bump(main/dropbear): 2025.88

It contain some bug fixes and 1 CVE fix.

dropbear: Update sysoptions.h.patch

dropbear: Update svr-chansession.c.patch

dropbear: Update svr-auth.c.patch

Update common-session.c.patch

dropbear: try to fix path by updating patch

dropbear: forgot to remove revision.

packages/dropbear/build.sh

@@ -2,10 +2,9 @@ TERMUX_PKG_HOMEPAGE=https://matt.ucc.asn.au/dropbear/dropbear.html
 TERMUX_PKG_DESCRIPTION="Small SSH server and client"
 TERMUX_PKG_LICENSE="MIT"
 TERMUX_PKG_MAINTAINER="@termux"
-TERMUX_PKG_VERSION="2025.87"
-TERMUX_PKG_REVISION=3
+TERMUX_PKG_VERSION="2025.88"
 TERMUX_PKG_SRCURL=https://matt.ucc.asn.au/dropbear/releases/dropbear-${TERMUX_PKG_VERSION}.tar.bz2
-TERMUX_PKG_SHA256=738b7f358547f0c64c3e1a56bbc5ef98d34d9ec6adf9ccdf01dc0bf2caa2bc8d
+TERMUX_PKG_SHA256=783f50ea27b17c16da89578fafdb6decfa44bb8f6590e5698a4e4d3672dc53d4
 TERMUX_PKG_AUTO_UPDATE=false
 TERMUX_PKG_DEPENDS="termux-auth, zlib"
 TERMUX_PKG_SUGGESTS="openssh-sftp-server"

packages/dropbear/common-session.c.patch

@@ -8,7 +8,7 @@
  	/* A sanity check to prevent an accidental configuration option
  	   leaving multiuser systems exposed */
  	{
-@@ -625,7 +625,7 @@
+@@ -639,7 +639,7 @@
  const char* get_user_shell() {
  	/* an empty shell should be interpreted as "/bin/sh" */
  	if (ses.authstate.pw_shell[0] == '\0') {
@@ -17,7 +17,7 @@
  	} else {
  		return ses.authstate.pw_shell;
  	}
-@@ -641,7 +641,7 @@
+@@ -655,7 +655,7 @@
  	if (ses.authstate.pw_passwd)
  		m_free(ses.authstate.pw_passwd);
  

packages/dropbear/default_options.h.patch

@@ -32,7 +32,7 @@
  
  /* Enable X11 Forwarding - server only */
  #define DROPBEAR_X11FWD 0
-@@ -222,8 +222,8 @@
+@@ -228,8 +228,8 @@
  #define DO_HOST_LOOKUP 0
  
  /* Whether to print the message of the day (MOTD). */
@@ -43,7 +43,7 @@
  #define MOTD_MAXSIZE 2000
  
  /* Authentication Types - at least one required.
-@@ -249,7 +249,7 @@
+@@ -255,7 +255,7 @@
  /* Set this to 0 if your system does not have multiple user support.
     (Linux kernel CONFIG_MULTIUSER option)
     The resulting binary will not run on a normal system. */
@@ -61,8 +61,7 @@
  
  /* Allow specifying the password for dbclient via the DROPBEAR_PASSWORD
   * environment variable. */
-
-@@ -282,7 +282,7 @@
+@@ -288,7 +288,7 @@
  
  /* Set this to use PRNGD or EGD instead of /dev/urandom */
  #define DROPBEAR_USE_PRNGD 0
@@ -71,7 +70,7 @@
  
  /* Specify the number of clients we will allow to be connected but
   * not yet authenticated. After this limit, connections are rejected */
-@@ -307,11 +307,11 @@
+@@ -313,11 +313,11 @@
   * scripts etc. This can be overridden with the -P flag.
   * Homedir is prepended if path begins with ~/
   */
@@ -85,7 +84,7 @@
  
  
  /* If you want to enable running an sftp server (such as the one included with
-@@ -320,11 +320,11 @@
+@@ -326,11 +326,11 @@
   * Homedir is prepended if path begins with ~/
   */
  #define DROPBEAR_SFTPSERVER 1
@@ -99,7 +98,7 @@
  
  /* Whether to log commands executed by a client. This only logs the
   * (single) command sent to the server, not what a user did in a
-@@ -360,7 +360,7 @@
+@@ -366,7 +366,7 @@
  #define DEFAULT_IDLE_TIMEOUT 0
  
