
 install(FILES ${LOAD_SCRIPT} DESTINATION ${ZEEK_SCRIPT_INSTALL_PATH}/builtin-plugins/)
-########################################################################
+# ##############################################################################
-## This has to happen after the parts for builtin plugins, or else
+# This has to happen after the parts for builtin plugins, or else symbols are
-## symbols are missing when it goes to link the fuzzer binaries.
+# missing when it goes to link the fuzzer binaries.
 add_subdirectory(fuzzers)
-########################################################################
+# ##############################################################################
-## zeek target
+# zeek target
-find_package (Threads)
+find_package(Threads)
 # Avoid CMake warning about "3rdparty" looking like a number.
 cmake_policy(PUSH)
 if (POLICY CMP0012)
-cmake_policy(SET CMP0012 NEW)
+    cmake_policy(SET CMP0012 NEW)
 endif ()
-# This macro stores associated headers for any C/C++ source files given
+# This macro stores associated headers for any C/C++ source files given as
-# as arguments (past _var) as a list in the CMake variable named "_var".
+# arguments (past _var) as a list in the CMake variable named "_var".
-macro(COLLECT_HEADERS _var)
+macro (COLLECT_HEADERS _var)
    foreach (src ${ARGN})
        get_filename_component(ext ${src} EXT)
        if ("${ext}" STREQUAL ".cc" OR "${ext}" STREQUAL ".c")
@ -266,39 +243,34 @@ macro(COLLECT_HEADERS _var)
            endif ()
        endif ()
    endforeach ()
-endmacro(COLLECT_HEADERS _var)
+endmacro (COLLECT_HEADERS _var)
 cmake_policy(POP)
-# define a command that's used to run the make_dbg_constants.py script
+# define a command that's used to run the make_dbg_constants.py script building
-# building the zeek binary depends on the outputs of this script
+# the zeek binary depends on the outputs of this script
-add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/DebugCmdConstants.h
+add_custom_command(
-                          ${CMAKE_CURRENT_BINARY_DIR}/DebugCmdInfoConstants.cc
+    OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/DebugCmdConstants.h
-                   COMMAND ${PYTHON_EXECUTABLE}
+           ${CMAKE_CURRENT_BINARY_DIR}/DebugCmdInfoConstants.cc
-                   ARGS ${CMAKE_CURRENT_SOURCE_DIR}/make_dbg_constants.py
+    COMMAND ${PYTHON_EXECUTABLE} ARGS ${CMAKE_CURRENT_SOURCE_DIR}/make_dbg_constants.py
-                        ${CMAKE_CURRENT_SOURCE_DIR}/DebugCmdInfoConstants.in
+            ${CMAKE_CURRENT_SOURCE_DIR}/DebugCmdInfoConstants.in
-                   DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/make_dbg_constants.py
+    DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/make_dbg_constants.py
-                           ${CMAKE_CURRENT_SOURCE_DIR}/DebugCmdInfoConstants.in
+            ${CMAKE_CURRENT_SOURCE_DIR}/DebugCmdInfoConstants.in
-                   COMMENT "[Python] Processing debug commands"
+    COMMENT "[Python] Processing debug commands"
-                   WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
+    WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR})
 )
-add_custom_target(
+add_custom_target(zeek_debugcmd_gen DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/DebugCmdConstants.h
-  zeek_debugcmd_gen
+                                            ${CMAKE_CURRENT_BINARY_DIR}/DebugCmdInfoConstants.cc)
  DEPENDS
    ${CMAKE_CURRENT_BINARY_DIR}/DebugCmdConstants.h
    ${CMAKE_CURRENT_BINARY_DIR}/DebugCmdInfoConstants.cc
 )
 add_dependencies(zeek_autogen_files zeek_debugcmd_gen)
 set(_gen_zeek_script_cpp ${CMAKE_CURRENT_BINARY_DIR}/../CPP-gen.cc)
-add_custom_command(OUTPUT ${_gen_zeek_script_cpp}
+add_custom_command(OUTPUT ${_gen_zeek_script_cpp} COMMAND ${CMAKE_COMMAND} -E touch
-		   COMMAND ${CMAKE_COMMAND} -E touch ${_gen_zeek_script_cpp})
+                                                          ${_gen_zeek_script_cpp})
 if (!MSVC)
    set_source_files_properties(legacy-netvar-init.cc PROPERTIES COMPILE_FLAGS
-                                -Wno-deprecated-declarations)
+                                                                 -Wno-deprecated-declarations)
-endif()
+endif ()
 set(MAIN_SRCS
    digest.cc
@ -386,9 +358,7 @@ set(MAIN_SRCS
    ZeekArgs.cc
    ZeekString.cc
    ZVal.cc
    ${SUPERVISOR_SRCS}
    threading/BasicThread.cc
    threading/Formatter.cc
    threading/Manager.cc
@ -396,12 +366,10 @@ set(MAIN_SRCS
    threading/SerialTypes.cc
    threading/formatters/Ascii.cc
    threading/formatters/JSON.cc
    plugin/Component.cc
    plugin/ComponentManager.h
    plugin/Manager.cc
    plugin/Plugin.cc
    script_opt/CPP/Attrs.cc
    script_opt/CPP/Consts.cc
    script_opt/CPP/DeclFunc.cc
@ -421,9 +389,7 @@ set(MAIN_SRCS
    script_opt/CPP/Types.cc
    script_opt/CPP/Util.cc
    script_opt/CPP/Vars.cc
    ${_gen_zeek_script_cpp}
    script_opt/Expr.cc
    script_opt/GenIDDefs.cc
    script_opt/IDOptInfo.cc
@ -435,7 +401,6 @@ set(MAIN_SRCS
    script_opt/TempVar.cc
    script_opt/UsageAnalyzer.cc
    script_opt/UseDefs.cc
    script_opt/ZAM/AM-Opt.cc
    script_opt/ZAM/Branches.cc
    script_opt/ZAM/BuiltIn.cc
@ -450,9 +415,7 @@ set(MAIN_SRCS
    script_opt/ZAM/ZBody.cc
    script_opt/ZAM/ZInst.cc
    script_opt/ZAM/ZOp.cc
-
+    digest.h)
    digest.h
 )
 set(THIRD_PARTY_SRCS
    3rdparty/bro_inet_ntop.c # Remove in v6.1.
@ -464,69 +427,58 @@ set(THIRD_PARTY_SRCS
    3rdparty/patricia.c
    3rdparty/setsignal.c
    $<$<BOOL:USE_SQLITE>:3rdparty/sqlite3.c>
-    3rdparty/strsep.c
+    3rdparty/strsep.c)
 )
-# Highwayhash. Highwayhash is a bit special since it has architecture dependent code...
+# Highwayhash. Highwayhash is a bit special since it has architecture dependent
 # code...
 set(hhash_dir ${PROJECT_SOURCE_DIR}/auxil/highwayhash/highwayhash)
 zeek_add_subdir_library(
    hhash
    SOURCES
-        ${hhash_dir}/sip_hash.cc
+    ${hhash_dir}/sip_hash.cc
-        ${hhash_dir}/sip_tree_hash.cc
+    ${hhash_dir}/sip_tree_hash.cc
-        ${hhash_dir}/scalar_sip_tree_hash.cc
+    ${hhash_dir}/scalar_sip_tree_hash.cc
-        ${hhash_dir}/arch_specific.cc
+    ${hhash_dir}/arch_specific.cc
-        ${hhash_dir}/instruction_sets.cc
+    ${hhash_dir}/instruction_sets.cc
-        ${hhash_dir}/nanobenchmark.cc
+    ${hhash_dir}/nanobenchmark.cc
-        ${hhash_dir}/os_specific.cc
+    ${hhash_dir}/os_specific.cc
-        ${hhash_dir}/hh_portable.cc
+    ${hhash_dir}/hh_portable.cc)
 )
 if (${COMPILER_ARCHITECTURE} STREQUAL "arm")
-  check_c_source_compiles("
+    check_c_source_compiles(
        "
      #if defined(__ARM_NEON__) || defined(__ARM_NEON)
      int main() { return 0; }
      #else
      #error
      #endif
-  " test_arm_neon)
+  "
        test_arm_neon)
-  if (test_arm_neon)
+    if (test_arm_neon)
-    target_sources(zeek_hhash_obj PRIVATE ${hhash_dir}/hh_neon.cc)
+        target_sources(zeek_hhash_obj PRIVATE ${hhash_dir}/hh_neon.cc)
-  endif ()
+    endif ()
-  target_compile_options(
+    target_compile_options(zeek_hhash_obj PRIVATE -mfloat-abi=hard -march=armv7-a -mfpu=neon)
    zeek_hhash_obj
    PRIVATE
      -mfloat-abi=hard
      -march=armv7-a
      -mfpu=neon
  )
 elseif (${COMPILER_ARCHITECTURE} STREQUAL "aarch64")
-  target_sources(zeek_hhash_obj PRIVATE ${hhash_dir}/hh_neon.cc)
+    target_sources(zeek_hhash_obj PRIVATE ${hhash_dir}/hh_neon.cc)
 elseif (${COMPILER_ARCHITECTURE} STREQUAL "power")
-  target_sources(zeek_hhash_obj PRIVATE ${hhash_dir}/hh_vsx.cc)
+    target_sources(zeek_hhash_obj PRIVATE ${hhash_dir}/hh_vsx.cc)
-  set_source_files_properties(${hhash_dir}/hh_vsx.cc PROPERTIES COMPILE_FLAGS
+    set_source_files_properties(${hhash_dir}/hh_vsx.cc PROPERTIES COMPILE_FLAGS -mvsx)
-                              -mvsx)
+elseif (${COMPILER_ARCHITECTURE} STREQUAL "x86_64")
-elseif(${COMPILER_ARCHITECTURE} STREQUAL "x86_64")
+    target_sources(zeek_hhash_obj PRIVATE ${hhash_dir}/hh_avx2.cc ${hhash_dir}/hh_sse41.cc)
-  target_sources(
+    if (MSVC)
-    zeek_hhash_obj
+        set(_avx_flag /arch:AVX2)
-    PRIVATE
+        # Using an undocumentd compiler flag:
-      ${hhash_dir}/hh_avx2.cc
+        # https://stackoverflow.com/questions/64053597/how-do-i-enable-sse4-1-and-sse3-but-not-avx-in-msvc/69328426#69328426
-      ${hhash_dir}/hh_sse41.cc)
+        set(_sse_flag /d2archSSE42)
-  if (MSVC)
+    else ()
-    set(_avx_flag /arch:AVX2)
+        set(_avx_flag -mavx2)
-    # Using an undocumentd compiler flag: https://stackoverflow.com/questions/64053597/how-do-i-enable-sse4-1-and-sse3-but-not-avx-in-msvc/69328426#69328426
+        set(_sse_flag -msse4.1)
-    set(_sse_flag /d2archSSE42)
+    endif ()
  else()
    set(_avx_flag -mavx2)
    set(_sse_flag -msse4.1)
  endif()
-  set_source_files_properties(${hhash_dir}/hh_avx2.cc PROPERTIES COMPILE_FLAGS
+    set_source_files_properties(${hhash_dir}/hh_avx2.cc PROPERTIES COMPILE_FLAGS ${_avx_flag})
-                              ${_avx_flag})
+    set_source_files_properties(${hhash_dir}/hh_sse41.cc PROPERTIES COMPILE_FLAGS ${_sse_flag})
  set_source_files_properties(${hhash_dir}/hh_sse41.cc PROPERTIES COMPILE_FLAGS
                              ${_sse_flag})
 endif ()
 set(zeek_SRCS
@ -550,8 +502,7 @@ set(zeek_SRCS
    ${CMAKE_CURRENT_BINARY_DIR}/ZAM-MethodDecls.h
    ${THIRD_PARTY_SRCS}
    ${HH_SRCS}
-    ${MAIN_SRCS}
+    ${MAIN_SRCS})
 )
 collect_headers(zeek_HEADERS ${zeek_SRCS})
@ -564,35 +515,31 @@ zeek_target_link_libraries(zeek_objs)
 if (TARGET zeek_exe)
    target_sources(zeek_exe PRIVATE main.cc ${zeek_HEADERS})
-    # npcap/winpcap need to be loaded in delayed mode so that we can set the load path
+    # npcap/winpcap need to be loaded in delayed mode so that we can set the load
-    # correctly at runtime. See https://npcap.com/guide/npcap-devguide.html#npcap-feature-native
+    # path correctly at runtime. See
-    # for why this is necessary.
