Log message:
security/ssh-audit: Update to version 3.3.0.

Pkgsrc changes:
 * Remove upstream patch which is now integrated
 * Checksum updates

Upstream changes:

### v3.3.0 (2024-10-15)
 - Added Python 3.13 support.
 - Added built-in policies for Ubuntu 24.04 LTS server & client,
   OpenSSH 9.8, and OpenSSH 9.9.
 - Added IPv6 support for DHEat and connection rate tests.
 - Added TCP port information to JSON policy scan results; credit
   [Fabian Malte Kopp](https://github.com/dreizehnutters).
 - Added LANcom LCOS server recognition and Ed448 key extraction;
   credit [Daniel Lenski](https://github.com/dlenskiSB).
 - Now reports ECDSA and DSS fingerprints when in verbose mode;
   partial credit [Daniel Lenski](https://github.com/dlenskiSB).
 - Removed CVE information based on server/client version numbers,
   as this was wildly inaccurate (see [this thread]
   (https://github.com/jtesta/ssh-audit/issues/240) for the full
   discussion, as well as the results of the community vote on this
   matter).
 - Fixed crash when running with `-P` and `-T` options simultaneously.
 - Fixed host key tests from only reporting a key type at most once
   despite multiple hosts supporting it; credit [Daniel
   Lenski](https://github.com/dlenskiSB).
 - Fixed DHEat connection rate testing on MacOS X and BSD platforms;
   credit [Drew Noel](https://github.com/drewmnoel) and [Michael
   Osipov](https://github.com/michael-o).
 - Fixed invalid JSON output when a socket error occurs while
   performing a client audit.
 - Fixed `--conn-rate-test` feature on Windows.
 - When scanning multiple targets (using `-T`/`--targets`), the
   `-p`/`--port` option will now be used as the default port (set to
   22 if `-p`/`--port` is not given).  Hosts specified in the file
   can override this default with an explicit port number (i.e.:
   "host1:1234").  For example, when using `-T targets.txt -p 222`,
   all hosts in `targets.txt` that do not explicitly include a port
   number will default to 222; when using `-T targets.txt` (without
   `-p`), all hosts will use a default of 22.
 - Updated built-in server & client policies for Amazon Linux 2023,
   Debian 12, Rocky Linux 9, and Ubuntu 22.04 to improve host key
   efficiency and cipher resistance to quantum attacks.
 - Added 1 new cipher: `grasshopper-ctr128`.
 - Added 2 new key exchanges: `mlkem768x25519-sha256`, `sntrup761x25519-sha512`.

### v3.2.0 (2024-04-22)
 - Added implementation of the DHEat denial-of-service attack (see
   `--dheat` option; [CVE-2002-20001]
   (https://nvd.nist.gov/vuln/detail/CVE-2002-20001)).
 - Expanded filter of CBC ciphers to flag for the Terrapin
   vulnerability.  It now includes more rarely found ciphers.
 - Fixed parsing of `ecdsa-sha2-nistp*` CA signatures on host keys.
   Additionally, they are now flagged as potentially back-doored,
   just as standard host keys are.
 - Gracefully handle rare exceptions (i.e.: crashes) while performing
   GEX tests.
 - The built-in man page (`-m`, `--manual`) is now available on
   Docker, PyPI, and Snap builds, in addition to the Windows build.
 - Snap builds are now architecture-independent.
 - Changed Docker base image from `python:3-slim` to `python:3-alpine`,
   resulting in a 59% reduction in image size; credit [Daniel
   Thamdrup](https://github.com/dallemon).
 - Added built-in policies for Amazon Linux 2023, Debian 12, OpenSSH
   9.7, and Rocky Linux 9.
 - Built-in policies now include a change log (use `-L -v` to view them).
 - Custom policies now support the `allow_algorithm_subset_and_reordering`
   directive to allow targets to pass with a subset and/or re-ordered
   list of host keys, kex, ciphers, and MACs.  This allows for the
   creation of a baseline policy where targets can optionally implement
   stricter controls; partial credit [yannik1015]
   (https://github.com/yannik1015).
 - Custom policies now support the `allow_larger_keys` directive
   to allow targets to pass with larger host keys, CA keys, and
   Diffie-Hellman keys.  This allows for the creation of a baseline
   policy where targets can optionally implement stricter controls;
   partial credit [Damian Szuberski](https://github.com/szubersk).
 - Color output is disabled if the `NO_COLOR` environment variable
   is set (see https://no-color.org/).
 - Added 1 new key exchange algorithm: `gss-nistp384-sha384-*`.
 - Added 1 new cipher: `aes128-ocb@libassh.org`.

Log message:
ssh-audit: add RCS Id

Log message:
security/ssh-audit: fix previous commit from wrong directory, addding patch

Log message:
security/ssh-audit: update to 3.1.0 with patch for terrapin

    upstream changes since 3.0.0:

    v3.2.0-dev (???)

        Expanded filter of CBC ciphers to flag for the Terrapin vulnerability. \ 
It now includes
          more rarely found ciphers.

    v3.1.0 (2023-12-20)

        Added test for the Terrapin message prefix truncation vulnerability \ 
(CVE-2023-48795).
        Dropped support for Python 3.7 (EOL was reached in June 2023).
        Added Python 3.12 support.
        In server policies, reduced expected DH modulus sizes from 4096 to 3072 \ 
to match
          the online hardening guides (note that 3072-bit moduli provide the \ 
equivalent of
          128-bit symmetric security).
        In Ubuntu 22.04 client policy, moved host key types \ 
sk-ssh-ed25519@openssh.com and
          ssh-ed25519 to the end of all certificate types.
        Updated Ubuntu Server & Client policies for 20.04 and 22.04 to \ 
account for key exchange
          list changes due to Terrapin vulnerability patches.
        Re-organized option host key types for OpenSSH 9.2 server policy to \ 
correspond with
          updated Debian 12 hardening guide.
        Added built-in policies for OpenSSH 9.5 and 9.6.
        Added an additional_notes field to the JSON output.

Log message:
ssh-audit: update to 3.0.0.

This release includes important fixes for multiple-host scans,
improved Diffie-Hellman group exchange auditing, and the inclusion
of algorithm notes into the JSON output (note that this changes
the schema of the banner protocol, "enc", and "mac" fields). \ 
Support
for 49 new algorithms were also added!

Log message:
*: recursive bump for Python 3.11 as new default

Log message:
ssh-audit: update to 2.9.0.

2.9.0

This release includes many new features, including granular GEX
modulus tests (credit Adam Russell), support for mixed host key/CA
key certificates (i.e.: RSA host keys signed by ED25519 CAs),
warnings for 2048-bit moduli, and more descriptive algorithm notes.
Support for 112 new algorithms were also added!

Log message:
ssh-audit: add a post-install directive to install the manual page.