  /* The default path. This will often get replaced by the shell */

packages/dropbear/svr-auth.c.patch

@@ -21,7 +21,7 @@
  	}
  
  	/* avoids cluttering logs with repeated failure messages from
-@@ -309,8 +307,9 @@
+@@ -311,9 +309,10 @@
  	usershell = ses.authstate.pw_shell;
  	if (usershell[0] == '\0') {
  		/* empty shell in /etc/passwd means /bin/sh according to passwd(5) */
@@ -32,7 +32,8 @@
 +	goto goodshell;
  	/* check the shell is valid. If /etc/shells doesn't exist, getusershell()
  	 * should return some standard shells like "/bin/sh" and "/bin/csh" (this
-@@ -324,7 +323,6 @@
+ 	 * is platform-specific) */
+@@ -326,7 +325,6 @@
  		}
  	}
  	/* no matching shell */

packages/dropbear/svr-chansession.c.patch

@@ -1,5 +1,5 @@
 +++ ./src/svr-chansession.c
-@@ -611,7 +611,7 @@
+@@ -608,7 +608,7 @@
  		dropbear_exit("Out of memory"); /* TODO disconnect */
  	}
  
@@ -8,7 +8,7 @@
  	if (!pw)
  		dropbear_exit("getpwnam failed after succeeding previously");
  	pty_setowner(pw, chansess->tty);
-@@ -968,6 +968,8 @@
+@@ -965,6 +965,8 @@
  #endif
  
  	/* clear environment if -e was not set */
@@ -17,7 +17,7 @@
  	/* if we're debugging using valgrind etc, we need to keep the LD_PRELOAD
  	 * etc. This is hazardous, so should only be used for debugging. */
  	if ( !svr_opts.pass_on_env) {
-@@ -982,6 +984,7 @@
+@@ -979,6 +981,7 @@
  #endif /* HAVE_CLEARENV */
  #endif /* DEBUG_VALGRIND */
  	}
@@ -25,7 +25,7 @@
  
  #if DROPBEAR_SVR_MULTIUSER
  	/* We can only change uid/gid as root ... */
-@@ -1009,6 +1012,8 @@
+@@ -1006,6 +1009,8 @@
  	}
  #endif
  
@@ -34,7 +34,7 @@
  	/* set env vars */
  	addnewvar("USER", ses.authstate.pw_name);
  	addnewvar("LOGNAME", ses.authstate.pw_name);
-@@ -1019,6 +1024,7 @@
+@@ -1016,6 +1021,7 @@
  	} else {
  		addnewvar("PATH", DEFAULT_PATH);
  	}

packages/dropbear/sysoptions.h.patch

@@ -1,5 +1,5 @@
 +++ ./src/sysoptions.h
-@@ -90,7 +90,7 @@
+@@ -94,7 +94,7 @@
  
  #define _PATH_TTY "/dev/tty"
  
@@ -8,7 +8,7 @@
  
  /* Default contents of /etc/shells if system getusershell() doesn't exist.
   * Paths taken from getusershell(3) manpage. These can be customised
-@@ -98,7 +98,7 @@
+@@ -102,7 +102,7 @@
    -DCOMPAT_USER_SHELLS='"/bin/sh","/apps/bin/sh","/data/bin/zsh"'
   */
  #ifndef COMPAT_USER_SHELLS
@@ -17,7 +17,7 @@
  #endif
  
  #define DROPBEAR_ESCAPE_CHAR '~'
-@@ -294,9 +294,6 @@
+@@ -338,9 +338,6 @@
  #error "DROPBEAR_SVR_PATM_AUTH requires PAM headers. Perhaps ./configure --enable-pam ?"
  #endif
  
@@ -27,11 +27,11 @@
  
  #if !(DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH || DROPBEAR_SVR_PUBKEY_AUTH)
  	#error "At least one server authentication type must be enabled. DROPBEAR_SVR_PUBKEY_AUTH and DROPBEAR_SVR_PASSWORD_AUTH are recommended."
-@@ -404,7 +401,6 @@
+@@ -448,7 +445,6 @@
  #if defined(DROPBEAR_DSS)
  #undef DROPBEAR_DSS
  #endif
 -#define DROPBEAR_DSS 1
  
- #if defined(DROPBEAR_USE_SSH_CONFIG)
- #undef DROPBEAR_USE_SSH_CONFIG
+ #if defined(DROPBEAR_RSA_SHA1)
+ #undef DROPBEAR_RSA_SHA1