+    # https://npcap.com/guide/npcap-devguide.html#npcap-feature-native for why
-    if ( MSVC AND HAVE_WPCAP )
+    # this is necessary.
    if (MSVC AND HAVE_WPCAP)
        set(zeekdeps ${zeekdeps} delayimp.lib)
        set_target_properties(zeek_exe PROPERTIES LINK_FLAGS "/DELAYLOAD:wpcap.dll")
-    endif()
+    endif ()
    target_link_libraries(zeek_exe PRIVATE ${zeekdeps} ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS})
    # Export symbols from zeek executable for use by plugins
    set_target_properties(zeek_exe PROPERTIES ENABLE_EXPORTS TRUE)
-    if ( MSVC )
+    if (MSVC)
        set(WINDOWS_EXPORT_ALL_SYMBOLS ON)
    endif ()
-endif()
+endif ()
 if (TARGET zeek_lib)
    target_sources(zeek_lib PRIVATE ${zeek_HEADERS})
-    target_link_libraries(
+    target_link_libraries(zeek_lib PUBLIC ${zeekdeps} ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS})
-        zeek_lib
+endif ()
        PUBLIC
            ${zeekdeps}
            ${CMAKE_THREAD_LIBS_INIT}
            ${CMAKE_DL_LIBS})
 endif()
 zeek_include_directories(
    ${CMAKE_BINARY_DIR}
@ -601,21 +548,23 @@ zeek_include_directories(
    ${CMAKE_CURRENT_BINARY_DIR}
    ${CMAKE_CURRENT_SOURCE_DIR}/include
    ${CMAKE_SOURCE_DIR}/zeek/src
-    ${CMAKE_SOURCE_DIR}/zeek/src/include
+    ${CMAKE_SOURCE_DIR}/zeek/src/include)
 )
 # Install *.bif.zeek.
-install(DIRECTORY ${PROJECT_BINARY_DIR}/scripts/base/bif DESTINATION ${ZEEK_SCRIPT_INSTALL_PATH}/base)
+install(DIRECTORY ${PROJECT_BINARY_DIR}/scripts/base/bif
        DESTINATION ${ZEEK_SCRIPT_INSTALL_PATH}/base)
 # Create plugin directory at install time.
 install(DIRECTORY DESTINATION ${ZEEK_PLUGIN_DIR})
 # Make clean removes the bif directory.
-set_directory_properties(PROPERTIES ADDITIONAL_MAKE_CLEAN_FILES ${PROJECT_BINARY_DIR}/scripts/base/bif)
+set_directory_properties(PROPERTIES ADDITIONAL_MAKE_CLEAN_FILES
                                    ${PROJECT_BINARY_DIR}/scripts/base/bif)
-# Remove some stale files and scripts that previous Zeek versions put in
+# Remove some stale files and scripts that previous Zeek versions put in place,
-# place, yet make confuse us now. This makes upgrading easier.
+# yet make confuse us now. This makes upgrading easier.
-install(CODE "
+install(
    CODE "
   file(REMOVE_RECURSE
       ${ZEEK_SCRIPT_INSTALL_PATH}/base/frameworks/logging/writers/dataseries.bro
       ${ZEEK_SCRIPT_INSTALL_PATH}/base/frameworks/logging/writers/elasticsearch.bro
@ -623,60 +572,59 @@ install(CODE "
   )
 ")
-# Make sure to escape a bunch of special characters in the path before trying to use it as a
+# Make sure to escape a bunch of special characters in the path before trying to
-# regular expression below.
+# use it as a regular expression below.
-string(REGEX REPLACE "([][+.*()^])" "\\\\\\1" escaped_include_path "${CMAKE_CURRENT_SOURCE_DIR}/include/*")
+string(REGEX REPLACE "([][+.*()^])" "\\\\\\1" escaped_include_path
                     "${CMAKE_CURRENT_SOURCE_DIR}/include/*")
 if (WIN32)
-    install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/windows/usr.include/
+    install(
-            DESTINATION include/
+        DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/windows/usr.include/
-            FILES_MATCHING
+        DESTINATION include/
            PATTERN "*.h"
    )
 endif()
 install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/
        DESTINATION include/zeek
        FILES_MATCHING
-        PATTERN "*.h"
+        PATTERN "*.h")
-        PATTERN "*.pac"
+endif ()
        PATTERN "3rdparty/*" EXCLUDE
        # The "zeek -> ." symlink isn't needed in the install-tree
        REGEX "${escaped_include_path}$" EXCLUDE
-	# FILES_MATCHING creates empty directories:
+install(
-	# https://gitlab.kitware.com/cmake/cmake/-/issues/17122
+    DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/
-	# Exclude the ones that this affects explicitly.
+    DESTINATION include/zeek
-	PATTERN "script_opt/CPP/maint" EXCLUDE
+    FILES_MATCHING
-	PATTERN "fuzzers/corpora" EXCLUDE
+    PATTERN "*.h"
-)
+    PATTERN "*.pac"
    PATTERN "3rdparty/*" EXCLUDE
    # The "zeek -> ." symlink isn't needed in the install-tree
    REGEX "${escaped_include_path}$" EXCLUDE
    # FILES_MATCHING creates empty directories:
    # https://gitlab.kitware.com/cmake/cmake/-/issues/17122 Exclude the ones that
    # this affects explicitly.
    PATTERN "script_opt/CPP/maint" EXCLUDE
    PATTERN "fuzzers/corpora" EXCLUDE)
-install(DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/
+install(
-        DESTINATION include/zeek
+    DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/
-        FILES_MATCHING
+    DESTINATION include/zeek
-        PATTERN "*.bif.func_h"
+    FILES_MATCHING
-        PATTERN "*.bif.netvar_h"
+    PATTERN "*.bif.func_h"
-        PATTERN "*.bif.h"
+    PATTERN "*.bif.netvar_h"
-        PATTERN "CMakeFiles" EXCLUDE
+    PATTERN "*.bif.h"
-        # The "include/zeek -> .." symlink isn't needed in the install-tree
+    PATTERN "CMakeFiles" EXCLUDE
-        REGEX "${escaped_include_path}$" EXCLUDE
+    # The "include/zeek -> .." symlink isn't needed in the install-tree
-)
+    REGEX "${escaped_include_path}$" EXCLUDE)
-install(FILES
+install(
-        ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/ConvertUTF.h
+    FILES ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/ConvertUTF.h
-        ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/bro_inet_ntop.h # Remove in v6.1
+          ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/bro_inet_ntop.h # Remove in v6.1
-        ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/zeek_inet_ntop.h
+          ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/zeek_inet_ntop.h
-        ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/bsd-getopt-long.h
+          ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/bsd-getopt-long.h
-        ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/modp_numtoa.h
+          ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/modp_numtoa.h
-        ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/patricia.h
+          ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/patricia.h
-        ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/setsignal.h
+          ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/setsignal.h
-        $<$<BOOL:USE_SQLITE>:${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/sqlite3.h>
+          $<$<BOOL:USE_SQLITE>:${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/sqlite3.h>
-        ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/doctest.h
+          ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/doctest.h
-        DESTINATION include/zeek/3rdparty
+    DESTINATION include/zeek/3rdparty)
 )
-########################################################################
+# ##############################################################################
-## Clang-tidy target now that we have all of the sources
+# Clang-tidy target now that we have all of the sources
 add_clang_tidy_files(${MAIN_SRCS})
@ -685,23 +633,22 @@ add_clang_tidy_files(${MAIN_SRCS})
 # *.bif.register.cc)
 create_clang_tidy_target()
-########################################################################
+# ##############################################################################
-## CTest setup.
+# CTest setup.
