diff --git a/openssh/openssh-chroot.diff b/openssh/openssh-chroot.diff
new file mode 100644
index 0000000000..5bf0fdfd73
--- /dev/null
+++ b/openssh/openssh-chroot.diff
@@ -0,0 +1,79 @@
+--- openssh-3.0.2p1/session.c.orig	Sat Dec  1 18:37:08 2001
++++ openssh-3.0.2p1/session.c	Thu Dec 20 14:35:11 2001
+@@ -1038,6 +1038,10 @@
+ 	struct stat st;
+ 	char *argv[10];
+ 	int do_xauth;
++#ifdef HAVE_CHROOT
++	char *user_dir;
++	char *new_root;
++#endif /* HAVE_CHROOT */
+ #ifdef WITH_IRIX_PROJECT
+ 	prid_t projid;
+ #endif /* WITH_IRIX_PROJECT */
+@@ -1111,6 +1115,24 @@
+ 
+ 			if (setlogin(pw->pw_name) < 0)
+ 				error("setlogin failed: %s", strerror(errno));
++#ifdef HAVE_CHROOT
++			user_dir = xstrdup(pw->pw_dir);
++			new_root = user_dir + 1;  										  
++			while((new_root = strchr(new_root, '.')) != NULL) {
++			  new_root--;
++			  if(strncmp(new_root, "/./", 3) == 0) {
++			    *new_root = '\0';
++			    new_root += 2;
++
++			    if(chroot(user_dir) != 0)
++			      fatal("Couldn't chroot to user directory %s", user_dir);
++
++			    pw->pw_dir = new_root;
++			    break;
++			  }
++			  new_root += 2;
++			}
++#endif /* HAVE_CHROOT */
+ 			if (setgid(pw->pw_gid) < 0) {
+ 				perror("setgid");
+ 				exit(1);
+--- openssh-3.0.2p1/configure.ac.orig	Thu Dec 20 14:25:33 2001
++++ openssh-3.0.2p1/configure.ac	Thu Dec 20 14:28:58 2001
+@@ -1721,6 +1721,18 @@
+ 	]
+ )
+ 
++# Check whether to enable chroot support
++CHROOT_MSG="no" 
++AC_ARG_WITH(chroot,
++	[  --with-chroot           Enable use of chroot home directories],
++	[
++		if test "x$withval" != "xno" ; then
++			AC_DEFINE(HAVE_CHROOT)
++			MD5_MSG="yes"
++		fi
++	]
++)
++
+ # Whether to disable shadow password support
+ AC_ARG_WITH(shadow,
+ 	[  --without-shadow        Disable shadow password support],
+@@ -2207,6 +2219,7 @@
+ echo "                 S/KEY support: $SKEY_MSG"
+ echo "          TCP Wrappers support: $TCPW_MSG"
+ echo "          MD5 password support: $MD5_MSG"
++echo "                chroot support: $CHROOT_MSG"
+ echo "   IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
+ echo "      Use IPv4 by default hack: $IPV4_HACK_MSG"
+ echo "       Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
+--- openssh-3.0.2p1/config.h.in.orig	Thu Dec 20 14:43:20 2001
++++ openssh-3.0.2p1/config.h.in	Thu Dec 20 14:44:08 2001
+@@ -780,6 +780,9 @@
+ /* Define if you have the `__b64_ntop' function. */
+ #undef HAVE___B64_NTOP
+ 
++/* Define if you want the chroot capability */
++#undef HAVE_CHROOT
++
+ /* The size of a `char', as computed by sizeof. */
+ #undef SIZEOF_CHAR
+ 
diff --git a/openssh/openssh.spec b/openssh/openssh.spec
index 367e23ef03..7108439cd8 100644
--- a/openssh/openssh.spec
+++ b/openssh/openssh.spec
@@ -23,8 +23,9 @@
 ##  SUCH DAMAGE.
 ##
 
-%define       with_pcre    yes
-%define       with_skey    no
+%define       with_pcre           yes
+%define       with_skey           no
+%define       with_chroot         no
 
 #   package information
 Name:         openssh
@@ -36,7 +37,7 @@ Distribution: OpenPKG [REL]
 Group:        Cryptography
 License:      BSD
 Version:      3.0.2p1
-Release:      20020206
+Release:      20020307
 
 #   list of sources
 Source0:      ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
@@ -45,6 +46,7 @@ Source2:      rc.openssh
 Source3:      sshd_config
 Source4:      ssh_config
 Source5:      ssh-askpass
+Patch0:       openssh-chroot.diff
 
 #   build information
 Prefix:       %{l_prefix}
@@ -74,6 +76,9 @@ AutoReqProv:  no
 %prep
     %setup0 -q -c -a 0
     %setup1 -q -T -D -a 1
+    %if "%{with_chroot}" == "yes"
+    %patch0 -p0
+    %endif
 
 %build
     #   build faked syslog(3) library