diff --git a/openssh-5.2p1-sesftp.patch b/openssh-5.2p1-sesftp.patch
index dad20ac..384d07a 100644
--- a/openssh-5.2p1-sesftp.patch
+++ b/openssh-5.2p1-sesftp.patch
@@ -1,49 +1,66 @@
 diff -up openssh-5.2p1/session.c.sesftp openssh-5.2p1/session.c
---- openssh-5.2p1/session.c.sesftp	2009-07-22 15:18:17.156499945 +0200
-+++ openssh-5.2p1/session.c	2009-07-22 15:20:09.950319644 +0200
-@@ -58,6 +58,7 @@
+--- openssh-5.2p1/session.c.sesftp	2009-08-09 10:21:11.586827446 +0200
++++ openssh-5.2p1/session.c	2009-08-09 10:39:30.475622699 +0200
+@@ -58,6 +58,9 @@
  #include <stdlib.h>
  #include <string.h>
  #include <unistd.h>
++#ifdef WITH_SELINUX
 +#include <selinux/selinux.h>
++#endif
  
  #include "openbsd-compat/sys-queue.h"
  #include "xmalloc.h"
-@@ -1805,8 +1806,8 @@ do_child(Session *s, const char *command
+@@ -101,6 +104,9 @@
+ 	  c[sizeof(INTERNAL_SFTP_NAME) - 1] == ' ' || \
+ 	  c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\t'))
  
- 	if (s->is_subsystem == SUBSYSTEM_INT_SFTP) {
++#ifdef WITH_SELINUX
++#define SFTPD_T		"sftpd_t"
++#endif
+ /* func */
+ 
+ Session *session_new(void);
+@@ -1789,6 +1795,10 @@ do_child(Session *s, const char *command
  		extern int optind, optreset;
--		int i;
--		char *p, *args;
-+		int i, l;
-+		char *p, *args, *c1, *c2, *cx;
+ 		int i;
+ 		char *p, *args;
++#ifdef WITH_SELINUX
++		int L1, L2;
++		char *c1, *c2, *cx;
++#endif
  
  		setproctitle("%s@internal-sftp-server", s->pw->pw_name);
  		args = xstrdup(command ? command : "sftp-server");
-@@ -1816,6 +1817,27 @@ do_child(Session *s, const char *command
+@@ -1798,6 +1808,32 @@ do_child(Session *s, const char *command
  		argv[i] = NULL;
  		optind = optreset = 1;
  		__progname = argv[0];
-+		if (getcon (&c1) < 0) {
-+			logit("do_child: getcon failed witch %s", strerror (errno));
++#ifdef WITH_SELINUX
++		if (getcon ((security_context_t *) &c1) < 0) {
++			logit("do_child: getcon failed with %s", strerror (errno));
 +		} else {
-+			c2 = xmalloc (strlen (c1) + 8);
++			L1 = strlen (c1) + sizeof (SFTPD_T);
++			c2 = xmalloc (L1);
 +			if (!(cx = index (c1, ':')))
 +				goto badcontext;
 +			if (!(cx = index (cx + 1, ':'))) {
 +badcontext:
 +				logit ("do_child: unparseable context %s", c1);
 +			} else {
-+				l = cx - c1 + 1;
-+				memcpy (c2, c1, l);
-+				strcpy (c2 + l, "sftpd_t");
++				L2 = cx - c1 + 1;
++				memcpy (c2, c1, L2);
++				strlcpy (c2 + L2, SFTPD_T, L1);
 +				if ((cx = index (cx + 1, ':')))
-+					strcat (c2, cx);
++					strlcat (c2, cx, L1);
 +				if (setcon (c2) < 0) 
-+					logit("do_child: setcon failed witch %s", strerror (errno));
++					logit("do_child: setcon failed with %s", strerror (errno));
 +			
 +			}
++			xfree (c1);
++			xfree (c2);
 +		}		
++#endif
 +			
  		exit(sftp_server_main(i, argv, s->pw));
  	}
diff --git a/openssh.spec b/openssh.spec
index 25c3ded..7ea548a 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -473,6 +473,7 @@ fi
 - merged gssapi-role to selinux patch
 - merged cve-2007_3102 to audit patch
 - sesftp patch only with WITH_SELINUX flag
+- rearange sesftp patch according to upstream request
 
 * Wed Aug 26 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-19
 - minor change in sesftp patch