 # Scan all .cc files for TEST_CASE macros and generate CTest targets.
 if (ENABLE_ZEEK_UNIT_TESTS)
    set(test_cases "")
    foreach (cc_file ${TIDY_SRCS})
-        file (STRINGS ${cc_file} test_case_lines REGEX "TEST_CASE")
+        file(STRINGS ${cc_file} test_case_lines REGEX "TEST_CASE")
        foreach (line ${test_case_lines})
            string(REGEX REPLACE "TEST_CASE\\(\"(.+)\"\\)" "\\1" test_case "${line}")
            list(APPEND test_cases "${test_case}")
        endforeach ()
    endforeach ()
    list(LENGTH test_cases num_test_cases)
-    MESSAGE(STATUS "-- Found ${num_test_cases} test cases for CTest")
+    message(STATUS "-- Found ${num_test_cases} test cases for CTest")
    foreach (test_case ${test_cases})
-        add_test(NAME "\"${test_case}\""
+        add_test(NAME "\"${test_case}\"" COMMAND zeek --test "--test-case=${test_case}")
                 COMMAND zeek --test "--test-case=${test_case}")
    endforeach ()
 endif ()
--- a/src/Val.cc
+++ b/src/Val.cc
@ -6,6 +6,9 @@
 #include <netdb.h>
 #include <netinet/in.h>
 #define RAPIDJSON_HAS_STDSTRING 1
 #include <rapidjson/document.h>
 #include <rapidjson/error/en.h>
 #include <sys/param.h>
 #include <sys/types.h>
 #include <unistd.h>
@ -1061,6 +1064,333 @@ StringValPtr StringVal::Replace(RE_Matcher* re, const String& repl, bool do_all)
 	return make_intrusive<StringVal>(new String(true, result, r - result));
 	}
 static std::variant<ValPtr, std::string> BuildVal(const rapidjson::Value& j, const TypePtr& t)
 	{
 	auto mismatch_err = [t, &j]()
 	{
 		std::string json_type;
 		switch ( j.GetType() )
 			{
 			case rapidjson::Type::kNullType:
 				json_type = "null";
 				break;
 			case rapidjson::Type::kFalseType:
 			case rapidjson::Type::kTrueType:
 				json_type = "bool";
 				break;
 			case rapidjson::Type::kObjectType:
 				json_type = "object";
 				break;
 			case rapidjson::Type::kArrayType:
 				json_type = "array";
 				break;
 			case rapidjson::Type::kStringType:
 				json_type = "string";
 				break;
 			case rapidjson::Type::kNumberType:
 				json_type = "number";
 				break;
 			default:
 				json_type = "unknown";
 			}
 		return util::fmt("cannot convert JSON type '%s' to Zeek type '%s'", json_type.c_str(),
 		                 type_name(t->Tag()));
 	};
 	if ( j.IsNull() )
 		return Val::nil;
 	switch ( t->Tag() )
 		{
 		case TYPE_BOOL:
 			{
 			if ( ! j.IsBool() )
 				return mismatch_err();
 			return val_mgr->Bool(j.GetBool());
 			}
 		case TYPE_INT:
 			{
 			if ( ! j.IsInt64() )
 				return mismatch_err();
 			return val_mgr->Int(j.GetInt64());
 			}
 		case TYPE_COUNT:
 			{
 			if ( ! j.IsUint64() )
 				return mismatch_err();
 			return val_mgr->Count(j.GetUint64());
 			}
 		case TYPE_TIME:
 			{
 			if ( ! j.IsNumber() )
 				return mismatch_err();
 			return make_intrusive<TimeVal>(j.GetDouble());
 			}
 		case TYPE_DOUBLE:
 			{
 			if ( ! j.IsNumber() )
 				return mismatch_err();
 			return make_intrusive<DoubleVal>(j.GetDouble());
 			}
 		case TYPE_INTERVAL:
 			{
 			if ( ! j.IsNumber() )
 				return mismatch_err();
 			return make_intrusive<IntervalVal>(j.GetDouble());
 			}
 		case TYPE_PORT:
 			{
 			if ( ! j.IsString() )
 				return mismatch_err();
 			int port = 0;
 			if ( j.GetStringLength() > 0 && j.GetStringLength() < 10 )
 				{
 				char* slash;
 				errno = 0;
 				port = strtol(j.GetString(), &slash, 10);
 				if ( ! errno )
 					{
 					++slash;
 					if ( util::streq(slash, "tcp") )
 						return val_mgr->Port(port, TRANSPORT_TCP);
 					else if ( util::streq(slash, "udp") )
 						return val_mgr->Port(port, TRANSPORT_UDP);
 					else if ( util::streq(slash, "icmp") )
 						return val_mgr->Port(port, TRANSPORT_ICMP);
 					else if ( util::streq(slash, "unknown") )
 						return val_mgr->Port(port, TRANSPORT_UNKNOWN);
 					}
 				}
 			return "wrong port format, must be /[0-9]{1,5}\\/(tcp|udp|icmp|unknown)/";
 			}
 		case TYPE_PATTERN:
 			{
 			if ( ! j.IsString() )
 				return mismatch_err();
 			std::string candidate(j.GetString(), j.GetStringLength());
 			if ( candidate.size() > 2 && candidate.front() == candidate.back() &&
 			     candidate.back() == '/' )
 				{
 				// Remove the '/'s
 				candidate.erase(0, 1);
 				candidate.erase(candidate.size() - 1);
 				}
 			auto re = std::make_unique<RE_Matcher>(candidate.c_str());
 			if ( ! re->Compile() )
 				return "error compiling pattern";
 			return make_intrusive<PatternVal>(re.release());
 			}
 		case TYPE_ADDR:
 		case TYPE_SUBNET:
 			{
 			if ( ! j.IsString() )
 				return mismatch_err();
 			int width = 0;
 			std::string candidate;
 			if ( t->Tag() == TYPE_ADDR )
 				candidate = std::string(j.GetString(), j.GetStringLength());
 			else
 				{
 				std::string_view subnet_sv(j.GetString(), j.GetStringLength());
 				auto pos = subnet_sv.find('/');
 				if ( pos == subnet_sv.npos )
 					return util::fmt("invalid value for subnet: '%s'", j.GetString());
 				candidate = std::string(j.GetString(), pos);
 				errno = 0;
 				char* end;
 				width = strtol(subnet_sv.data() + pos + 1, &end, 10);
 				if ( subnet_sv.data() + pos + 1 == end || errno )
 					return util::fmt("invalid value for subnet: '%s'", j.GetString());
 				}
 			if ( candidate.front() == '[' )
 				candidate.erase(0, 1);
 			if ( candidate.back() == ']' )
 				candidate.erase(candidate.size() - 1);
 			if ( t->Tag() == TYPE_ADDR )
 				return make_intrusive<AddrVal>(candidate);
 			else
 				return make_intrusive<SubNetVal>(candidate.c_str(), width);
 			}
 		case TYPE_ENUM:
 			{
 			if ( ! j.IsString() )
 				return mismatch_err();
 			auto et = t->AsEnumType();
 			auto intval = et->Lookup({j.GetString(), j.GetStringLength()});
 			if ( intval < 0 )
 				return util::fmt("'%s' is not a valid enum for '%s'.", j.GetString(),
 				                 et->GetName().c_str());
 			return et->GetEnumVal(intval);
 			}
 		case TYPE_STRING:
 			{
 			if ( ! j.IsString() )
 				return mismatch_err();
 			return make_intrusive<StringVal>(j.GetStringLength(), j.GetString());
 			}
 		case TYPE_TABLE:
 			{
 			if ( ! j.IsArray() )
 				return mismatch_err();
 			if ( ! t->IsSet() )
 				return util::fmt("tables are not supported");
 			auto tt = t->AsSetType();
 			auto tl = tt->GetIndices();
 			auto tv = make_intrusive<TableVal>(IntrusivePtr{NewRef{}, tt});
 			for ( const auto& item : j.GetArray() )
 				{
 				std::variant<ValPtr, std::string> v;
 				if ( tl->GetTypes().size() == 1 )
 					v = BuildVal(item, tl->GetPureType());
 				else
 					v = BuildVal(item, tl);
 				if ( ! get_if<ValPtr>(&v) )
 					return v;
 				if ( ! std::get<ValPtr>(v) )
 					continue;
 				tv->Assign(std::move(std::get<ValPtr>(v)), nullptr);
 				}
 			return tv;
 			}
 		case TYPE_RECORD:
 			{
 			if ( ! j.IsObject() )
 				return mismatch_err();
 			auto rt = t->AsRecordType();
 			auto rv = make_intrusive<RecordVal>(IntrusivePtr{NewRef{}, rt});
 			for ( int i = 0; i < rt->NumFields(); ++i )
 				{
 				auto td_i = rt->FieldDecl(i);
 				auto m_it = j.FindMember(td_i->id);
 				bool has_member = m_it != j.MemberEnd();
 				bool member_is_null = has_member && m_it->value.IsNull();
 				if ( ! has_member || member_is_null )
 					{
 					if ( ! td_i->GetAttr(detail::ATTR_OPTIONAL) &&
 					     ! td_i->GetAttr(detail::ATTR_DEFAULT) )
 						return util::fmt("required field %s$%s is %s in JSON", t->GetName().c_str(),
 						                 td_i->id, member_is_null ? "null" : "missing");
 					continue;
 					}
 				auto v = BuildVal(m_it->value, td_i->type);
 				if ( ! get_if<ValPtr>(&v) )
 					return v;
 				rv->Assign(i, std::move(std::get<ValPtr>(v)));
 				}
 			return rv;
 			}
 		case TYPE_LIST:
 			{
 			if ( ! j.IsArray() )
 				return mismatch_err();
 			auto lt = t->AsTypeList();
 			if ( j.GetArray().Size() < lt->GetTypes().size() )
 				return "index type doesn't match";
 			auto lv = make_intrusive<ListVal>(TYPE_ANY);
 			for ( size_t i = 0; i < lt->GetTypes().size(); i++ )
 				{
 				auto v = BuildVal(j.GetArray()[i], lt->GetTypes()[i]);
 				if ( ! get_if<ValPtr>(&v) )
 					return v;
 				lv->Append(std::move(std::get<ValPtr>(v)));
 				}
 			return lv;
 			}
 		case TYPE_VECTOR:
 			{
 			if ( ! j.IsArray() )
 				return mismatch_err();
 			auto vt = t->AsVectorType();
 			auto vv = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, vt});
 			for ( const auto& item : j.GetArray() )
 				{
 				auto v = BuildVal(item, vt->Yield());
 				if ( ! get_if<ValPtr>(&v) )
 					return v;
 				if ( ! std::get<ValPtr>(v) )
 					continue;
 				vv->Assign(vv->Size(), std::move(std::get<ValPtr>(v)));
 				}
 			return vv;
 			}
 		default:
 			return util::fmt("type '%s' unsupport", type_name(t->Tag()));
 		}
 	}
 std::variant<ValPtr, std::string> detail::ValFromJSON(std::string_view json_str, const TypePtr& t)
 	{
 	rapidjson::Document doc;
 	rapidjson::ParseResult ok = doc.Parse(json_str.data(), json_str.length());
 	if ( ! ok )
 		return util::fmt("JSON parse error: %s Offset: %lu", rapidjson::GetParseError_En(ok.Code()),
 		                 ok.Offset());
 	return BuildVal(doc, t);
 	}
 ValPtr StringVal::DoClone(CloneState* state)
 	{
 	// We could likely treat this type as immutable and return a reference
--- a/src/Val.h
+++ b/src/Val.h
@ -6,6 +6,7 @@
 #include <array>
 #include <list>
 #include <unordered_map>
 #include <variant>
 #include <vector>
 #include "zeek/IntrusivePtr.h"
@ -1794,4 +1795,12 @@ extern bool can_cast_value_to_type(const Val* v, Type* t);
 // specific instance later.
 extern bool can_cast_value_to_type(const Type* s, Type* t);
 namespace detail
 	{
 // Parses a JSON string into arbitrary Zeek data using std::variant to simulate functional exception
 // handling. Returns a ValPtr if parsing was successful, or a std::string containing an error
 // message if an error occurred.
