From nobody Mon Apr 27 02:12:57 2026
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4g3nCY6Dpgz6bTvR
	for <dev-commits-ports-all@mlmmj.nyi.freebsd.org>; Mon, 27 Apr 2026 02:12:57 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4g3nCY4Gg3z3dJq
	for <dev-commits-ports-all@FreeBSD.org>; Mon, 27 Apr 2026 02:12:57 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1777255977;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Mqtz7EJSFglgkTQwPvOBvN+C5VzylaHnKTa5boBRn/A=;
	b=mdTxMoeg9m1i69dr7nIEa0FlfzGU88ASnIPoX09OBtbFE3K1JB1z3ONlqn0L/c3X0/6uOM
	wtCsv93xOIsv6YS+WNkdsWAW2am4XIxXfdjph9S67zKSesIPpoYuLPjd8o1GTBaa3d51C4
	x8ZrAmDzNJrfWIJLQjjTfXdxrAYD5EFjGvqWfHFKdcujF6vtzmg1ewPKQ5b++1BxIM/xwz
	/sAauYah0HtIe7BFdS+vKK6dcvjJjls9MUn+P/nS2ST+fseHeVuVa9vW3utClzsEQP15bh
	CBgpesbWODE93T0yjrRuveIHUl8NColN/TSEkXhs5aA+z2OsHStsH80kfXN0XQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1777255977; a=rsa-sha256; cv=none;
	b=PQm7DXpgHPC+OaxsM/FPDR3ZKVJU1PPCEjur8jkIJ4/pn3q6tCb+JgnCPSWZGo9vhmYI6D
	mce8teOQqazib+UR2JOTyMoHAtMJ9XzG+vYvdWGgF/mUXr6u2d4tdBE55sOXDc3eDeiS14
	Fxwx+7y8Jfg7eG+TBOib2vT6I6vkZxHogBbL8dzYhzPoDjO7Mra4QLrutTPxLkOOmZTgPp
	j/yHyrBjRzT89clZv9+rOyGJEVYaTB6lPnBJvKfVH3cyeAgKUTMsn0cRk47Lrucoe55e7W
	nbBNf+WVVJ6ksDW4Ml+5ts8IL/2MZ2hOhGwpLo/UmlFl2P6r+iucRovE6cAQOQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1777255977;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Mqtz7EJSFglgkTQwPvOBvN+C5VzylaHnKTa5boBRn/A=;
	b=IDXWU84nVEzuz5q0yUWvqFjueUiRSlEeQa44HLpqYFwtOGknO0FSfrCpl0zqq1YgIzOKh1
	C1RBXj4wohZN+Ncd5DfehIvMMFKr+9v97GzJfNRwwu2gbrROycFASd0GuDK7QLUjTGc1rE
	Lg0jqMOKOZ8IovHZHFz7GkcWj1bdKwSy582CuVhF6kEI45U8/TZ9n14LJPwH+uw3Y6jjM7
	7cCwRHt4/g4jBgsFd6loLP5kV1kM8stPBrLhwZYCRN6vWCpxkW6eKVdS6mTWSOptjgpN8G
	bi65amzHkp+WBjunVuvUP2ykjsMj7gdQA5JbUTMD0gfmwBtGwcJr+vpke8XNBw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4g3nCY1HZDznlt
	for <dev-commits-ports-all@FreeBSD.org>; Mon, 27 Apr 2026 02:12:57 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from git (uid 1279)
	(envelope-from git@FreeBSD.org)
	id 32afc
	by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org);
	Mon, 27 Apr 2026 02:12:57 +0000
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
From: Bryan Drewery <bdrewery@FreeBSD.org>
Subject: git: 899a7de9a078 - main - security/openssh-portable: Update to 10.3p1
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-ports-all@freebsd.org
Sender: owner-dev-commits-ports-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: bdrewery
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 899a7de9a0782fd50caaffdb2e86a29ac9848ae6
Auto-Submitted: auto-generated
Date: Mon, 27 Apr 2026 02:12:57 +0000
Message-Id: <69eec629.32afc.3a1fd496@gitrepo.freebsd.org>

The branch main has been updated by bdrewery:

