main/openssh: security upgrade to 9.8_p1
security fix for CVE-2024-6387
Details can be found in the Qualys advisory at https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
The Qualys Threat Research Unit (TRU) discovered that OpenSSH, an
implementation of the SSH protocol suite, is prone to a signal handler
race condition. If a client does not authenticate within LoginGraceTime
seconds (120 by default), then sshd's SIGALRM handler is called
asynchronously and calls various functions that are not
async-signal-safe. A remote unauthenticated attacker can take advantage
of this flaw to execute arbitrary code with root privileges. This flaw
affects sshd in its default configuration.