diff --git a/security/openssh-portable/files/patch-FreeBSD-cap_cache_tzdata b/security/openssh-portable/files/patch-FreeBSD-cap_cache_tzdata
new file mode 100644
index 0000000..3a96bd9
--- /dev/null
+++ b/security/openssh-portable/files/patch-FreeBSD-cap_cache_tzdata
@@ -0,0 +1,49 @@
+diff --git a/security/openssh-portable/files/patch-FreeBSD-caph_cache_tzdata b/security/openssh-portable/files/patch-FreeBSD-caph_cache_tzdata
+new file mode 100644
+index 000000000000..bf3889265b77
+--- /dev/null
++++ b/security/openssh-portable/files/patch-FreeBSD-caph_cache_tzdata
+@@ -0,0 +1,43 @@
++commit fc3c19a9fceeea48a9259ac3833a125804342c0e
++Author: Ed Maste <emaste@FreeBSD.org>
++Date:   Sat Oct 6 21:32:55 2018 +0000
++
++    sshd: address capsicum issues
++    
++    * Add a wrapper to proxy login_getpwclass(3) as it is not allowed in
++      capability mode.
++    * Cache timezone data via caph_cache_tzdata() as we cannot access the
++      timezone file.
++    * Reverse resolve hostname before entering capability mode.
++    
++    PR:             231172
++    Submitted by:   naito.yuichiro@gmail.com
++    Reviewed by:    cem, des
++    Approved by:    re (rgrimes)
++    MFC after:      3 weeks
++    Differential Revision:  https://reviews.freebsd.org/D17128
++
++Notes:
++    svn path=/head/; revision=339216
++
++diff --git crypto/openssh/sandbox-capsicum.c crypto/openssh/sandbox-capsicum.c
++index 5f41d526292b..f728abd18250 100644
++--- sandbox-capsicum.c
+++++ sandbox-capsicum.c
++@@ -31,6 +31,7 @@ __RCSID("$FreeBSD$");
++ #include <stdlib.h>
++ #include <string.h>
++ #include <unistd.h>
+++#include <capsicum_helpers.h>
++ 
++ #include "log.h"
++ #include "monitor.h"
++@@ -71,6 +72,8 @@ ssh_sandbox_child(struct ssh_sandbox *box)
++ 	struct rlimit rl_zero;
++ 	cap_rights_t rights;
++ 
+++	caph_cache_tzdata();
+++
++ 	rl_zero.rlim_cur = rl_zero.rlim_max = 0;
++ 
++ 	if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)