security/dropbear: update to 2025.88

Changelog:
- Security: Don't allow dbclient hostname arguments to be interpreted
  by the shell.

  dbclient hostname arguments with a comma (for multihop) would be
  passed to the shell which could result in running arbitrary shell
  commands locally. That could be a security issue in situations
  where dbclient is passed untrusted hostname arguments.

  Now the multihop command is executed directly, no shell is involved.
  Thanks to Marcin Nowak for the report, tracked as CVE-2025-47203

- Fix compatibility for htole64 and htole32, regression in 2025.87
  Patch from Peter Fichtner to work with old GCC versions, and
  patch from Matt Robinson to check different header files.

- Fix building on older compilers or libc that don't support
  static_assert(). Regression in 2025.87

- Support ~R in the client to force a key re-exchange.

- Improve strict KEX handling. Dropbear previously would allow other
  packets at the end of key exchange prior to receiving the remote
  peer's NEWKEYS message, which should be forbidden by strict KEX.
  Reported by Fabian Bäumer.

security/dropbear/Makefile

@@ -1,5 +1,5 @@
 PORTNAME=	dropbear
-PORTVERSION=	2025.87
+PORTVERSION=	2025.88
 CATEGORIES=	security
 MASTER_SITES=	https://matt.ucc.asn.au/dropbear/releases/
 

security/dropbear/distinfo

@@ -1,3 +1,3 @@
-TIMESTAMP = 1741554412
-SHA256 (dropbear-2025.87.tar.bz2) = 738b7f358547f0c64c3e1a56bbc5ef98d34d9ec6adf9ccdf01dc0bf2caa2bc8d
-SIZE (dropbear-2025.87.tar.bz2) = 2368085
+TIMESTAMP = 1746647982
+SHA256 (dropbear-2025.88.tar.bz2) = 783f50ea27b17c16da89578fafdb6decfa44bb8f6590e5698a4e4d3672dc53d4
+SIZE (dropbear-2025.88.tar.bz2) = 2370480