openssh: bump to 9.9p2

Updated and removed upstreamed patch.

Highlights relating to security:

* Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1
  (inclusive) contained a logic error that allowed an on-path
  attacker (a.k.a MITM) to impersonate any server when the
  VerifyHostKeyDNS option is enabled. This option is off by default.

* Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1
  (inclusive) is vulnerable to a memory/CPU denial-of-service related
  to the handling of SSH2_MSG_PING packets. This condition may be
  mitigated using the existing PerSourcePenalties feature.

Both vulnerabilities were discovered and demonstrated to be exploitable
by the Qualys Security Advisory team. We thank them for their detailed
review of OpenSSH.

Full release notes: https://www.openssh.com/txt/release-9.9p2

Signed-off-by: John Audia <therealgraysky@proton.me>

diff --git a/net/openssh/Makefile b/net/openssh/Makefile
index d66ec8f9ad79a8ed82760950ca6b590236bda4e4..2e05d9591854061f8d3cd5e5974e71a4e29afeed 100644 (file)
--- a/net/openssh/Makefile
+++ b/net/openssh/Makefile
@@ -8,14 +8,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssh
-PKG_REALVERSION:=9.9p1
-PKG_VERSION:=9.9_p1
-PKG_RELEASE:=3
+PKG_REALVERSION:=9.9p2
+PKG_VERSION:=9.9_p2
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_REALVERSION).tar.gz
 PKG_SOURCE_URL:=https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
                https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
-PKG_HASH:=b343fbcdbff87f15b1986e6e15d6d4fc9a7d36066be6b7fb507087ba8f966c02
+PKG_HASH:=91aadb603e08cc285eddf965e1199d02585fa94d994d6cae5b41e1721e215673
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(if $(BUILD_VARIANT),$(PKG_NAME)-$(BUILD_VARIANT)/)$(PKG_NAME)-$(PKG_REALVERSION)
 
 PKG_LICENSE:=BSD ISC

diff --git a/net/openssh/patches/001-build-construct_utmp-when-USE_BTMP-is-set.patch b/net/openssh/patches/001-build-construct_utmp-when-USE_BTMP-is-set.patch
deleted file mode 100644 (file)
index 67a7062..0000000
--- a/net/openssh/patches/001-build-construct_utmp-when-USE_BTMP-is-set.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 76a618d2842c34c16cd21a4efc7230e2f459008d Mon Sep 17 00:00:00 2001
-From: Damien Miller <djm@mindrot.org>
-Date: Wed, 25 Sep 2024 11:13:05 +1000
-Subject: [PATCH] build construct_utmp() when USE_BTMP is set
-
-Fixes compile error on Void Linux/Musl
----
- loginrec.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
---- a/loginrec.c
-+++ b/loginrec.c
-@@ -614,7 +614,7 @@ line_abbrevname(char *dst, const char *s
-  ** into account.
-  **/
- 
--#if defined(USE_UTMP) || defined (USE_WTMP) || defined (USE_LOGIN)
-+#if defined(USE_BTMP) || defined(USE_UTMP) || defined (USE_WTMP) || defined (USE_LOGIN)
- 
- /* build the utmp structure */
- void
-@@ -698,7 +698,7 @@ construct_utmp(struct logininfo *li,
-       }
- # endif
- }
--#endif /* USE_UTMP || USE_WTMP || USE_LOGIN */
-+#endif /* USE_BTMP || USE_UTMP || USE_WTMP || USE_LOGIN */
- 
- /**
-  ** utmpx utility functions