--- a/components/openssh/Makefile Thu Sep 04 21:42:03 2014 -0600
+++ b/components/openssh/Makefile Fri Sep 05 10:10:15 2014 -0700
@@ -47,7 +47,7 @@
# Enable ASLR for this component
ASLR_MODE = $(ASLR_ENABLE)
-CONFIGURE_OPTIONS += CFLAGS="$(CFLAGS) -DSET_USE_PAM -DDEPRECATE_SUNSSH_OPT -DLASTLOG_FIX -DKRB5_BUILD_FIX -DAUE_openssh=6172 -DDTRACE_SFTP -DDISABLE_BANNER -DPAM_ENHANCEMENT -DPAM_BUGFIX"
+CONFIGURE_OPTIONS += CFLAGS="$(CFLAGS) -DSET_USE_PAM -DDEPRECATE_SUNSSH_OPT -DKRB5_BUILD_FIX -DAUE_openssh=6172 -DDTRACE_SFTP -DDISABLE_BANNER -DPAM_ENHANCEMENT -DPAM_BUGFIX"
# We need to disable lazyloading of dynamic dependent libraries. During the
# pre-authentication phase, sshd will chroot to /var/empty which doesn't
--- a/components/openssh/patches/003-last_login.patch Thu Sep 04 21:42:03 2014 -0600
+++ b/components/openssh/patches/003-last_login.patch Fri Sep 05 10:10:15 2014 -0700
@@ -1,90 +1,32 @@
-#
-# We changed the OpenSSH to not record the last login time when the "UsePAM"
-# option is on, because the PAM session module in Solaris will record the last
-# login time. This is for Solaris only, so we will not contribute back this
-# change to the upstream community.
+# This change is Solaris-specific and thus is not being contributed back
+# to the upstream community. Details:
#
-*** orig/sshd.c Thu Oct 4 16:08:28 2012
---- new/sshd.c Thu Oct 4 16:06:05 2012
-***************
-*** 128,133 ****
---- 128,137 ----
- int deny_severity;
- #endif /* LIBWRAP */
-
-+ #if defined(LASTLOG_FIX) && defined(USE_PAM)
-+ #include "sshlogin.h"
-+ #endif
-+
- #ifndef O_NOCTTY
- #define O_NOCTTY 0
- #endif
-***************
-*** 2028,2033 ****
---- 2032,2041 ----
- #endif
- #ifdef USE_PAM
- if (options.use_pam) {
-+ #ifdef LASTLOG_FIX
-+ store_lastlog_message(authctxt->pw->pw_name,
-+ authctxt->pw->pw_uid);
-+ #endif
- do_pam_setcred(1);
- do_pam_session();
- }
-*** orig/sshlogin.h Thu Oct 4 16:08:54 2012
---- new/sshlogin.h Thu Oct 4 16:06:31 2012
+# OpenSSH updates lastlog when users login however on Solaris the
+# pam_open_session(3PAM) function handles this so we avoid the
+# redundant additional upating of lastlog here. We can't disable all
+# lastlog references with --disable-lastlog or NO_SSH_LASTLOG since that
+# prevents the 'Last login: ...' message from being displayed. Thus
+# we just prevent OpenSSH from updating lastlog since reading from
+# lastlog is fine. Other PAM implementations don't update lastlog
+# during session management so this change is Solaris-specific and
+# thus isn't being contributed back to the upstream community.
+#
+*** orig/loginrec.c Thu Oct 4 16:08:42 2012
+--- new/loginrec.c Thu Sep 4 16:41:24 2014
***************
-*** 14,19 ****
---- 14,22 ----
-
- void record_login(pid_t, const char *, const char *, uid_t,
- const char *, struct sockaddr *, socklen_t);
-+ #ifdef LASTLOG_FIX
-+ void store_lastlog_message(const char *, uid_t);
-+ #endif
- void record_logout(pid_t, const char *, const char *);
- time_t get_last_login_time(uid_t, const char *, char *, u_int);
-
-*** orig/sshlogin.c Thu Oct 4 16:08:42 2012
---- new/sshlogin.c Thu Oct 4 16:35:27 2012
-***************
-*** 83,89 ****
---- 83,93 ----
- * Generate and store last login message. This must be done before
- * login_login() is called and lastlog is updated.
- */
-+ #ifndef LASTLOG_FIX
- static void
-+ #else
-+ void
-+ #endif
- store_lastlog_message(const char *user, uid_t uid)
- {
- #ifndef NO_SSH_LASTLOG
-***************
-*** 128,133 ****
---- 132,141 ----
- {
- struct logininfo *li;
-
-+ #ifdef LASTLOG_FIX
-+ /* In Solaris, PAM takes care of last login tracking */
-+ if (!options.use_pam) {
-+ #endif
- /* save previous login details before writing new */
- store_lastlog_message(user, uid);
-
-***************
-*** 135,140 ****
---- 143,152 ----
- login_set_addr(li, addr, addrlen);
- login_login(li);
- login_free_entry(li);
-+
-+ #ifdef LASTLOG_FIX
-+ }
-+ #endif
- }
-
- #ifdef LOGIN_NEEDS_UTMPX
+*** 444,450 ****
+ #ifdef USE_LOGIN
+ syslogin_write_entry(li);
+ #endif
+! #ifdef USE_LASTLOG
+ if (li->type == LTYPE_LOGIN)
+ lastlog_write_entry(li);
+ #endif
+--- 444,450 ----
+ #ifdef USE_LOGIN
+ syslogin_write_entry(li);
+ #endif
+! #if defined(USE_LASTLOG) && !defined(PAM_SUN_CODEBASE)
+ if (li->type == LTYPE_LOGIN)
+ lastlog_write_entry(li);
+ #endif