package/openssh: bump to version 10.0p1

Release notes:
https://www.openssh.com/txt/release-10.0

Install sshd-auth.
https://github.com/openssh/openssh-portable/commit/6072e4c9385713e9c166f32cfca6a7e603d4f0b8

Also, the release note of 10.0p1 states it is a security update for
CVE-2025-32728. This commit is not marked as security bump, because the
security fix is already present in Buildroot since commit [1]. For this
reason, this commit also removes the package patches and the
_IGNORE_CVES variable.

[1] https://gitlab.com/buildroot.org/buildroot/-/commit/211e822d433806893c1395b55c1d891343a07aa0

Signed-off-by: Kadambini Nema <kadambini.nema@gmail.com>
[Julien:
 - remove the "security" mention commit title
 - remove local patches and _IGNORE_CVES
 - add info in commit log
]
Signed-off-by: Julien Olivain <ju.o@free.fr>

package/openssh/0001-fix-logic-error-in-disableforwarding-option.patch

@@ -1,49 +0,0 @@
-From fc86875e6acb36401dfc1dfb6b628a9d1460f367 Mon Sep 17 00:00:00 2001
-From: "djm@openbsd.org" <djm@openbsd.org>
-Date: Wed, 9 Apr 2025 07:00:03 +0000
-Subject: [PATCH] upstream: Fix logic error in DisableForwarding option.
-
-This option was documented as disabling X11 and agent forwarding but it failed to do so.
-Spotted by Tim Rice.
-
-OpenBSD-Commit-ID: fffc89195968f7eedd2fc57f0b1f1ef3193f5ed1
-
-Upstream: https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367
-
-Fixes the following CVE:
-  - CVE-2025-32728: In sshd in OpenSSH before 10.0, the DisableForwarding
-                    directive does not adhere to the documentation stating
-                    that it disables X11 and agent forwarding.
-
-[Titouan: 
- - Remove diff on OpenBSD comment at the top of the file that does not apply
-   cleanly on openssh 9.9
-]
-Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
----
- session.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/session.c b/session.c
-index 52a4a3446e6..6444c77f31c 100644
---- a/session.c
-+++ b/session.c
-@@ -2171,7 +2171,8 @@ session_auth_agent_req(struct ssh *ssh, Session *s)
- 	if ((r = sshpkt_get_end(ssh)) != 0)
- 		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
- 	if (!auth_opts->permit_agent_forwarding_flag ||
--	    !options.allow_agent_forwarding) {
-+	    !options.allow_agent_forwarding ||
-+	    options.disable_forwarding) {
- 		debug_f("agent forwarding disabled");
- 		return 0;
- 	}
-@@ -2566,7 +2567,7 @@ session_setup_x11fwd(struct ssh *ssh, Session *s)
- 		ssh_packet_send_debug(ssh, "X11 forwarding disabled by key options.");
- 		return 0;
- 	}
--	if (!options.x11_forwarding) {
-+	if (!options.x11_forwarding || options.disable_forwarding) {
- 		debug("X11 forwarding disabled in server configuration file.");
- 		return 0;
- 	}

package/openssh/openssh.hash

@@ -1,4 +1,4 @@
-# From https://www.openssh.com/txt/release-9.9p2
-sha256  91aadb603e08cc285eddf965e1199d02585fa94d994d6cae5b41e1721e215673  openssh-9.9p2.tar.gz
+# From https://www.openssh.com/txt/release-10.0
+sha256  021a2e709a0edf4250b1256bd5a9e500411a90dddabea830ed59cef90eb9d85c  openssh-10.0p1.tar.gz
 # Locally calculated
 sha256  5bb5b160726ef5756e4f32fe95b35249c294962419650f48d05134b486d27ccb  LICENCE

package/openssh/openssh.mk

@@ -4,8 +4,8 @@
 #
 ################################################################################
 
-OPENSSH_VERSION_MAJOR = 9.9
-OPENSSH_VERSION_MINOR = p2
+OPENSSH_VERSION_MAJOR = 10.0
+OPENSSH_VERSION_MINOR = p1
 OPENSSH_VERSION = $(OPENSSH_VERSION_MAJOR)$(OPENSSH_VERSION_MINOR)
 OPENSSH_CPE_ID_VERSION = $(OPENSSH_VERSION_MAJOR)
 OPENSSH_CPE_ID_UPDATE = $(OPENSSH_VERSION_MINOR)
@@ -13,9 +13,6 @@ OPENSSH_SITE = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable
 OPENSSH_LICENSE = BSD-3-Clause, BSD-2-Clause, Public Domain
 OPENSSH_LICENSE_FILES = LICENCE
 
-# 0001-fix-logic-error-in-disableforwarding-option.patch
-OPENSSH_IGNORE_CVES += CVE-2025-32728
-
 OPENSSH_CONF_ENV = \
 	LD="$(TARGET_CC)" \
 	LDFLAGS="$(TARGET_CFLAGS)" \
@@ -122,6 +119,7 @@ define OPENSSH_INSTALL_SERVER_PROGRAMS
 	$(INSTALL) -D -m 0755 $(@D)/sshd $(TARGET_DIR)/usr/sbin/sshd
 	$(INSTALL) -D -m 0755 $(@D)/sshd-session $(TARGET_DIR)/usr/libexec/sshd-session
 	$(INSTALL) -D -m 0755 $(@D)/sftp-server $(TARGET_DIR)/usr/libexec/sftp-server
+	$(INSTALL) -D -m 0755 $(@D)/sshd-auth $(TARGET_DIR)/usr/libexec/sshd-auth
 endef
 OPENSSH_POST_INSTALL_TARGET_HOOKS += OPENSSH_INSTALL_SERVER_PROGRAMS