--- a/components/openssh/patches/025-login_to_a_role.patch	Wed Jun 17 14:55:22 2015 -0700
+++ b/components/openssh/patches/025-login_to_a_role.patch	Thu Jun 18 07:01:42 2015 -0700
@@ -10,8 +10,8 @@
 #     https://bugzilla.mindrot.org/show_bug.cgi?id=2378
 #
 diff -pur old/auth-pam.c new/auth-pam.c
---- old/auth-pam.c	2015-04-13 07:40:15.102801416 -0700
-+++ new/auth-pam.c	2015-04-13 07:40:15.170507123 -0700
+--- old/auth-pam.c	2015-05-21 04:08:41.910932322 -0700
++++ new/auth-pam.c	2015-05-21 04:08:42.024831668 -0700
 @@ -1038,6 +1038,20 @@ do_pam_account(void)
  	return (sshpam_account_status);
  }
@@ -34,8 +34,8 @@
  do_pam_set_tty(const char *tty)
  {
 diff -pur old/auth-pam.h new/auth-pam.h
---- old/auth-pam.h	2004-09-11 05:17:26.000000000 -0700
-+++ new/auth-pam.h	2015-04-13 07:40:15.170675124 -0700
+--- old/auth-pam.h	2015-03-16 22:49:20.000000000 -0700
++++ new/auth-pam.h	2015-05-21 04:08:42.025160216 -0700
 @@ -35,6 +35,9 @@ void start_pam(Authctxt *);
  void finish_pam(void);
  u_int do_pam_account(void);
@@ -47,9 +47,9 @@
  void do_pam_setcred(int );
  void do_pam_chauthtok(void);
 diff -pur old/auth.h new/auth.h
---- old/auth.h	2015-04-13 07:40:15.102912510 -0700
-+++ new/auth.h	2015-04-13 07:40:15.170773363 -0700
-@@ -79,6 +79,9 @@ struct Authctxt {
+--- old/auth.h	2015-05-21 04:08:41.911346027 -0700
++++ new/auth.h	2015-05-21 04:08:42.025504068 -0700
+@@ -84,6 +84,9 @@ struct Authctxt {
  #ifdef PAM_ENHANCEMENT
          char            *authmethod_name;
  #endif 
@@ -60,9 +60,9 @@
  /*
   * Every authentication method has to handle authentication requests for
 diff -pur old/auth2-hostbased.c new/auth2-hostbased.c
---- old/auth2-hostbased.c	2013-12-30 17:25:41.000000000 -0800
-+++ new/auth2-hostbased.c	2015-04-13 07:40:15.170883166 -0700
-@@ -83,6 +83,9 @@ userauth_hostbased(Authctxt *authctxt)
+--- old/auth2-hostbased.c	2015-03-16 22:49:20.000000000 -0700
++++ new/auth2-hostbased.c	2015-05-21 04:08:42.026208843 -0700
+@@ -85,6 +85,9 @@ userauth_hostbased(Authctxt *authctxt)
  	buffer_dump(&b);
  	buffer_free(&b);
  #endif
@@ -72,7 +72,7 @@
  	pktype = key_type_from_name(pkalg);
  	if (pktype == KEY_UNSPEC) {
  		/* this is perfectly legal */
-@@ -133,6 +136,13 @@ userauth_hostbased(Authctxt *authctxt)
+@@ -143,6 +146,13 @@ userauth_hostbased(Authctxt *authctxt)
  			buffer_len(&b))) == 1)
  		authenticated = 1;
  
@@ -87,9 +87,9 @@
  done:
  	debug2("userauth_hostbased: authenticated %d", authenticated);
 diff -pur old/auth2.c new/auth2.c
---- old/auth2.c	2015-04-13 07:40:15.125748357 -0700
-+++ new/auth2.c	2015-04-13 07:54:08.589929143 -0700
-@@ -347,6 +347,14 @@ userauth_finish(Authctxt *authctxt, int
+--- old/auth2.c	2015-05-21 04:08:41.947286493 -0700
++++ new/auth2.c	2015-05-21 04:08:42.026846014 -0700
+@@ -339,6 +339,14 @@ userauth_finish(Authctxt *authctxt, int
  #endif
  	}
  