URL: https://cgit.FreeBSD.org/ports/commit/?id=899a7de9a0782fd50caaffdb2e86a29ac9848ae6

commit 899a7de9a0782fd50caaffdb2e86a29ac9848ae6
Author:     Bryan Drewery <bdrewery@FreeBSD.org>
AuthorDate: 2026-04-25 23:57:40 +0000
Commit:     Bryan Drewery <bdrewery@FreeBSD.org>
CommitDate: 2026-04-27 02:12:24 +0000

    security/openssh-portable: Update to 10.3p1
    
    Release notes: https://www.openssh.org/txt/release-10.3
---
 security/openssh-portable/Makefile                 |  8 ++--
 security/openssh-portable/distinfo                 | 10 ++--
 .../openssh-portable/files/extra-patch-blacklistd  | 55 +++++++++++++---------
 security/openssh-portable/files/extra-patch-hpn    | 26 +++++-----
 .../files/extra-patch-hpn-gss-glue                 |  7 ++-
 security/openssh-portable/files/patch-servconf.c   |  8 ----
 security/openssh-portable/files/patch-session.c    | 27 ++++++-----
 7 files changed, 71 insertions(+), 70 deletions(-)

diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile
index 0b2b33626d6e..abbc35b5a7ca 100644
--- a/security/openssh-portable/Makefile
+++ b/security/openssh-portable/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	openssh
-DISTVERSION=	10.2p1
-PORTREVISION=	6
+DISTVERSION=	10.3p1
+PORTREVISION=	0
 PORTEPOCH=	1
 CATEGORIES=	security
 MASTER_SITES=	OPENBSD/OpenSSH/portable
@@ -115,13 +115,13 @@ EXTRA_PATCHES+=	${FILESDIR}/extra-patch-hpn-gss-glue
 .  endif
 # - See https://sources.debian.org/data/main/o/openssh/ for which subdir to
 # pull from.
-GSSAPI_DEBIAN_VERSION=	10.2p1
+GSSAPI_DEBIAN_VERSION=	10.3p1
 GSSAPI_DEBIAN_SUBDIR=	${GSSAPI_DEBIAN_VERSION:U${DISTVERSION}}-1
 # - Debian does not use a versioned filename so we trick fetch to make one for
 # us with the ?<anything>=/ trick.
 PATCH_SITES+=	https://sources.debian.org/data/main/o/openssh/1:${GSSAPI_DEBIAN_SUBDIR}/debian/patches/gssapi.patch?dummy=/:gsskex
 # Bump this when updating the patch location
-GSSAPI_DISTVERSION=	10.2p1
+GSSAPI_DISTVERSION=	10.3p1
 PATCHFILES+=	openssh-${GSSAPI_DISTVERSION:U${DISTVERSION}}-gsskex-all-debian-rh-${GSSAPI_DISTVERSION}.patch:-p1:gsskex
 EXTRA_PATCHES+=	${FILESDIR}/extra-patch-gssapi-kexgssc.c
 EXTRA_PATCHES+=	${FILESDIR}/extra-patch-gssapi-kexgsss.c
diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo
index 6aa27b76a8c8..14b3b9a55b8d 100644
--- a/security/openssh-portable/distinfo
+++ b/security/openssh-portable/distinfo
@@ -1,5 +1,5 @@
-TIMESTAMP = 1760240447
-SHA256 (openssh-10.2p1.tar.gz) = ccc42c0419937959263fa1dbd16dafc18c56b984c03562d2937ce56a60f798b2
-SIZE (openssh-10.2p1.tar.gz) = 1974519
-SHA256 (openssh-10.2p1-gsskex-all-debian-rh-10.2p1.patch) = a02ab012657477a85dc7e4dca90a568ff5f13199221cda888608e9d0290454a0
-SIZE (openssh-10.2p1-gsskex-all-debian-rh-10.2p1.patch) = 126336
+TIMESTAMP = 1777161775
+SHA256 (openssh-10.3p1.tar.gz) = 56682a36bb92dcf4b4f016fd8ec8e74059b79a8de25c15d670d731e7d18e45f4
+SIZE (openssh-10.3p1.tar.gz) = 2007369
+SHA256 (openssh-10.3p1-gsskex-all-debian-rh-10.3p1.patch) = 58f2d59009442572107f6e02c43145676d4ee6461907f719820c77b07adb6612
+SIZE (openssh-10.3p1-gsskex-all-debian-rh-10.3p1.patch) = 126667
diff --git a/security/openssh-portable/files/extra-patch-blacklistd b/security/openssh-portable/files/extra-patch-blacklistd
index 698c109ccfe6..70c6efd8c6ab 100644
--- a/security/openssh-portable/files/extra-patch-blacklistd
+++ b/security/openssh-portable/files/extra-patch-blacklistd
@@ -337,17 +337,17 @@
  	int	client_alive_interval;	/*
  					 * poke the client this often to
  					 * see if it's still there
---- sshd-session.c.orig	2025-10-02 12:00:00.000000000
-+++ sshd-session.c	2025-10-02 12:00:00.000000000
-@@ -102,6 +102,7 @@
+--- sshd-session.c.orig	2026-04-02 01:09:03.000000000 -0700
++++ sshd-session.c	2026-04-25 16:49:54.889134000 -0700
+@@ -95,6 +95,7 @@
  #include "sk-api.h"
  #include "srclimit.h"
  #include "dh.h"
 +#include "blacklist_client.h"
  
