openssh: update to 8.8p1.

Changes:
One year of development, details at
https://www.openssh.com/releasenotes.html

5 files changed, 20 insertions, 39 deletions

diff --git a/security/openssh/Makefile b/security/openssh/Makefile
index 2f6397ee8d3..b886f88bfa2 100644
--- a/security/openssh/Makefile
+++ b/security/openssh/Makefile
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.269 2021/05/24 19:53:55 wiz Exp $
+# $NetBSD: Makefile,v 1.270 2021/09/26 15:37:51 wiz Exp $
 
-DISTNAME=		openssh-8.4p1
+DISTNAME=		openssh-8.8p1
 PKGNAME=		${DISTNAME:S/p1/.1/}
-PKGREVISION=		1
 CATEGORIES=		security
 MASTER_SITES=		${MASTER_SITE_OPENBSD:=OpenSSH/portable/}
 
diff --git a/security/openssh/distinfo b/security/openssh/distinfo
index 1ac009347eb..2ecb93a0ab9 100644
--- a/security/openssh/distinfo
+++ b/security/openssh/distinfo
@@ -1,11 +1,10 @@
-$NetBSD: distinfo,v 1.111 2020/09/29 15:17:42 ryoon Exp $
+$NetBSD: distinfo,v 1.112 2021/09/26 15:37:51 wiz Exp $
 
-SHA1 (openssh-8.4p1.tar.gz) = 69305059e10a60693ebe6f17731f962c9577535c
-RMD160 (openssh-8.4p1.tar.gz) = 2d3eec0b56f7edef5d50b8defa2f143ffee5c65a
-SHA512 (openssh-8.4p1.tar.gz) = d65275b082c46c5efe7cf3264fa6794d6e99a36d4a54b50554fc56979d6c0837381587fd5399195e1db680d2a5ad1ef0b99a180eac2b4de5637906cb7a89e9ce
-Size (openssh-8.4p1.tar.gz) = 1742201 bytes
+SHA1 (openssh-8.8p1.tar.gz) = 1eb964897a4372f6fb96c7effeb509ec71c379c9
+RMD160 (openssh-8.8p1.tar.gz) = 6ba3f5af90f960e1add6f81c1173adee8197e705
+SHA512 (openssh-8.8p1.tar.gz) = d44cd04445f9c8963513b0d5a7e8348985114ff2471e119a6e344498719ef40f09c61c354888a3be9dabcb5870e5cbe5d3aafbb861dfa1d82a4952f3d233a8df
+Size (openssh-8.8p1.tar.gz) = 1815060 bytes
 SHA1 (patch-Makefile.in) = 13502b825c13c98b2ba3b84ff4bae9aa664b76b1
-SHA1 (patch-auth.c) = 060a93f5264751769f2fdf98fefd154bd80c0c5f
 SHA1 (patch-clientloop.c) = 4e88fbd14db33f003eb93c30c682a017e102196e
 SHA1 (patch-config.h.in) = 7d1050743da7264763254b57938775c546c3baa5
 SHA1 (patch-configure.ac) = 321ef5ed83abe7e07d38026e096a10700b010ac8
@@ -15,5 +14,5 @@ SHA1 (patch-openbsd-compat_openbsd-compat.h) = bedbede16ab2fe918419c994ba15a2016
 SHA1 (patch-openbsd-compat_port-tun.c) = b2a0ce81a52b00f106198d549b5068a5e67092ef
 SHA1 (patch-sandbox-darwin.c) = c9a1fe2e4dbf98e929d983b4206a244e0e354b75
 SHA1 (patch-sshd.8) = 5bf48cd27cef8e8810b9dc7115f5180102a345d1
-SHA1 (patch-sshd.c) = b3674e9f467323d1852dd988a408ac23896f6700
-SHA1 (patch-sshkey.h) = 074e9be70af58772d3172d1cb2c936000ca9a8d7
+SHA1 (patch-sshd.c) = 0c5725305cbab3855b52c1a63fe4e987ed14e44e
+SHA1 (patch-sshkey.h) = aaaf622f377e455c49683fcc2ca42576ccd097bb
diff --git a/security/openssh/patches/patch-auth.c b/security/openssh/patches/patch-auth.c
deleted file mode 100644
index c04a7ac0c31..00000000000
--- a/security/openssh/patches/patch-auth.c
+++ /dev/null
@@ -1,17 +0,0 @@
-$NetBSD: patch-auth.c,v 1.6 2019/06/04 09:08:06 he Exp $
-
-* Use login_getpwclass() instead of login_getclass() so that the root
-  vs. default login class distinction is made correctly, from FrrrBSD's
-  ports.
-
---- auth.c.orig	2019-05-01 11:28:52.028281617 +0000
-+++ auth.c
-@@ -599,7 +599,7 @@ getpwnamallow(struct ssh *ssh, const cha
- 	if (!allowed_user(ssh, pw))
- 		return (NULL);
- #ifdef HAVE_LOGIN_CAP
--	if ((lc = login_getclass(pw->pw_class)) == NULL) {
-+	if ((lc = login_getpwclass(pw)) == NULL) {
- 		debug("unable to get login class: %s", user);
- 		return (NULL);
- 	}
diff --git a/security/openssh/patches/patch-sshd.c b/security/openssh/patches/patch-sshd.c
index 92dd5e3b8ab..007118fb9e5 100644
--- a/security/openssh/patches/patch-sshd.c
+++ b/security/openssh/patches/patch-sshd.c
@@ -1,12 +1,12 @@
-$NetBSD: patch-sshd.c,v 1.12 2020/05/27 13:49:27 sevan Exp $
+$NetBSD: patch-sshd.c,v 1.13 2021/09/26 15:37:51 wiz Exp $
 