 extern std::variant<ValPtr, std::string> ValFromJSON(std::string_view json_str, const TypePtr& t);
 	}
 	} // namespace zeek
--- a/src/analyzer/CMakeLists.txt
+++ b/src/analyzer/CMakeLists.txt
@ -1,12 +1,14 @@
 zeek_add_subdir_library(
    analyzer
-    INTERNAL_DEPENDENCIES ${BIF_BUILD_TARGET}
+    INTERNAL_DEPENDENCIES
-    INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}
+    ${BIF_BUILD_TARGET}
    INCLUDE_DIRS
    ${CMAKE_CURRENT_SOURCE_DIR}
    ${CMAKE_CURRENT_BINARY_DIR}
    SOURCES
-        Analyzer.cc
+    Analyzer.cc
-        Component.cc
+    Component.cc
-        Manager.cc
+    Manager.cc)
 )
 # Treat BIFs as builtin (alternative mode).
 bif_target(analyzer.bif)
--- a/src/analyzer/protocol/bittorrent/CMakeLists.txt
+++ b/src/analyzer/protocol/bittorrent/CMakeLists.txt
@ -2,13 +2,12 @@ zeek_add_plugin(
    Zeek
    BitTorrent
    SOURCES
-        BitTorrent.cc
+    BitTorrent.cc
-        BitTorrentTracker.cc
+    BitTorrentTracker.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        events.bif
+    events.bif
    PAC
-        bittorrent.pac
+    bittorrent.pac
-        bittorrent-analyzer.pac
+    bittorrent-analyzer.pac
-        bittorrent-protocol.pac
+    bittorrent-protocol.pac)
 )
--- a/src/analyzer/protocol/conn-size/CMakeLists.txt
+++ b/src/analyzer/protocol/conn-size/CMakeLists.txt
@ -2,9 +2,8 @@ zeek_add_plugin(
    Zeek
    ConnSize
    SOURCES
-        ConnSize.cc
+    ConnSize.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        events.bif
+    events.bif
-        functions.bif
+    functions.bif)
 )
--- a/src/analyzer/protocol/dce-rpc/CMakeLists.txt
+++ b/src/analyzer/protocol/dce-rpc/CMakeLists.txt
@ -2,17 +2,16 @@ zeek_add_plugin(
    Zeek
    DCE_RPC
    SOURCES
-        DCE_RPC.cc
+    DCE_RPC.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        consts.bif
+    consts.bif
-        types.bif
+    types.bif
-        events.bif
+    events.bif
    PAC
-        dce_rpc.pac
+    dce_rpc.pac
-        dce_rpc-protocol.pac
+    dce_rpc-protocol.pac
-        dce_rpc-analyzer.pac
+    dce_rpc-analyzer.pac
-        dce_rpc-auth.pac
+    dce_rpc-auth.pac
-        endpoint-atsvc.pac
+    endpoint-atsvc.pac
-        endpoint-epmapper.pac
+    endpoint-epmapper.pac)
 )
--- a/src/analyzer/protocol/dhcp/CMakeLists.txt
+++ b/src/analyzer/protocol/dhcp/CMakeLists.txt
@ -2,14 +2,13 @@ zeek_add_plugin(
    Zeek
    DHCP
    SOURCES
-        DHCP.cc
+    DHCP.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        events.bif
+    events.bif
-        types.bif
+    types.bif
    PAC
-        dhcp.pac
+    dhcp.pac
-        dhcp-protocol.pac
+    dhcp-protocol.pac
-        dhcp-analyzer.pac
+    dhcp-analyzer.pac
-        dhcp-options.pac
+    dhcp-options.pac)
 )
--- a/src/analyzer/protocol/dnp3/CMakeLists.txt
+++ b/src/analyzer/protocol/dnp3/CMakeLists.txt
@ -2,13 +2,12 @@ zeek_add_plugin(
    Zeek
    DNP3
    SOURCES
-        DNP3.cc
+    DNP3.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        events.bif
+    events.bif
    PAC
-        dnp3.pac
+    dnp3.pac
-        dnp3-analyzer.pac
+    dnp3-analyzer.pac
-        dnp3-protocol.pac
+    dnp3-protocol.pac
-        dnp3-objects.pac
+    dnp3-objects.pac)
 )
--- a/src/analyzer/protocol/dns/CMakeLists.txt
+++ b/src/analyzer/protocol/dns/CMakeLists.txt
@ -2,8 +2,7 @@ zeek_add_plugin(
    Zeek
    DNS
    SOURCES
-        DNS.cc
+    DNS.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        events.bif
+    events.bif)
 )
--- a/src/analyzer/protocol/file/CMakeLists.txt
+++ b/src/analyzer/protocol/file/CMakeLists.txt
@ -2,8 +2,7 @@ zeek_add_plugin(
    Zeek
    File
    SOURCES
-        File.cc
+    File.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        events.bif
+    events.bif)
 )
--- a/src/analyzer/protocol/finger/CMakeLists.txt
+++ b/src/analyzer/protocol/finger/CMakeLists.txt
@ -1,9 +1,8 @@
 spicy_add_analyzer(
-  NAME
+    NAME
    Finger
-  SOURCES
+    SOURCES
    finger.spicy
    finger.evt
-  LEGACY
+    LEGACY
-    legacy
+    legacy)
 )
--- a/src/analyzer/protocol/finger/legacy/CMakeLists.txt
+++ b/src/analyzer/protocol/finger/legacy/CMakeLists.txt
@ -2,8 +2,7 @@ zeek_add_plugin(
    Zeek
    Finger
    SOURCES
-        Finger.cc
+    Finger.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        events.bif
+    events.bif)
 )
--- a/src/analyzer/protocol/ftp/CMakeLists.txt
+++ b/src/analyzer/protocol/ftp/CMakeLists.txt
@ -2,9 +2,8 @@ zeek_add_plugin(
    Zeek
    FTP
    SOURCES
-        FTP.cc
+    FTP.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        events.bif
+    events.bif
-        functions.bif
+    functions.bif)
 )
--- a/src/analyzer/protocol/gnutella/CMakeLists.txt
+++ b/src/analyzer/protocol/gnutella/CMakeLists.txt
@ -2,8 +2,7 @@ zeek_add_plugin(
    Zeek
    Gnutella
    SOURCES
-        Gnutella.cc
+    Gnutella.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        events.bif
+    events.bif)
 )
--- a/src/analyzer/protocol/gssapi/CMakeLists.txt
+++ b/src/analyzer/protocol/gssapi/CMakeLists.txt
@ -2,13 +2,12 @@ zeek_add_plugin(
    Zeek
    GSSAPI
    SOURCES
-        GSSAPI.cc
+    GSSAPI.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        events.bif
+    events.bif
    PAC
-        gssapi.pac
+    gssapi.pac
-        gssapi-protocol.pac
+    gssapi-protocol.pac
-        gssapi-analyzer.pac
+    gssapi-analyzer.pac
-        ${PROJECT_SOURCE_DIR}/src/analyzer/protocol/asn1/asn1.pac
+    ${PROJECT_SOURCE_DIR}/src/analyzer/protocol/asn1/asn1.pac)
 )
--- a/src/analyzer/protocol/http/CMakeLists.txt
+++ b/src/analyzer/protocol/http/CMakeLists.txt
@ -2,9 +2,8 @@ zeek_add_plugin(
    Zeek
    HTTP
    SOURCES
-        HTTP.cc
+    HTTP.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        events.bif
+    events.bif
-        functions.bif
+    functions.bif)
 )
--- a/src/analyzer/protocol/ident/CMakeLists.txt
+++ b/src/analyzer/protocol/ident/CMakeLists.txt
@ -2,8 +2,7 @@ zeek_add_plugin(
    Zeek
    Ident
    SOURCES
-        Ident.cc
+    Ident.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        events.bif
+    events.bif)
 )
--- a/src/analyzer/protocol/imap/CMakeLists.txt
+++ b/src/analyzer/protocol/imap/CMakeLists.txt
@ -2,12 +2,11 @@ zeek_add_plugin(
    Zeek
    IMAP
    SOURCES
-        Plugin.cc
+    Plugin.cc
-        IMAP.cc
+    IMAP.cc
    BIFS
-        events.bif
+    events.bif
    PAC
-        imap.pac
+    imap.pac
-        imap-analyzer.pac
+    imap-analyzer.pac
-        imap-protocol.pac
+    imap-protocol.pac)
 )
--- a/src/analyzer/protocol/irc/CMakeLists.txt
+++ b/src/analyzer/protocol/irc/CMakeLists.txt
@ -2,8 +2,7 @@ zeek_add_plugin(
    Zeek
    IRC
    SOURCES
-        IRC.cc
+    IRC.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        events.bif
+    events.bif)
 )
--- a/src/analyzer/protocol/krb/CMakeLists.txt
+++ b/src/analyzer/protocol/krb/CMakeLists.txt
@ -2,28 +2,27 @@ zeek_add_plugin(
    Zeek
    KRB
    SOURCES
-        Plugin.cc
+    Plugin.cc
-        KRB.cc
+    KRB.cc
-        KRB_TCP.cc
+    KRB_TCP.cc
    BIFS
-        types.bif
+    types.bif
-        events.bif
+    events.bif
    PAC
-        krb.pac
+    krb.pac
-        krb-protocol.pac
+    krb-protocol.pac
-        krb-analyzer.pac
+    krb-analyzer.pac
-        krb-asn1.pac
+    krb-asn1.pac
-        krb-defs.pac
+    krb-defs.pac
-        krb-types.pac
+    krb-types.pac
-        krb-padata.pac
+    krb-padata.pac
-        ${PROJECT_SOURCE_DIR}/src/analyzer/protocol/asn1/asn1.pac
+    ${PROJECT_SOURCE_DIR}/src/analyzer/protocol/asn1/asn1.pac
    PAC
-        krb_TCP.pac
+    krb_TCP.pac
-        krb-protocol.pac
+    krb-protocol.pac
-        krb-analyzer.pac
+    krb-analyzer.pac
-        krb-asn1.pac
+    krb-asn1.pac
-        krb-defs.pac
+    krb-defs.pac
-        krb-types.pac
+    krb-types.pac
-        krb-padata.pac
+    krb-padata.pac
-        ${PROJECT_SOURCE_DIR}/src/analyzer/protocol/asn1/asn1.pac
+    ${PROJECT_SOURCE_DIR}/src/analyzer/protocol/asn1/asn1.pac)
 )
--- a/src/analyzer/protocol/login/CMakeLists.txt
+++ b/src/analyzer/protocol/login/CMakeLists.txt
@ -2,13 +2,12 @@ zeek_add_plugin(
    Zeek
    Login
    SOURCES
-        Login.cc
+    Login.cc
-        RSH.cc
+    RSH.cc
-        Telnet.cc
+    Telnet.cc
-        Rlogin.cc
+    Rlogin.cc
-        NVT.cc
+    NVT.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        events.bif
+    events.bif
-        functions.bif
+    functions.bif)
 )