- #ifdef LIBWRAP
- #include <tcpd.h>
-@@ -1175,6 +1176,8 @@
+ /* Re-exec fds */
+ #define REEXEC_DEVCRYPTO_RESERVED_FD	(STDERR_FILENO + 1)
+@@ -1147,6 +1148,8 @@ main(int ac, char **av)
  	ssh_signal(SIGQUIT, SIG_DFL);
  	ssh_signal(SIGCHLD, SIG_DFL);
  	ssh_signal(SIGINT, SIG_DFL);
@@ -356,30 +356,19 @@
  
  	/*
  	 * Register our connection.  This turns encryption off because we do
-@@ -1249,8 +1271,10 @@
- 	}
- 
- 	if ((r = kex_exchange_identification(ssh, -1,
--	    options.version_addendum)) != 0)
-+	    options.version_addendum)) != 0) {
-+		BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, "Banner exchange");
- 		sshpkt_fatal(ssh, r, "banner exchange");
-+	}
- 
- 	ssh_packet_set_nonblocking(ssh);
- 
-@@ -1395,7 +1419,10 @@
+@@ -1361,8 +1364,11 @@ cleanup_exit(int i)
  		audit_event(the_active_state, SSH_CONNECTION_ABANDON);
  #endif
  	/* Override default fatal exit value when auth was attempted */
--	if (i == 255 && auth_attempted)
-+	if (i == 255 && auth_attempted) {
+-	if (i == 255 && monitor_auth_attempted())
++	if (i == 255 && monitor_auth_attempted()) {
 +		BLACKLIST_NOTIFY(the_active_state, BLACKLIST_AUTH_FAIL,
 +		    "Fatal exit");
  		_exit(EXIT_AUTH_ATTEMPTED);
 +	}
+ 	if (i == 255 && monitor_invalid_user())
+ 		_exit(EXIT_INVALID_USER);
  	_exit(i);
- }
 --- sshd_config.5.orig	2025-10-02 12:00:00.000000000
 +++ sshd_config.5	2025-10-02 12:00:00.000000000
 @@ -2009,6 +2009,20 @@
@@ -413,3 +402,25 @@
  #VersionAddendum none
  