 * Revive tcp_wrappers support.
 
---- sshd.c.orig	2020-05-27 00:38:00.000000000 +0000
+--- sshd.c.orig	2021-09-26 14:03:19.000000000 +0000
 +++ sshd.c
-@@ -124,6 +124,13 @@
- #include "ssherr.h"
- #include "sk-api.h"
+@@ -126,6 +126,13 @@
+ #include "srclimit.h"
+ #include "dh.h"
  
 +#ifdef LIBWRAP
 +#include <tcpd.h>
@@ -18,7 +18,7 @@ $NetBSD: patch-sshd.c,v 1.12 2020/05/27 13:49:27 sevan Exp $
  /* Re-exec fds */
  #define REEXEC_DEVCRYPTO_RESERVED_FD	(STDERR_FILENO + 1)
  #define REEXEC_STARTUP_PIPE_FD		(STDERR_FILENO + 2)
-@@ -538,10 +545,17 @@ privsep_preauth(struct ssh *ssh)
+@@ -532,10 +539,17 @@ privsep_preauth(struct ssh *ssh)
  		/* Arrange for logging to be sent to the monitor */
  		set_log_handler(mm_log_handler, pmonitor);
  
@@ -36,7 +36,7 @@ $NetBSD: patch-sshd.c,v 1.12 2020/05/27 13:49:27 sevan Exp $
  
  		return 0;
  	}
-@@ -2132,6 +2146,25 @@ main(int ac, char **av)
+@@ -2179,6 +2193,25 @@ main(int ac, char **av)
  	audit_connection_from(remote_ip, remote_port);
  #endif
  
diff --git a/security/openssh/patches/patch-sshkey.h b/security/openssh/patches/patch-sshkey.h
index ae5c3348c0d..83fc5a5a5c6 100644
--- a/security/openssh/patches/patch-sshkey.h
+++ b/security/openssh/patches/patch-sshkey.h
@@ -1,13 +1,13 @@
-$NetBSD: patch-sshkey.h,v 1.2 2020/09/29 15:17:42 ryoon Exp $
+$NetBSD: patch-sshkey.h,v 1.3 2021/09/26 15:37:51 wiz Exp $
 
 Support for non recommendable (insecure) modulus size for RSA. This may be
 required in order to access old, non-upgradable, devices for which modulus size
 is less than 1024 bits (frequently 768 bits).
 
---- sshkey.h.orig	2020-09-27 07:25:01.000000000 +0000
+--- sshkey.h.orig	2021-09-26 14:03:19.000000000 +0000
 +++ sshkey.h
-@@ -48,7 +48,11 @@
- # define EC_POINT	void
+@@ -50,7 +50,11 @@
+ #define SSH_OPENSSL_VERSION "without OpenSSL"
  #endif /* WITH_OPENSSL */
  
 +#ifdef SSH_RSA_INSECURE_LEGACY_MIN_MOD_SZ