@@ -105,9 +105,9 @@
  
  #if defined(USE_PAM) && defined(PAM_ENHANCEMENT)
 diff -pur old/config.h.in new/config.h.in
---- old/config.h.in	2015-04-13 07:40:15.118922540 -0700
-+++ new/config.h.in	2015-04-13 07:40:15.171493102 -0700
-@@ -814,6 +814,9 @@
+--- old/config.h.in	2015-05-21 04:08:41.938119429 -0700
++++ new/config.h.in	2015-05-21 04:08:42.027796887 -0700
+@@ -827,6 +827,9 @@
  /* Define if you have Digital Unix Security Integration Architecture */
  #undef HAVE_OSF_SIA
  
@@ -118,20 +118,20 @@
  #undef HAVE_PAM_GETENVLIST
  
 diff -pur old/configure new/configure
---- old/configure	2015-04-13 07:40:15.121667931 -0700
-+++ new/configure	2015-04-13 07:40:15.174438856 -0700
-@@ -7799,6 +7799,7 @@ fi
- 
-         $as_echo "#define USE_GSS_STORE_CRED 1" >>confdefs.h
-         $as_echo "#define GSSAPI_STORECREDS_NEEDS_RUID 1" >>confdefs.h
-+        $as_echo "#define HAVE_PAM_AUSER 1" >>confdefs.h
+--- old/configure	2015-05-21 04:08:41.952127851 -0700
++++ new/configure	2015-05-21 04:09:34.214165539 -0700
+@@ -10872,6 +10872,7 @@ fi
+ cat >>confdefs.h <<\_ACEOF
+ #define	USE_GSS_STORE_CRED 1
+ #define	GSSAPI_STORECREDS_NEEDS_RUID 1
++#define HAVE_PAM_AUSER 1
+ _ACEOF
  
  	TEST_SHELL=$SHELL	# let configure find us a capable shell
- 	;;
 diff -pur old/configure.ac new/configure.ac
---- old/configure.ac	2015-04-13 07:40:15.085660430 -0700
-+++ new/configure.ac	2015-04-13 07:40:15.175130655 -0700
-@@ -868,6 +868,7 @@ mips-sony-bsd|mips-sony-newsos4)
+--- old/configure.ac	2015-05-21 04:08:41.886514252 -0700
++++ new/configure.ac	2015-05-21 04:08:42.052981088 -0700
+@@ -904,6 +904,7 @@ mips-sony-bsd|mips-sony-newsos4)
  	TEST_SHELL=$SHELL	# let configure find us a capable shell
          AC_DEFINE([USE_GSS_STORE_CRED])
          AC_DEFINE([GSSAPI_STORECREDS_NEEDS_RUID])
@@ -140,10 +140,10 @@
  *-*-sunos4*)
  	CPPFLAGS="$CPPFLAGS -DSUNOS4"
 diff -pur old/monitor.c new/monitor.c
---- old/monitor.c	2015-04-13 07:40:15.136922050 -0700
-+++ new/monitor.c	2015-04-13 07:40:15.175533060 -0700
-@@ -490,6 +490,12 @@ monitor_child_preauth(Authctxt *_authctx
- #endif
+--- old/monitor.c	2015-05-21 04:08:41.964048305 -0700
++++ new/monitor.c	2015-05-21 04:08:42.054374639 -0700
+@@ -461,6 +461,12 @@ monitor_child_preauth(Authctxt *_authctx
+ 		}
  	}
  
 +#if defined(HAVE_PAM_AUSER) && defined(USE_PAM)
@@ -155,7 +155,7 @@
  	if (!authctxt->valid)
  		fatal("%s: authenticated invalid user", __func__);
  	if (strcmp(auth_method, "unknown") == 0)
-@@ -699,12 +705,14 @@ monitor_reset_key_state(void)
+@@ -694,12 +700,14 @@ monitor_reset_key_state(void)
  {
  	/* reset state */
  	free(key_blob);
@@ -171,7 +171,7 @@
  	hostbased_chost = NULL;
  }
  
-@@ -1111,6 +1119,11 @@ mm_answer_pam_account(int sock, Buffer *
+@@ -1146,6 +1154,11 @@ mm_answer_pam_account(int sock, Buffer *
  	if (!options.use_pam)
  		fatal("UsePAM not set, but ended up in %s anyway", __func__);