  # no default banner path
+--- sshd-auth.c.orig	2026-04-25 16:47:09.675535000 -0700
++++ sshd-auth.c	2026-04-25 16:48:05.928839000 -0700
+@@ -96,6 +96,7 @@
+ #include "srclimit.h"
+ #include "ssh-sandbox.h"
+ #include "dh.h"
++#include "blacklist_client.h"
+ 
+ /* Privsep fds */
+ #define PRIVSEP_MONITOR_FD		(STDERR_FILENO + 1)
+@@ -812,8 +813,10 @@ do_ssh2_kex(struct ssh *ssh)
+ 	free(hkalgs);
+ 
+ 	if ((r = kex_exchange_identification(ssh, -1,
+-	    options.version_addendum)) != 0)
++	    options.version_addendum)) != 0) {
++		BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, "Banner exchange");
+ 		sshpkt_fatal(ssh, r, "banner exchange");
++	}
+ 	mm_sshkey_setcompat(ssh); /* tell monitor */
+ 
+ 	if ((ssh->compat & SSH_BUG_NOREKEY))
diff --git a/security/openssh-portable/files/extra-patch-hpn b/security/openssh-portable/files/extra-patch-hpn
index 037930f981b4..6601e745cdf9 100644
--- a/security/openssh-portable/files/extra-patch-hpn
+++ b/security/openssh-portable/files/extra-patch-hpn
@@ -1233,17 +1233,6 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
  	/*
  	 * Create a new session and process group since the 4.4BSD
  	 * setlogin() affects the entire process group.  We don't
---- work/openssh/sshd-session.c.orig	2025-10-11 10:19:18.935826000 -0700
-+++ work/openssh/sshd-session.c	2025-10-11 10:20:11.460279000 -0700
-@@ -1281,7 +1281,7 @@ main(int ac, char **av)
- 	}
- 
- 	if ((r = kex_exchange_identification(ssh, -1,
--	    options.version_addendum)) != 0) {
-+	    options.version_addendum, options.hpn_disabled)) != 0) {
- 		BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, "Banner exchange");
- 		sshpkt_fatal(ssh, r, "banner exchange");
- 	}
 --- work.clean/openssh-6.8p1/sshd_config	2015-04-01 22:07:18.248858000 -0500
 +++ work/openssh-6.8p1/sshd_config	2015-04-01 22:16:49.932279000 -0500
 @@ -111,6 +111,20 @@ AuthorizedKeysFile	.ssh/authorized_keys
@@ -1285,9 +1274,9 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
  
  struct kex *kex_new(void);
  int	 kex_ready(struct ssh *, char *[PROPOSAL_MAX]);
---- work/openssh/sshd-auth.c.orig	2025-04-10 22:36:29.699636000 -0700
-+++ work/openssh/sshd-auth.c	2025-04-10 22:36:33.770235000 -0700
-@@ -827,6 +827,14 @@ do_ssh2_kex(struct ssh *ssh)
+--- work/openssh/sshd-auth.c.orig	2026-04-25 16:58:23.868827000 -0700
++++ work/openssh/sshd-auth.c	2026-04-25 16:59:29.116215000 -0700
+@@ -799,6 +799,14 @@ do_ssh2_kex(struct ssh *ssh)
  	struct kex *kex;
  	int r;
  
@@ -1302,3 +1291,12 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
  	if (options.rekey_limit || options.rekey_interval)
  		ssh_packet_set_rekey_limits(ssh, options.rekey_limit,
  		    options.rekey_interval);
+@@ -813,7 +821,7 @@ do_ssh2_kex(struct ssh *ssh)
+ 	free(hkalgs);
+ 
+ 	if ((r = kex_exchange_identification(ssh, -1,
+-	    options.version_addendum)) != 0) {
++	    options.version_addendum, options.hpn_disabled)) != 0) {
+ 		BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, "Banner exchange");
+ 		sshpkt_fatal(ssh, r, "banner exchange");
+ 	}
diff --git a/security/openssh-portable/files/extra-patch-hpn-gss-glue b/security/openssh-portable/files/extra-patch-hpn-gss-glue
index 3924a57f9d67..81ee7e0e4250 100644
--- a/security/openssh-portable/files/extra-patch-hpn-gss-glue
+++ b/security/openssh-portable/files/extra-patch-hpn-gss-glue
@@ -22,15 +22,14 @@
  	if (options.gss_keyex) {
  		/* Add the GSSAPI mechanisms currently supported on this
  		 * client to the key exchange algorithm proposal */
---- readconf.c.orig	2025-10-08 15:36:47.220504000 -0700
-+++ readconf.c	2025-10-08 15:38:09.729314000 -0700
-@@ -60,11 +60,11 @@
+--- readconf.c.orig	2026-04-25 17:03:05.811011000 -0700
++++ readconf.c	2026-04-25 17:03:28.148581000 -0700
+@@ -53,10 +53,10 @@
  #include "readconf.h"
  #include "match.h"
  #include "kex.h"
 +#include "ssh-gss.h"
  #include "mac.h"
- #include "uidswap.h"
  #include "myproposal.h"
  #include "digest.h"
 -#include "ssh-gss.h"
diff --git a/security/openssh-portable/files/patch-servconf.c b/security/openssh-portable/files/patch-servconf.c
index 8061e4c76386..cba3768c1507 100644
--- a/security/openssh-portable/files/patch-servconf.c
+++ b/security/openssh-portable/files/patch-servconf.c
@@ -8,14 +8,6 @@ Apply FreeBSD's configuration defaults.
 