--- a/src/analyzer/protocol/mime/CMakeLists.txt
+++ b/src/analyzer/protocol/mime/CMakeLists.txt
@ -7,8 +7,7 @@ zeek_add_plugin(
    Zeek
    MIME
    SOURCES
-        MIME.cc
+    MIME.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        events.bif
+    events.bif)
 )
--- a/src/analyzer/protocol/modbus/CMakeLists.txt
+++ b/src/analyzer/protocol/modbus/CMakeLists.txt
@ -2,12 +2,11 @@ zeek_add_plugin(
    Zeek
    Modbus
    SOURCES
-        Modbus.cc
+    Modbus.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        events.bif
+    events.bif
    PAC
-        modbus.pac
+    modbus.pac
-        modbus-analyzer.pac
+    modbus-analyzer.pac
-        modbus-protocol.pac
+    modbus-protocol.pac)
 )
--- a/src/analyzer/protocol/mqtt/CMakeLists.txt
+++ b/src/analyzer/protocol/mqtt/CMakeLists.txt
@ -2,26 +2,25 @@ zeek_add_plugin(
    Zeek
    MQTT
    SOURCES
-        MQTT.cc
+    MQTT.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        types.bif
+    types.bif
-        events.bif
+    events.bif
    PAC
-        mqtt.pac
+    mqtt.pac
-        mqtt-protocol.pac
+    mqtt-protocol.pac
-        commands/connect.pac
+    commands/connect.pac
-        commands/connack.pac
+    commands/connack.pac
-        commands/publish.pac
+    commands/publish.pac
-        commands/puback.pac
+    commands/puback.pac
-        commands/pubrec.pac
+    commands/pubrec.pac
-        commands/pubrel.pac
+    commands/pubrel.pac
-        commands/pubcomp.pac
+    commands/pubcomp.pac
-        commands/subscribe.pac
+    commands/subscribe.pac
-        commands/suback.pac
+    commands/suback.pac
-        commands/unsuback.pac
+    commands/unsuback.pac
-        commands/unsubscribe.pac
+    commands/unsubscribe.pac
-        commands/disconnect.pac
+    commands/disconnect.pac
-        commands/pingreq.pac
+    commands/pingreq.pac
-        commands/pingresp.pac
+    commands/pingresp.pac)
 )
--- a/src/analyzer/protocol/mysql/CMakeLists.txt
+++ b/src/analyzer/protocol/mysql/CMakeLists.txt
@ -2,12 +2,11 @@ zeek_add_plugin(
    Zeek
    MySQL
    SOURCES
-        MySQL.cc
+    MySQL.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        events.bif
+    events.bif
    PAC
-        mysql.pac
+    mysql.pac
-        mysql-analyzer.pac
+    mysql-analyzer.pac
-        mysql-protocol.pac
+    mysql-protocol.pac)
 )
--- a/src/analyzer/protocol/ncp/CMakeLists.txt
+++ b/src/analyzer/protocol/ncp/CMakeLists.txt
@ -2,11 +2,10 @@ zeek_add_plugin(
    Zeek
    NCP
    SOURCES
-        NCP.cc
+    NCP.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        events.bif
+    events.bif
-        consts.bif
+    consts.bif
    PAC
-        ncp.pac
+    ncp.pac)
 )
--- a/src/analyzer/protocol/netbios/CMakeLists.txt
+++ b/src/analyzer/protocol/netbios/CMakeLists.txt
@ -2,9 +2,8 @@ zeek_add_plugin(
    Zeek
    NetBIOS
    SOURCES
-        NetbiosSSN.cc
+    NetbiosSSN.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        events.bif
+    events.bif
-        functions.bif
+    functions.bif)
 )
--- a/src/analyzer/protocol/ntlm/CMakeLists.txt
+++ b/src/analyzer/protocol/ntlm/CMakeLists.txt
@ -2,13 +2,12 @@ zeek_add_plugin(
    Zeek
    NTLM
    SOURCES
-        NTLM.cc
+    NTLM.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        types.bif
+    types.bif
-        events.bif
+    events.bif
    PAC
-        ntlm.pac
+    ntlm.pac
-        ntlm-protocol.pac
+    ntlm-protocol.pac
-        ntlm-analyzer.pac
+    ntlm-analyzer.pac)
 )
--- a/src/analyzer/protocol/ntp/CMakeLists.txt
+++ b/src/analyzer/protocol/ntp/CMakeLists.txt
@ -2,14 +2,13 @@ zeek_add_plugin(
    Zeek
    NTP
    SOURCES
-        NTP.cc
+    NTP.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        types.bif
+    types.bif
-        events.bif
+    events.bif
    PAC
-        ntp.pac
+    ntp.pac
-        ntp-analyzer.pac
+    ntp-analyzer.pac
-        ntp-mode7.pac
+    ntp-mode7.pac
-        ntp-protocol.pac
+    ntp-protocol.pac)
 )
--- a/src/analyzer/protocol/ntp/ntp-analyzer.pac
+++ b/src/analyzer/protocol/ntp/ntp-analyzer.pac
@ -130,11 +130,25 @@
 refine flow NTP_Flow += {
 	%member{
 		bool flipped_;
 	%}
 	%init{
 		flipped_ = false;
 	%}
 	function proc_ntp_message(msg: NTP_PDU): bool
 		%{
 		connection()->zeek_analyzer()->AnalyzerConfirmation();
 		// Flip roles for SERVER mode message from orig or a CLIENT mode message from resp.
 		if ( ((${msg.mode} == SERVER && is_orig()) || (${msg.mode} == CLIENT && ! is_orig())) && ! flipped_ )
 			{
 			connection()->zeek_analyzer()->Conn()->FlipRoles();
 			flipped_ = true;
 			}
 		if ( ! ntp_message )
 			return false;
--- a/src/analyzer/protocol/ntp/ntp-protocol.pac
+++ b/src/analyzer/protocol/ntp/ntp-protocol.pac
@ -1,5 +1,14 @@
 # This is the common part in the header format.
 # See RFC 5905 for details
 enum NTP_Mode {
 	SYMMETRIC_ACTIVE = 1,
 	SYMMETRIC_PASSIVE = 2,
 	CLIENT = 3,
 	SERVER = 4,
 	BROADCAST_SERVER = 5,
 	BROADCAST_CLIENT = 6,
 };
 type NTP_PDU(is_orig: bool) = record {
 	# The first byte of the NTP header contains the leap indicator,
 	# the version and the mode
--- a/src/analyzer/protocol/pia/CMakeLists.txt
+++ b/src/analyzer/protocol/pia/CMakeLists.txt
@ -1,7 +1 @@
-zeek_add_plugin(
+zeek_add_plugin(Zeek PIA SOURCES PIA.cc Plugin.cc)
    Zeek
    PIA
    SOURCES
        PIA.cc
        Plugin.cc
 )
--- a/src/analyzer/protocol/pop3/CMakeLists.txt
+++ b/src/analyzer/protocol/pop3/CMakeLists.txt
@ -2,8 +2,7 @@ zeek_add_plugin(
    Zeek
    POP3
    SOURCES
-        POP3.cc
+    POP3.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        events.bif
+    events.bif)
 )
--- a/src/analyzer/protocol/radius/CMakeLists.txt
+++ b/src/analyzer/protocol/radius/CMakeLists.txt
@ -2,12 +2,11 @@ zeek_add_plugin(
    Zeek
    RADIUS
    SOURCES
-        RADIUS.cc
+    RADIUS.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        events.bif
+    events.bif
    PAC
-        radius.pac
+    radius.pac
-        radius-analyzer.pac
+    radius-analyzer.pac
-        radius-protocol.pac
+    radius-protocol.pac)
 )
--- a/src/analyzer/protocol/rdp/CMakeLists.txt
+++ b/src/analyzer/protocol/rdp/CMakeLists.txt
@ -2,19 +2,18 @@ zeek_add_plugin(
    Zeek
    RDP
    SOURCES
-        RDPEUDP.cc
+    RDPEUDP.cc
-        RDP.cc
+    RDP.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        events.bif
+    events.bif
-        types.bif
+    types.bif
    PAC
-        rdp.pac
+    rdp.pac
-        rdp-analyzer.pac
+    rdp-analyzer.pac
-        rdp-protocol.pac
+    rdp-protocol.pac
-        ${PROJECT_SOURCE_DIR}/src/analyzer/protocol/asn1/asn1.pac
+    ${PROJECT_SOURCE_DIR}/src/analyzer/protocol/asn1/asn1.pac
    PAC
-        rdpeudp.pac
+    rdpeudp.pac
-        rdpeudp-analyzer.pac
+    rdpeudp-analyzer.pac
-        rdpeudp-protocol.pac
+    rdpeudp-protocol.pac)
 )
--- a/src/analyzer/protocol/rfb/CMakeLists.txt
+++ b/src/analyzer/protocol/rfb/CMakeLists.txt
@ -2,12 +2,11 @@ zeek_add_plugin(
    Zeek
    RFB
    SOURCES
-        RFB.cc
+    RFB.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        events.bif
+    events.bif
    PAC
-        rfb.pac
+    rfb.pac
-        rfb-analyzer.pac
+    rfb-analyzer.pac
-        rfb-protocol.pac
+    rfb-protocol.pac)
 )
--- a/src/analyzer/protocol/rpc/CMakeLists.txt
+++ b/src/analyzer/protocol/rpc/CMakeLists.txt
@ -2,12 +2,11 @@ zeek_add_plugin(
    Zeek
    RPC
    SOURCES
-        RPC.cc
+    RPC.cc
-        NFS.cc
+    NFS.cc
-        MOUNT.cc
+    MOUNT.cc
-        Portmap.cc
+    Portmap.cc
-        XDR.cc
+    XDR.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        events.bif
+    events.bif)
 )
--- a/src/analyzer/protocol/sip/CMakeLists.txt
+++ b/src/analyzer/protocol/sip/CMakeLists.txt
@ -2,17 +2,16 @@ zeek_add_plugin(
    Zeek
    SIP
    SOURCES
-        Plugin.cc
+    Plugin.cc
-        SIP.cc
+    SIP.cc
-        SIP_TCP.cc
+    SIP_TCP.cc
    BIFS
-        events.bif
+    events.bif
    PAC
-        sip.pac
+    sip.pac
-        sip-analyzer.pac
+    sip-analyzer.pac
-        sip-protocol.pac
+    sip-protocol.pac
    PAC
-        sip_TCP.pac
+    sip_TCP.pac
-        sip-protocol.pac
+    sip-protocol.pac
-        sip-analyzer.pac
+    sip-analyzer.pac)
 )
--- a/src/analyzer/protocol/smb/CMakeLists.txt
+++ b/src/analyzer/protocol/smb/CMakeLists.txt
@ -2,88 +2,87 @@ zeek_add_plugin(
    Zeek
    SMB
    SOURCES
-        SMB.cc
+    SMB.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        # SMB 1.
+    # SMB 1.
