v6.0.3

This release fixes the following security issues:

• A specially-crafted series of packets containing nested MIME entities can
  cause Zeek to spend large amounts of time parsing the entities. Due to the
  possibility of receiving these packets from remote hosts, this is a DoS
  risk.The fix included adds a new option (MIME::max_depth) to the MIME parser
  that limits the depth the parser will attempt to follow the entity nesting. If
  the limit is reached an exceeded_mime_max_depth weird is generated.

This release fixes the following bugs:

• CMake correctly passes along third-party package information when building
  plugins. This ensures that, for example, the same paths to OpenSSL used in a
  Zeek build are provided to a plugin build.

• Fix a problem with the HTTP analyzer where a signature regex ending in '$'
  used to match against 'http-request-body' or 'http-reply-bdoy' will never
  succeed. Thank you to GitHub user xb-anssi for this fix.

• The DNS analyzer now understands the Ed25519 and Ed448 signature algorithms.

• The SMB::State$recent_files field was not correctly expiring entries, leading
  to unbounded state growth. This is fixed to correctly follow the &read_expire
  condition on the field. Thank you to Slack user ya-sato for reporting this.

• The &create_expire attribute is now kept valid after clearing a table. After
  switching the known scripts away from broker stores, the &create_expire value
  of the local tables/sets of the known scripts wasn't in effect due to
  Cluster::node_up() and Cluster::node_down() re-assigning these without keeping
  the &create_expire attribute intact. This broke the "log hosts every 24h"
  behavior.

• Zeek builds using the --binary-package argument and including Spicy will now
  include all necessary Spicy symbols.