Reformat 7.2 NEWS entries for consistent line lengths

NEWS

@@ -9,28 +9,26 @@ Zeek 7.2.0
 Breaking Changes
 ----------------
 
-- The ``is_remote_event()``, ``current_analyzer()`` and ``current_event_time()``
-  builtin functions do not return the previous event's values anymore when event
-  draining has completed. The same applies to the corresponding C++ accessors on
-  the ``EventMgr`` class. The functions now return false, 0 or the zero time instead.
+- The ``is_remote_event()``, ``current_analyzer()`` and ``current_event_time()`` builtin
+  functions do not return the previous event's values anymore when event draining has
+  completed. The same applies to the corresponding C++ accessors on the ``EventMgr``
+  class. The functions now return false, 0 or the zero time instead.
 
 New Functionality
 -----------------
 
-- Some DNS events are not raised when ``dns_skip_all_addl`` is set to true.
-  Zeek now raises a warning when a script declares these events while this
-  option is set to true.
+- Some DNS events are not raised when ``dns_skip_all_addl`` is set to true.  Zeek now
+  raises a warning when a script declares these events while this option is set to true.
 
-- Types can now be used as constants in Zeek script. This allows types to be
-  directly passed into BIFs without aliasing.
+- Types can now be used as constants in Zeek script. This allows types to be directly
+  passed into BIFs without aliasing.
 
-- A new ``enc_part`` field was added to the Kerberos ``KRB_Response`` record
-  passed as part of the ``krb_as_response`` event. This field contains the
-  encrypted session information from a Kerberos response, including the cipher
-  and encrypted data.
+- A new ``enc_part`` field was added to the Kerberos ``KRB_Response`` record passed as
+  part of the ``krb_as_response`` event. This field contains the encrypted session
+  information from a Kerberos response, including the cipher and encrypted data.
 
-- Geneve tunnel options of the current packet can be extracted from scripts
-  using the new PacketAnalyzer::Geneve::get_options() builtin function.
+- Geneve tunnel options of the current packet can be extracted from scripts using the new
+  PacketAnalyzer::Geneve::get_options() builtin function.
 
 - The new ``is_valid_subnet()`` function mirrors ``is_valid_ip()``, for subnets.
 
@@ -55,12 +53,11 @@ New Functionality
     backend for NATS that will be available as an external plugin, but it is not quite
     ready yet. Both of the existing backends support usage in a cluster environment.
 
-- Broker now exposes more information through ``broker.log``. Broker generated
-  log messages are now propagated as events to Zeek. This allows exposing more
-  information for debugging and operational behavior of Broker via Zeek logs.
-  Two new script-level options ``Broker::log_severity_level`` and
-  ``Broker::log_stderr_severity_level`` have been introduced to control
-  the which events to expose by default.
+- Broker now exposes more information through ``broker.log``. Broker generated log
+  messages are now propagated as events to Zeek. This allows exposing more information for
+  debugging and operational behavior of Broker via Zeek logs.  Two new script-level
+  options ``Broker::log_severity_level`` and ``Broker::log_stderr_severity_level`` have
+  been introduced to control the which events to expose by default.
 
 - New WebSocket functionality was added to Zeek's cluster component.
 
@@ -89,71 +86,67 @@ New Functionality
 Changed Functionality
 ---------------------
 
-- The ``service`` field in the connection log is now sorted in the order that
-  protocol analyzers raise their confirmation events.
-  Since the time at which the protocol confirmation is raised depends on the
-  individual implementation of each analyzer, there is no specific meaning
-  to the order that the services appear. However, the order should be
-  deterministic between runs. It also will in many cases represent
-  the order in which layered protocols are parsed (e.g. "quic,ssl").
+- The ``service`` field in the connection log is now sorted in the order that protocol
+  analyzers raise their confirmation events.  Since the time at which the protocol
+  confirmation is raised depends on the individual implementation of each analyzer, there
+  is no specific meaning to the order that the services appear. However, the order should
+  be deterministic between runs. It also will in many cases represent the order in which
+  layered protocols are parsed (e.g. "quic,ssl").
 
-- The way that protocol violations are handled by the dynamic protocol
-  detection (DPD) changed. Now, a violation that is raised by an analyzer
-  before it is confirmed will immediately disable the analyzer. This adjusts
-  the behavior back to the historically desired state, and aligns it with
-  the treatment of confirmed analyzers.
+- The way that protocol violations are handled by the dynamic protocol detection (DPD)
+  changed. Now, a violation that is raised by an analyzer before it is confirmed will
+  immediately disable the analyzer. This adjusts the behavior back to the historically
+  desired state, and aligns it with the treatment of confirmed analyzers.
 
   As a consequence of this, the option ``DPD::max_violations`` is no longer used.
   It will be retained till Zeek 8.1 to prevent script errors, and raises a
   deprecation warning.
 