-	      smb1_com_check_directory.bif
+    smb1_com_check_directory.bif
-	      smb1_com_close.bif
+    smb1_com_close.bif
-	      smb1_com_create_directory.bif
+    smb1_com_create_directory.bif
-	      smb1_com_echo.bif
+    smb1_com_echo.bif
-	      smb1_com_logoff_andx.bif
+    smb1_com_logoff_andx.bif
-	      smb1_com_negotiate.bif
+    smb1_com_negotiate.bif
-	      smb1_com_nt_create_andx.bif
+    smb1_com_nt_create_andx.bif
-	      smb1_com_nt_cancel.bif
+    smb1_com_nt_cancel.bif
-	      smb1_com_query_information.bif
+    smb1_com_query_information.bif
-	      smb1_com_read_andx.bif
+    smb1_com_read_andx.bif
-	      smb1_com_session_setup_andx.bif
+    smb1_com_session_setup_andx.bif
-	      smb1_com_transaction.bif
+    smb1_com_transaction.bif
-	      smb1_com_transaction_secondary.bif
+    smb1_com_transaction_secondary.bif
-	      smb1_com_transaction2.bif
+    smb1_com_transaction2.bif
-	      smb1_com_transaction2_secondary.bif
+    smb1_com_transaction2_secondary.bif
-	      smb1_com_tree_connect_andx.bif
+    smb1_com_tree_connect_andx.bif
-	      smb1_com_tree_disconnect.bif
+    smb1_com_tree_disconnect.bif
-	      smb1_com_write_andx.bif
+    smb1_com_write_andx.bif
-	      smb1_events.bif
+    smb1_events.bif
-        # SMB 2.
+    # SMB 2.
-	      smb2_com_close.bif
+    smb2_com_close.bif
-	      smb2_com_create.bif
+    smb2_com_create.bif
-	      smb2_com_negotiate.bif
+    smb2_com_negotiate.bif
-	      smb2_com_read.bif
+    smb2_com_read.bif
-	      smb2_com_session_setup.bif
+    smb2_com_session_setup.bif
-	      smb2_com_set_info.bif
+    smb2_com_set_info.bif
-	      smb2_com_tree_connect.bif
+    smb2_com_tree_connect.bif
-	      smb2_com_tree_disconnect.bif
+    smb2_com_tree_disconnect.bif
-	      smb2_com_write.bif
+    smb2_com_write.bif
-	      smb2_com_transform_header.bif
+    smb2_com_transform_header.bif
-	      smb2_events.bif
+    smb2_events.bif
-        # Common boilerplate.
+    # Common boilerplate.
-	      events.bif
+    events.bif
-	      consts.bif
+    consts.bif
-	      types.bif
+    types.bif
    PAC
-        # Common boilerplate.
+    # Common boilerplate.
-	      smb.pac
+    smb.pac
-	      smb-common.pac
+    smb-common.pac
-	      smb-strings.pac
+    smb-strings.pac
-	      smb-time.pac
+    smb-time.pac
-	      smb-pipe.pac
+    smb-pipe.pac
-	      smb-gssapi.pac
+    smb-gssapi.pac
-	      smb-mailslot.pac
+    smb-mailslot.pac
-        # SMB 1.
+    # SMB 1.
-	      smb1-protocol.pac
+    smb1-protocol.pac
-	      smb1-com-check-directory.pac
+    smb1-com-check-directory.pac
-	      smb1-com-close.pac
+    smb1-com-close.pac
-	      smb1-com-create-directory.pac
+    smb1-com-create-directory.pac
-	      smb1-com-echo.pac
+    smb1-com-echo.pac
-	      smb1-com-locking-andx.pac
+    smb1-com-locking-andx.pac
-	      smb1-com-logoff-andx.pac
+    smb1-com-logoff-andx.pac
-	      smb1-com-negotiate.pac
+    smb1-com-negotiate.pac
-	      smb1-com-nt-cancel.pac
+    smb1-com-nt-cancel.pac
-	      smb1-com-nt-create-andx.pac
+    smb1-com-nt-create-andx.pac
-	      smb1-com-nt-transact.pac
+    smb1-com-nt-transact.pac
-	      smb1-com-query-information.pac
+    smb1-com-query-information.pac
-	      smb1-com-read-andx.pac
+    smb1-com-read-andx.pac
-	      smb1-com-session-setup-andx.pac
+    smb1-com-session-setup-andx.pac
-	      smb1-com-transaction-secondary.pac
+    smb1-com-transaction-secondary.pac
-	      smb1-com-transaction.pac
+    smb1-com-transaction.pac
-	      smb1-com-transaction2.pac
+    smb1-com-transaction2.pac
-	      smb1-com-transaction2-secondary.pac
+    smb1-com-transaction2-secondary.pac
-	      smb1-com-tree-connect-andx.pac
+    smb1-com-tree-connect-andx.pac
-	      smb1-com-tree-disconnect.pac
+    smb1-com-tree-disconnect.pac
-	      smb1-com-write-andx.pac
+    smb1-com-write-andx.pac
-        # SMB 2.
+    # SMB 2.
-	      smb2-protocol.pac
+    smb2-protocol.pac
-	      smb2-com-close.pac
+    smb2-com-close.pac
-	      smb2-com-create.pac
+    smb2-com-create.pac
-	      smb2-com-ioctl.pac
+    smb2-com-ioctl.pac
-	      smb2-com-lock.pac
+    smb2-com-lock.pac
-	      smb2-com-negotiate.pac
+    smb2-com-negotiate.pac
-	      smb2-com-read.pac
+    smb2-com-read.pac
-	      smb2-com-session-setup.pac
+    smb2-com-session-setup.pac
-	      smb2-com-set-info.pac
+    smb2-com-set-info.pac
-	      smb2-com-tree-connect.pac
+    smb2-com-tree-connect.pac
-	      smb2-com-tree-disconnect.pac
+    smb2-com-tree-disconnect.pac
-	      smb2-com-write.pac
+    smb2-com-write.pac
-	      smb2-com-transform-header.pac
+    smb2-com-transform-header.pac)
 )
--- a/src/analyzer/protocol/smb/consts.bif
+++ b/src/analyzer/protocol/smb/consts.bif
@ -1 +1,2 @@
 const SMB::pipe_filenames: string_set;
 const SMB::max_pending_messages: count;
--- a/src/analyzer/protocol/smb/smb2-com-ioctl.pac
+++ b/src/analyzer/protocol/smb/smb2-com-ioctl.pac
@ -17,6 +17,17 @@ refine connection SMB_Conn += {
 	function proc_smb2_ioctl_request(val: SMB2_ioctl_request) : bool
 		%{
 		if ( zeek::BifConst::SMB::max_pending_messages > 0 &&
 		     smb2_ioctl_fids.size() >= zeek::BifConst::SMB::max_pending_messages )
 			{
 			if ( smb2_discarded_messages_state )
 				zeek::BifEvent::enqueue_smb2_discarded_messages_state(zeek_analyzer(), zeek_analyzer()->Conn(),
 				                                                     zeek::make_intrusive<zeek::StringVal>("ioctl"));
 			smb2_ioctl_fids.clear();
 			}
 		smb2_ioctl_fids[${val.header.message_id}] = ${val.file_id.persistent} + ${val.file_id._volatile};
 		return true;
 		%}
--- a/src/analyzer/protocol/smb/smb2-com-read.pac
+++ b/src/analyzer/protocol/smb/smb2-com-read.pac
@ -34,6 +34,17 @@ refine connection SMB_Conn += {
 			                                    ${val.read_len});
 			}
 		if ( zeek::BifConst::SMB::max_pending_messages > 0 &&
 		     (smb2_read_offsets.size() >= zeek::BifConst::SMB::max_pending_messages ||
 		      smb2_read_fids.size() >= zeek::BifConst::SMB::max_pending_messages) )
 			{
 			if ( smb2_discarded_messages_state )
 				zeek::BifEvent::enqueue_smb2_discarded_messages_state(zeek_analyzer(), zeek_analyzer()->Conn(),
 				                                                      zeek::make_intrusive<zeek::StringVal>("read"));
 			smb2_read_offsets.clear();
 			smb2_read_fids.clear();
 			}
 		smb2_read_offsets[${h.message_id}] = ${val.offset};
 		smb2_read_fids[${h.message_id}] = ${val.file_id.persistent} + ${val.file_id._volatile};
--- a/src/analyzer/protocol/smb/smb2-protocol.pac
+++ b/src/analyzer/protocol/smb/smb2-protocol.pac
@ -230,6 +230,16 @@ refine connection SMB_Conn += {
 		%{
 		if ( is_orig )
 			{
 			if ( zeek::BifConst::SMB::max_pending_messages > 0 &&
 			     smb2_request_tree_id.size() >= zeek::BifConst::SMB::max_pending_messages )
 				{
 				if ( smb2_discarded_messages_state )
 					zeek::BifEvent::enqueue_smb2_discarded_messages_state(zeek_analyzer(), zeek_analyzer()->Conn(),
 					                                                     zeek::make_intrusive<zeek::StringVal>("tree"));
 				smb2_request_tree_id.clear();
 				}
 			// Store the tree_id
 			smb2_request_tree_id[${h.message_id}] = ${h.tree_id};
 			}
--- a/src/analyzer/protocol/smb/smb2_events.bif
+++ b/src/analyzer/protocol/smb/smb2_events.bif
@ -15,3 +15,16 @@
 ##
 ## .. zeek:see:: smb1_message
 event smb2_message%(c: connection, hdr: SMB2::Header, is_orig: bool%);
 ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)`
 ## version 2 connections for which pending read, ioctl or tree requests exceeds
 ## the :zeek:see:`SMB::max_pending_messages` setting. This event indicates either
 ## traffic loss, traffic load-balancing issues, or failures to parse or match
 ## SMB responses with SMB requests. When this event is raised, internal per-connection
 ## parser state has been reset.
 ##
 ## c: The affected connection.
 ##
 ## state: String describing what kind of state was affected.
 ##        One of read, ioctl or tree.
 event smb2_discarded_messages_state%(c: connection, state: string%);
--- a/src/analyzer/protocol/smtp/CMakeLists.txt
+++ b/src/analyzer/protocol/smtp/CMakeLists.txt
@ -2,9 +2,8 @@ zeek_add_plugin(
    Zeek
    SMTP
    SOURCES
-        SMTP.cc
+    SMTP.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        events.bif
+    events.bif
-        functions.bif
+    functions.bif)
 )
--- a/src/analyzer/protocol/snmp/CMakeLists.txt
+++ b/src/analyzer/protocol/snmp/CMakeLists.txt
@ -2,14 +2,13 @@ zeek_add_plugin(
    Zeek
    SNMP
    SOURCES
-        SNMP.cc
+    SNMP.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        types.bif
+    types.bif
-        events.bif
+    events.bif
    PAC
-        snmp.pac
+    snmp.pac
-        snmp-protocol.pac
+    snmp-protocol.pac
-        snmp-analyzer.pac
+    snmp-analyzer.pac
-        ${PROJECT_SOURCE_DIR}/src/analyzer/protocol/asn1/asn1.pac
+    ${PROJECT_SOURCE_DIR}/src/analyzer/protocol/asn1/asn1.pac)
 )
--- a/src/analyzer/protocol/socks/CMakeLists.txt
+++ b/src/analyzer/protocol/socks/CMakeLists.txt
@ -2,12 +2,11 @@ zeek_add_plugin(
    Zeek
    SOCKS
    SOURCES
-        SOCKS.cc
+    SOCKS.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        events.bif
+    events.bif
    PAC
-        socks.pac
+    socks.pac
-        socks-protocol.pac
+    socks-protocol.pac
-        socks-analyzer.pac
+    socks-analyzer.pac)
 )
--- a/src/analyzer/protocol/ssh/CMakeLists.txt
+++ b/src/analyzer/protocol/ssh/CMakeLists.txt
@ -2,14 +2,13 @@ zeek_add_plugin(
    Zeek
    SSH
    SOURCES
-        SSH.cc
+    SSH.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        types.bif
+    types.bif
-        events.bif
+    events.bif
    PAC
-        ssh.pac
+    ssh.pac
-        ssh-analyzer.pac
+    ssh-analyzer.pac
-        ssh-protocol.pac
+    ssh-protocol.pac
-        consts.pac
+    consts.pac)
 )
--- a/src/analyzer/protocol/ssl/CMakeLists.txt
+++ b/src/analyzer/protocol/ssl/CMakeLists.txt
@ -2,34 +2,33 @@ zeek_add_plugin(
    Zeek
    SSL
    SOURCES
-        SSL.cc
+    SSL.cc
-        DTLS.cc
+    DTLS.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        types.bif
+    types.bif
-        events.bif
+    events.bif
-        functions.bif
+    functions.bif
-        consts.bif
+    consts.bif
    PAC
-        tls-handshake.pac
+    tls-handshake.pac
-        tls-handshake-protocol.pac
+    tls-handshake-protocol.pac
-        tls-handshake-analyzer.pac
+    tls-handshake-analyzer.pac
-        ssl-defs.pac
+    ssl-defs.pac
-        proc-certificate.pac
+    proc-certificate.pac
-        tls-handshake-signed_certificate_timestamp.pac
+    tls-handshake-signed_certificate_timestamp.pac
    PAC
-        ssl.pac
+    ssl.pac
-        ssl-dtls-analyzer.pac
+    ssl-dtls-analyzer.pac
-        ssl-analyzer.pac
+    ssl-analyzer.pac
-        ssl-dtls-protocol.pac
+    ssl-dtls-protocol.pac
-        ssl-protocol.pac
+    ssl-protocol.pac
-        ssl-defs.pac
+    ssl-defs.pac
-        proc-certificate.pac
+    proc-certificate.pac
    PAC
-        dtls.pac
+    dtls.pac
-        ssl-dtls-analyzer.pac
+    ssl-dtls-analyzer.pac
-        dtls-analyzer.pac
+    dtls-analyzer.pac
-        ssl-dtls-protocol.pac
+    ssl-dtls-protocol.pac
-        dtls-protocol.pac
+    dtls-protocol.pac
-        ssl-defs.pac
+    ssl-defs.pac)
 )
--- a/src/analyzer/protocol/syslog/CMakeLists.txt
+++ b/src/analyzer/protocol/syslog/CMakeLists.txt
@ -1,9 +1,8 @@
 spicy_add_analyzer(
-  NAME
+    NAME
    Syslog
-  SOURCES
+    SOURCES
    syslog.spicy
    syslog.evt
-  LEGACY
+    LEGACY
-    legacy
+    legacy)
 )
--- a/src/analyzer/protocol/syslog/legacy/CMakeLists.txt
+++ b/src/analyzer/protocol/syslog/legacy/CMakeLists.txt
@ -2,12 +2,11 @@ zeek_add_plugin(
    Zeek
    Syslog
    SOURCES
-        Syslog.cc
+    Syslog.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        events.bif
+    events.bif
    PAC
-        syslog.pac
+    syslog.pac
-        syslog-analyzer.pac
+    syslog-analyzer.pac
-        syslog-protocol.pac
+    syslog-protocol.pac)
 )
--- a/src/analyzer/protocol/tcp/CMakeLists.txt
+++ b/src/analyzer/protocol/tcp/CMakeLists.txt
@ -2,13 +2,12 @@ zeek_add_plugin(
    Zeek
    TCP
    SOURCES
-        TCP.cc
+    TCP.cc
-        TCP_Endpoint.cc
+    TCP_Endpoint.cc
-        TCP_Reassembler.cc
+    TCP_Reassembler.cc
-        ContentLine.cc
+    ContentLine.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        events.bif
+    events.bif
-        types.bif
+    types.bif
-        functions.bif
+    functions.bif)
 )
--- a/src/analyzer/protocol/xmpp/CMakeLists.txt
+++ b/src/analyzer/protocol/xmpp/CMakeLists.txt
@ -2,12 +2,11 @@ zeek_add_plugin(
    Zeek
    XMPP
    SOURCES
-        Plugin.cc
+    Plugin.cc
-        XMPP.cc
+    XMPP.cc
    BIFS
-        events.bif
+    events.bif
    PAC
-        xmpp.pac
+    xmpp.pac
-        xmpp-analyzer.pac
+    xmpp-analyzer.pac
-        xmpp-protocol.pac
+    xmpp-protocol.pac)
 )
--- a/src/analyzer/protocol/zip/CMakeLists.txt
+++ b/src/analyzer/protocol/zip/CMakeLists.txt
@ -1,7 +1 @@
-zeek_add_plugin(
+zeek_add_plugin(Zeek ZIP SOURCES ZIP.cc Plugin.cc)
    Zeek
    ZIP
    SOURCES
        ZIP.cc
        Plugin.cc
 )
--- a/src/broker/CMakeLists.txt
+++ b/src/broker/CMakeLists.txt
@ -1,13 +1,14 @@
 zeek_add_subdir_library(
    comm
-    INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}
+    INCLUDE_DIRS
    ${CMAKE_CURRENT_SOURCE_DIR}
    ${CMAKE_CURRENT_BINARY_DIR}
    SOURCES
-        Data.cc
+    Data.cc
-        Manager.cc
+    Manager.cc
-        Store.cc
+    Store.cc
    BIFS
-        comm.bif
+    comm.bif
-        data.bif
+    data.bif
-        messaging.bif
+    messaging.bif
-        store.bif
+    store.bif)
 )
--- a/src/file_analysis/CMakeLists.txt
+++ b/src/file_analysis/CMakeLists.txt
@ -1,16 +1,17 @@
 zeek_add_subdir_library(
    file_analysis
-    INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}
+    INCLUDE_DIRS
    ${CMAKE_CURRENT_SOURCE_DIR}
    ${CMAKE_CURRENT_BINARY_DIR}
    SOURCES
-        Manager.cc
+    Manager.cc
-        File.cc
+    File.cc
-        FileTimer.cc
+    FileTimer.cc
-        FileReassembler.cc
+    FileReassembler.cc
-        Analyzer.cc
+    Analyzer.cc
-        AnalyzerSet.cc
+    AnalyzerSet.cc
-        Component.cc
+    Component.cc
    BIFS
-        file_analysis.bif
+    file_analysis.bif)
 )
 add_subdirectory(analyzer)
--- a/src/file_analysis/analyzer/data_event/CMakeLists.txt
+++ b/src/file_analysis/analyzer/data_event/CMakeLists.txt
@ -2,8 +2,7 @@ zeek_add_plugin(
    Zeek
    FileDataEvent
    SOURCES
-        DataEvent.cc
+    DataEvent.cc
-        Plugin.cc
+    Plugin.cc
    INCLUDE_DIRS
-        "${CMAKE_CURRENT_SOURCE_DIR}"
+    "${CMAKE_CURRENT_SOURCE_DIR}")
 )
--- a/src/file_analysis/analyzer/entropy/CMakeLists.txt
+++ b/src/file_analysis/analyzer/entropy/CMakeLists.txt
@ -2,8 +2,7 @@ zeek_add_plugin(
    Zeek
    FileEntropy
    SOURCES
-        Entropy.cc
+    Entropy.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        events.bif
+    events.bif)
 )
--- a/src/file_analysis/analyzer/extract/CMakeLists.txt
+++ b/src/file_analysis/analyzer/extract/CMakeLists.txt
@ -2,9 +2,8 @@ zeek_add_plugin(
    Zeek
    FileExtract
    SOURCES
-        Extract.cc
+    Extract.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        events.bif
+    events.bif
-        functions.bif
+    functions.bif)
 )
--- a/src/file_analysis/analyzer/hash/CMakeLists.txt
+++ b/src/file_analysis/analyzer/hash/CMakeLists.txt
@ -2,8 +2,7 @@ zeek_add_plugin(
    Zeek
    FileHash
    SOURCES
-        Hash.cc
+    Hash.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        events.bif
+    events.bif)
 )
--- a/src/file_analysis/analyzer/pe/CMakeLists.txt
+++ b/src/file_analysis/analyzer/pe/CMakeLists.txt
@ -2,15 +2,14 @@ zeek_add_plugin(
    Zeek
    PE
    SOURCES
-        PE.cc
+    PE.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        events.bif
+    events.bif
    PAC
-        pe.pac
+    pe.pac
-        pe-analyzer.pac
+    pe-analyzer.pac
-        pe-file-headers.pac
+    pe-file-headers.pac
-        pe-file-idata.pac
+    pe-file-idata.pac
-        pe-file.pac
+    pe-file.pac
-        pe-file-types.pac
+    pe-file-types.pac)
 )
--- a/src/file_analysis/analyzer/x509/CMakeLists.txt
+++ b/src/file_analysis/analyzer/x509/CMakeLists.txt
@ -2,16 +2,15 @@ zeek_add_plugin(
    Zeek
    X509
    SOURCES
-        X509Common.cc
+    X509Common.cc
-        X509.cc
+    X509.cc
-        OCSP.cc
+    OCSP.cc
-        Plugin.cc
+    Plugin.cc
    BIFS
-        events.bif
+    events.bif
-        types.bif
+    types.bif
-        functions.bif
+    functions.bif
-        ocsp_events.bif
+    ocsp_events.bif
    PAC
-        x509-extension.pac
+    x509-extension.pac
-        x509-signed_certificate_timestamp.pac
+    x509-signed_certificate_timestamp.pac)
 )
--- a/src/fuzzers/CMakeLists.txt
+++ b/src/fuzzers/CMakeLists.txt
@ -1,18 +1,18 @@
-########################################################################
+# ##############################################################################
-## Fuzzing targets
+# Fuzzing targets
-if ( NOT ZEEK_ENABLE_FUZZERS )
+if (NOT ZEEK_ENABLE_FUZZERS)
    return()
 endif ()
-if ( NOT DEFINED ZEEK_FUZZING_ENGINE AND DEFINED ENV{LIB_FUZZING_ENGINE} )
+if (NOT DEFINED ZEEK_FUZZING_ENGINE AND DEFINED ENV{LIB_FUZZING_ENGINE})
-    if ( "$ENV{LIB_FUZZING_ENGINE}" STREQUAL "" )
+    if ("$ENV{LIB_FUZZING_ENGINE}" STREQUAL "")
        # Empty LIB_FUZZING_ENGINE, assume libFuzzer
        set(ZEEK_FUZZING_ENGINE "-fsanitize=fuzzer" CACHE INTERNAL "" FORCE)
    else ()
-        STRING(SUBSTRING "$ENV{LIB_FUZZING_ENGINE}" 0 1 _first_char)
+        string(SUBSTRING "$ENV{LIB_FUZZING_ENGINE}" 0 1 _first_char)
-        if ( "${_first_char}" STREQUAL "-" OR EXISTS "$ENV{LIB_FUZZING_ENGINE}" )
+        if ("${_first_char}" STREQUAL "-" OR EXISTS "$ENV{LIB_FUZZING_ENGINE}")
            # Looks like a linker flag or valid file, use it
            set(ZEEK_FUZZING_ENGINE "$ENV{LIB_FUZZING_ENGINE}" CACHE INTERNAL "" FORCE)
        else ()
@ -23,37 +23,36 @@ if ( NOT DEFINED ZEEK_FUZZING_ENGINE AND DEFINED ENV{LIB_FUZZING_ENGINE} )
 endif ()
 # The bind library is handled a bit hack-ishly since it defaults to linking it
-# as static library by default on Linux, but at least on one common distro,
+# as static library by default on Linux, but at least on one common distro, that
-# that static library wasn't compiled with -fPIC and so not usable in the
+# static library wasn't compiled with -fPIC and so not usable in the shared
-# shared library we're trying to build.  So instead, the fuzzer executable, not
+# library we're trying to build.  So instead, the fuzzer executable, not the
-# the shared lib, links it.
