Unit Tests Skipped
I'm not sure of the reason for this change; there were no upstream changes in session.c between 7.4p1 and 7.5p1.
While pondering the leak introduced by the change I found that Coverity identified it (CID 1379281).
Note that with all functions in this group, you should not call free(3) on any pointers returned. Memory allocated during retrieval or processing of capability tags is automatically reused by subsequent calls to functions in this group, or deallocated on calling login_close().