   To extend the visibility of protocol violations, a new option
-  ``DPD::track_removed_services_in_connection`` was added. Enabling it causes
-  failed analyzers to no longer be removed from the ``service`` field of the
-  connection log. Instead, analyzers are never removed after they are
-  confirmed.  Instead, failed analyzers are logged by additionally adding an
-  entry with a prepended "-". So a connection that attached the ``ssl``
-  analyzer which later failed due to a protocol error will be logged as
-  ``ssl,-ssl``.
+  ``DPD::track_removed_services_in_connection`` was added. Enabling it causes failed
+  analyzers to no longer be removed from the ``service`` field of the connection
+  log. Instead, analyzers are never removed after they are confirmed.  Instead, failed
+  analyzers are logged by additionally adding an entry with a prepended "-". So a
+  connection that attached the ``ssl`` analyzer which later failed due to a protocol error
+  will be logged as ``ssl,-ssl``.
 
   This change also adds a new policy script,
-  ``protocols/conn/failed-service-logging.zeek``. Loading this script adds the
-  column ``failed_service`` to the connection.log. This column contains the
-  list of protocol analyzers that failed due to a protocol error.
+  ``protocols/conn/failed-service-logging.zeek``. Loading this script adds the column
+  ``failed_service`` to the connection.log. This column contains the list of protocol
+  analyzers that failed due to a protocol error.
 
-- Command line options processing will no longer print usage whenever there
-  is an error. Instead, issues in command line processing will print an error,
-  then prompt to use --help. The --help usage will now print to standard output
-  rather than standard error.
+- Command line options processing will no longer print usage whenever there is an
+  error. Instead, issues in command line processing will print an error, then prompt to
+  use --help. The --help usage will now print to standard output rather than standard
+  error.
 
-- Saving seeds with ``--save-seeds`` will now put Zeek into deterministic mode.
-  A subsequent ``--load-seeds`` run with the same scripts and traces will produce
-  identical UID values as the original ``--save-seeds` run.
+- Saving seeds with ``--save-seeds`` will now put Zeek into deterministic mode.  A
+  subsequent ``--load-seeds`` run with the same scripts and traces will produce identical
+  UID values as the original ``--save-seeds` run.
 
-- The `policy/protocols/dns/detect-external-names.zeek` script now no longer logs
-  names that were found in mDNS broadcasts by default. This is configurable with
-  the new `DNS::skip_resp_host_port_pairs` option.
+- The `policy/protocols/dns/detect-external-names.zeek` script now no longer logs names
+  that were found in mDNS broadcasts by default. This is configurable with the new
+  `DNS::skip_resp_host_port_pairs` option.
 
   Furthermore, the script now supports and logs IPv6 results.
 
-- The ``mkdir()``, ``rmdir()``, ``unlink()``, and ``rename()`` functions now
-  trigger reporter warnings instead of builtin errors when hitting trouble. This
-  allows Zeek to continue gracefully in case of such problems, particularly
-  during ``zeek_init()``.
+- The ``mkdir()``, ``rmdir()``, ``unlink()``, and ``rename()`` functions now trigger
+  reporter warnings instead of builtin errors when hitting trouble. This allows Zeek to
+  continue gracefully in case of such problems, particularly during ``zeek_init()``.
 
-- The RDP analyzer now also parses connections that do not contain the cookie
-  field, which were previously rejected.
+- The RDP analyzer now also parses connections that do not contain the cookie field, which
+  were previously rejected.
 
-- An enum's zeek::detail::ID instance now holds its ``EnumVal``. For example,
-  looking up the "Conn::LOG" identifier allows to directly query the ``EnumVal``
-  using ``ID::GetVal()``.
+- An enum's zeek::detail::ID instance now holds its ``EnumVal``. For example, looking up
+  the "Conn::LOG" identifier allows to directly query the ``EnumVal`` using
+  ``ID::GetVal()``.
 
-- When the send buffer to a Broker peer overflows and the "disconnect" overflow
-  policy is in use, Zeek now only attempts to re-establish peerings when the
-  node observing the overflow originally established the peering. That is,
-  re-peering is now only attempted in consistency with the underlying Broker
-  peering topology. This avoids pointless connection attempts to ephemeral TCP
-  client-side ports, which clould clutter the Broker logs.
+- When the send buffer to a Broker peer overflows and the "disconnect" overflow policy is
+  in use, Zeek now only attempts to re-establish peerings when the node observing the
+  overflow originally established the peering. That is, re-peering is now only attempted
+  in consistency with the underlying Broker peering topology. This avoids pointless
+  connection attempts to ephemeral TCP client-side ports, which clould clutter the Broker
+  logs.
 
 Removed Functionality
 ---------------------
@@ -161,10 +154,9 @@ Removed Functionality
 Deprecated Functionality
 ------------------------
 
-- Support for DNS resolution of hostname literals in Zeek scripts has been
-  deprecated. If you've used this feature, use the new ``blocking_lookup_hostname()``
-  builtin function to populate sets or tables in a ``zeek_init()`` handler,
-  or with top-level statements.
+- Support for DNS resolution of hostname literals in Zeek scripts has been deprecated. If
+  you've used this feature, use the new ``blocking_lookup_hostname()`` builtin function to
+  populate sets or tables in a ``zeek_init()`` handler, or with top-level statements.
 
 - ``Broker::listen_websocket()`` was deprecated in favor of ``Cluster::listen_websocket()`.