+# shared lib, links it.
 string(REGEX MATCH ".*\\.a$" _have_static_bind_lib "${BIND_LIBRARY}")
-macro(SETUP_FUZZ_TARGET _fuzz_target _fuzz_source)
+macro (SETUP_FUZZ_TARGET _fuzz_target _fuzz_source)
    add_executable(${_fuzz_target} ${_fuzz_source} ${ARGN})
    target_link_libraries(${_fuzz_target} zeek_fuzzer_shared)
-    if ( _have_static_bind_lib )
+    if (_have_static_bind_lib)
        target_link_libraries(${_fuzz_target} ${BIND_LIBRARY})
    endif ()
    target_link_libraries(${_fuzz_target} ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS})
-    if ( DEFINED ZEEK_FUZZING_ENGINE )
+    if (DEFINED ZEEK_FUZZING_ENGINE)
        target_link_libraries(${_fuzz_target} ${ZEEK_FUZZING_ENGINE})
    else ()
-        target_link_libraries(${_fuzz_target}
+        target_link_libraries(${_fuzz_target} $<TARGET_OBJECTS:zeek_fuzzer_standalone>)
                              $<TARGET_OBJECTS:zeek_fuzzer_standalone>)
    endif ()
-endmacro()
+endmacro ()
-macro(ADD_FUZZ_TARGET _name)
+macro (ADD_FUZZ_TARGET _name)
    set(_fuzz_target zeek-${_name}-fuzzer)
    set(_fuzz_source ${_name}-fuzzer.cc)
    setup_fuzz_target(${_fuzz_target} ${_fuzz_source})
 endmacro ()
-macro(ADD_GENERIC_ANALYZER_FUZZ_TARGET _name)
+macro (ADD_GENERIC_ANALYZER_FUZZ_TARGET _name)
    set(_fuzz_target zeek-${_name}-fuzzer)
    set(_fuzz_source generic-analyzer-fuzzer.cc)
    setup_fuzz_target(${_fuzz_target} ${_fuzz_source})
@ -68,9 +67,9 @@ target_sources(zeek_fuzzer_shared PRIVATE FuzzBuffer.cc)
 set(zeek_fuzzer_shared_deps)
-foreach(_dep ${zeekdeps} )
+foreach (_dep ${zeekdeps})
-    if ( "${_dep}" STREQUAL "${BIND_LIBRARY}" )
+    if ("${_dep}" STREQUAL "${BIND_LIBRARY}")
-        if ( NOT _have_static_bind_lib )
+        if (NOT _have_static_bind_lib)
            set(zeek_fuzzer_shared_deps ${zeek_fuzzer_shared_deps} ${_dep})
        endif ()
    else ()
@ -78,9 +77,8 @@ foreach(_dep ${zeekdeps} )
    endif ()
 endforeach ()
-target_link_libraries(zeek_fuzzer_shared PUBLIC
+target_link_libraries(zeek_fuzzer_shared PUBLIC ${zeek_fuzzer_shared_deps}
-                      ${zeek_fuzzer_shared_deps}
+                                                ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS})
                      ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS})
 add_fuzz_target(packet)
 add_fuzz_target(dns)
@ -104,26 +102,27 @@ add_generic_analyzer_fuzz_target(radius)
 add_generic_analyzer_fuzz_target(rdp)
 add_generic_analyzer_fuzz_target(rdpeudp)
 add_generic_analyzer_fuzz_target(rfb)
-add_generic_analyzer_fuzz_target(mount)      #rpc
+add_generic_analyzer_fuzz_target(mount) # rpc
-add_generic_analyzer_fuzz_target(nfs)        #rpc
+add_generic_analyzer_fuzz_target(nfs) # rpc
-add_generic_analyzer_fuzz_target(portmapper) #rpc
+add_generic_analyzer_fuzz_target(portmapper) # rpc
 add_generic_analyzer_fuzz_target(sip)
 add_generic_analyzer_fuzz_target(smb)
 add_generic_analyzer_fuzz_target(snmp)
 add_generic_analyzer_fuzz_target(ssh)
 add_generic_analyzer_fuzz_target(syslog)
-#add_generic_analyzer_fuzz_target(finger)  # no pcap files
+# add_generic_analyzer_fuzz_target(finger)  # no pcap files
-#add_generic_analyzer_fuzz_target(gssapi)  # only samples are embedded in smb
+# add_generic_analyzer_fuzz_target(gssapi)  # only samples are embedded in smb
-#add_generic_analyzer_fuzz_target(ident)   # no pcap files
+# add_generic_analyzer_fuzz_target(ident)   # no pcap files
-#add_generic_analyzer_fuzz_target(krb)     # should these just be handled by smb?
+# add_generic_analyzer_fuzz_target(krb)     # should these just be handled by
-#add_generic_analyzer_fuzz_target(krb_tcp) # should these just be handled by smb?
+# smb? add_generic_analyzer_fuzz_target(krb_tcp) # should these just be handled
-#add_generic_analyzer_fuzz_target(rsh)     # login - no pcap files
+# by smb? add_generic_analyzer_fuzz_target(rsh)     # login - no pcap files
-#add_generic_analyzer_fuzz_target(rlogin)  # login - no pcap files
+# add_generic_analyzer_fuzz_target(rlogin)  # login - no pcap files
-#add_generic_analyzer_fuzz_target(telnet)  # login - no pcap files
+# add_generic_analyzer_fuzz_target(telnet)  # login - no pcap files
-#add_generic_analyzer_fuzz_target(netbios) # no pcap files
+# add_generic_analyzer_fuzz_target(netbios) # no pcap files
-#add_generic_analyzer_fuzz_target(ntlm)    # only samples are embedded in dce-rpc or smb
+# add_generic_analyzer_fuzz_target(ntlm)    # only samples are embedded in
-#add_generic_analyzer_fuzz_target(xdr)     # rpc - no pcap files
+# dce-rpc or smb add_generic_analyzer_fuzz_target(xdr)     # rpc - no pcap files
-#add_generic_analyzer_fuzz_target(sip_tcp) # unnecessary?
+# add_generic_analyzer_fuzz_target(sip_tcp) # unnecessary?
-#add_generic_analyzer_fuzz_target(socks)   # can this one be tested by adding SOCKS pkts to the HTTP corpus?
+# add_generic_analyzer_fuzz_target(socks)   # can this one be tested by adding
-#add_generic_analyzer_fuzz_target(xmpp)    # no pcap files
+# SOCKS pkts to the HTTP corpus? add_generic_analyzer_fuzz_target(xmpp)    # no
 # pcap files
--- a/src/input/CMakeLists.txt
+++ b/src/input/CMakeLists.txt
@ -1,12 +1,11 @@
 zeek_add_subdir_library(
    input
    SOURCES
-        Component.cc
+    Component.cc
-        Manager.cc
+    Manager.cc
-        ReaderBackend.cc
+    ReaderBackend.cc
-        ReaderFrontend.cc
+    ReaderFrontend.cc
    BIFS
-        input.bif
+    input.bif)
 )
 add_subdirectory(readers)
--- a/src/input/readers/CMakeLists.txt
+++ b/src/input/readers/CMakeLists.txt
@ -1,4 +1,3 @@
 add_subdirectory(ascii)
 add_subdirectory(benchmark)
 add_subdirectory(binary)
@ -6,4 +5,4 @@ add_subdirectory(config)
 add_subdirectory(raw)
 if (USE_SQLITE)
    add_subdirectory(sqlite)
-endif()
+endif ()
--- a/Show more
+++ b/Show more
		`@ -1 +1 @@`
			`Subproject commit b6f138be79f7d4408302b1297b0c63092b019773`				`Subproject commit 4ad7a297223121b91c94caea6d28ca8888ec6dc1`
		`@ -1 +1 @@`
			`Subproject commit e820c29116a50a18079e783f47b96111eb7b5b0b`				`Subproject commit e4c7b7027d6053c66d8c278a8dbb9a7c2bac09ad`
		`@ -1 +1 @@`
			`Subproject commit 4fc4c31592c4823d675314bc981931de9e246057`				`Subproject commit 000834f60ab7540041c431a3657c23c7476e368d`
		`@ -1 +1 @@`
			`Subproject commit f1183514cd12468d34cb01b147c8d1859a657c31`				`Subproject commit 0c3cafb2ed638f88a446732fa03d90af9bcf796c`
		`@ -1 +1 @@`
			`Subproject commit 3e5b930d9690ef6b87dd034916598e0771f8688d`				`Subproject commit 8a2edd6d92ed820521d42c94d179462bf06b5ed3`
		`@ -1 +1 @@`
			`Subproject commit 8534f719a0a384769383bbd4ad71c9eb2084823d`				`Subproject commit 94eb4798e5cb1b749e42c84f2d4034c16f6cb9db`
		`@ -1 +1 @@`
			`Subproject commit 8011410a8a2ba9b57a544d20efd077f83ecb7eda`				`Subproject commit 2766a0c45a6dbcdcf26cd1209a73a13323854961`
		`@ -1 +1 @@`
			`Subproject commit 5ade27d716fd65342be592abf277eea114fefaa7`				`Subproject commit e1d8271af1f499b3d072c99ae717d2593f551645`
		`@ -1 +1 @@`
			`Subproject commit 2b40a6bafedbbf3fba16d292fd9fe8ba6e9de1bf`				`Subproject commit e36862b3a6e70bf8557885e12e74cbc91507a693`
		`@ -1 +1 @@`
			`Subproject commit fd326e9ced4c078f19ddd32e0afcbe1fe4817a3c`				`Subproject commit 1f16b5047b7478cd38eeb8cae7e11479932135fe`