openssh: 7.2p2 -> 7.3p1 (#17493)

Also remove patch for CVE-2015-8325 that has been fixed upstream.

pkgs/tools/networking/openssh/CVE-2015-8325.patch

@@ -1,28 +0,0 @@
-From 85bdcd7c92fe7ff133bbc4e10a65c91810f88755 Mon Sep 17 00:00:00 2001
-From: Damien Miller <djm@mindrot.org>
-Date: Wed, 13 Apr 2016 10:39:57 +1000
-Subject: [PATCH] ignore PAM environment vars when UseLogin=yes
-
-If PAM is configured to read user-specified environment variables
-and UseLogin=yes in sshd_config, then a hostile local user may
-attack /bin/login via LD_PRELOAD or similar environment variables
-set via PAM.
-
-CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
----
- session.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/session.c b/session.c
-index 4859245..4653b09 100644
---- a/session.c
-+++ b/session.c
-@@ -1322,7 +1322,7 @@ do_setup_env(Session *s, const char *shell)
- 	 * Pull in any environment variables that may have
- 	 * been set by PAM.
- 	 */
--	if (options.use_pam) {
-+	if (options.use_pam && !options.use_login) {
- 		char **p;
- 
- 		p = fetch_pam_child_environment();

pkgs/tools/networking/openssh/default.nix

@@ -27,11 +27,12 @@ with stdenv.lib;
 stdenv.mkDerivation rec {
   # Please ensure that openssh_with_kerberos still builds when
   # bumping the version here!
-  name = "openssh-7.2p2";
+  name = "openssh-${version}";
+  version = "7.3p1";
 
   src = fetchurl {
     url = "mirror://openbsd/OpenSSH/portable/${name}.tar.gz";
-    sha256 = "132lh9aanb0wkisji1d6cmsxi520m8nh7c7i9wi6m1s3l38q29x7";
+    sha256 = "1k5y1wi29d47cgizbryxrhc1fbjsba2x8l5mqfa9b9nadnd9iyrz";
   };
 
   prePatch = optionalString hpnSupport
@@ -44,7 +45,6 @@ stdenv.mkDerivation rec {
     [
       ./locale_archive.patch
       ./fix-host-key-algorithms-plus.patch
-      ./CVE-2015-8325.patch
 
       # See discussion in https://github.com/NixOS/nixpkgs/pull/16966
       ./dont_create_privsep_path.patch