 --- servconf.c.orig	2026-04-25 16:05:26.936844000 -0700
 +++ servconf.c	2026-04-25 16:18:06.486288000 -0700
-@@ -44,6 +44,7 @@
- # include "openbsd-compat/glob.h"
- #endif
- 
-+#include "version.h"
- #include "openbsd-compat/sys-queue.h"
- #include "xmalloc.h"
- #include "ssh.h"
 @@ -298,7 +299,11 @@ fill_default_server_options(ServerOptions *options)
  
  	/* Portable-specific options */
diff --git a/security/openssh-portable/files/patch-session.c b/security/openssh-portable/files/patch-session.c
index da35125897b5..511b989893a4 100644
--- a/security/openssh-portable/files/patch-session.c
+++ b/security/openssh-portable/files/patch-session.c
@@ -13,9 +13,9 @@ to the child process.
 Reviewed by:    ache
 Sponsored by:   DARPA, NAI Labs
 
---- session.c.orig	2021-04-15 20:55:25.000000000 -0700
-+++ session.c	2021-04-27 13:11:13.515917000 -0700
-@@ -939,6 +939,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
+--- session.c.orig	2026-04-02 01:09:03.000000000 -0700
++++ session.c	2026-04-25 16:52:16.015940000 -0700
+@@ -940,6 +940,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
  	struct passwd *pw = s->pw;
  #if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN)
  	char *path = NULL;
@@ -25,7 +25,7 @@ Sponsored by:   DARPA, NAI Labs
  #endif
  
  	/* Initialize the environment. */
-@@ -960,6 +963,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
+@@ -961,6 +964,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
  	}
  #endif
  
@@ -35,7 +35,7 @@ Sponsored by:   DARPA, NAI Labs
  #ifdef GSSAPI
  	/* Allow any GSSAPI methods that we've used to alter
  	 * the child's environment as they see fit
-@@ -977,11 +983,30 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
+@@ -978,11 +984,30 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
  	child_set_env(&env, &envsize, "LOGIN", pw->pw_name);
  #endif
  	child_set_env(&env, &envsize, "HOME", pw->pw_dir);
@@ -70,25 +70,26 @@ Sponsored by:   DARPA, NAI Labs
  #else /* HAVE_LOGIN_CAP */
  # ifndef HAVE_CYGWIN
  	/*
-@@ -1001,17 +1026,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
+@@ -1001,18 +1026,10 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
+ 	}
  # endif /* HAVE_CYGWIN */
  #endif /* HAVE_LOGIN_CAP */
- 
+-
 -	if (!options.use_pam) {
 -		snprintf(buf, sizeof buf, "%.200s/%.50s",
 -		    _PATH_MAILDIR, pw->pw_name);
 -		child_set_env(&env, &envsize, "MAIL", buf);
 -	}
--
+ 
  	/* Normal systems set SHELL by default. */
  	child_set_env(&env, &envsize, "SHELL", shell);
  
 -	if (getenv("TZ"))
 -		child_set_env(&env, &envsize, "TZ", getenv("TZ"));
- 	if (s->term)
- 		child_set_env(&env, &envsize, "TERM", s->term);
- 	if (s->display)
-@@ -1225,7 +1242,8 @@ do_nologin(struct passwd *pw)
+ #ifdef HAVE_LOGIN_CAP
+ 	if (getenv("XDG_RUNTIME_DIR")) {
+ 		child_set_env(&env, &envsize, "XDG_RUNTIME_DIR",
+@@ -1232,7 +1249,8 @@ do_nologin(struct passwd *pw)
  do_nologin(struct passwd *pw)
  {
  	FILE *f = NULL;
@@ -98,7 +99,7 @@ Sponsored by:   DARPA, NAI Labs
  	struct stat sb;
  
  #ifdef HAVE_LOGIN_CAP
-@@ -1315,7 +1333,7 @@ do_setusercontext(struct passwd *pw)
+@@ -1322,7 +1340,7 @@ do_setusercontext(struct passwd *pw)
  	if (platform_privileged_uidswap()) {
  #ifdef HAVE_LOGIN_CAP
  		if (setusercontext(lc, pw, pw->pw_uid,