This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2goclient-contrib. commit 129ccaf63aa795279bcafba3a677efaf9112284a Author: Mihai Moldovan <ionic@ionic.de> Date: Fri Jun 15 10:47:20 2018 +0200 openssh-server: add 7.7p1-x2go1 binary symlink and source. --- openssh-server/7.7p1-1-x2go1_cygwin-20180615-1_bin | 1 + .../7.7p1-1-x2go1_src/openssh-7.7p1-1-src.tar.xz | Bin 0 -> 1536228 bytes .../7.7p1-1-x2go1_src/openssh-7.7p1-1.x2go.patch | 438 +++++++++++++++++++++ 3 files changed, 439 insertions(+) diff --git a/openssh-server/7.7p1-1-x2go1_cygwin-20180615-1_bin b/openssh-server/7.7p1-1-x2go1_cygwin-20180615-1_bin new file mode 120000 index 0000000..d7f2b95 --- /dev/null +++ b/openssh-server/7.7p1-1-x2go1_cygwin-20180615-1_bin @@ -0,0 +1 @@ +../cygwin/20180615-1_bin \ No newline at end of file diff --git a/openssh-server/7.7p1-1-x2go1_src/openssh-7.7p1-1-src.tar.xz b/openssh-server/7.7p1-1-x2go1_src/openssh-7.7p1-1-src.tar.xz new file mode 100644 index 0000000..39fb6a2 Binary files /dev/null and b/openssh-server/7.7p1-1-x2go1_src/openssh-7.7p1-1-src.tar.xz differ diff --git a/openssh-server/7.7p1-1-x2go1_src/openssh-7.7p1-1.x2go.patch b/openssh-server/7.7p1-1-x2go1_src/openssh-7.7p1-1.x2go.patch new file mode 100644 index 0000000..445324e --- /dev/null +++ b/openssh-server/7.7p1-1-x2go1_src/openssh-7.7p1-1.x2go.patch @@ -0,0 +1,438 @@ +diff -pur openssh-7.7p1-orig/auth.c openssh-7.7p1/auth.c +--- openssh-7.7p1-orig/auth.c 2018-04-02 07:38:28.000000000 +0200 ++++ openssh-7.7p1/auth.c 2018-06-15 07:39:05.789800000 +0200 +@@ -168,19 +168,34 @@ allowed_user(struct passwd * pw) + char *shell = xstrdup((pw->pw_shell[0] == '\0') ? + _PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */ + ++ /* Workaround for X2Go Client ++ * Path to shell is specified in sshd_config file ++ * as "subsystem shell" ++ */ ++ int i = 0; ++ for (i = 0; i < options.num_subsystems; ++i) { ++ if (!strcmp("shell", options.subsystem_name[i])) { ++ free(shell); ++ shell = xstrdup(options.subsystem_command[i]); ++ } ++ } ++ + if (stat(shell, &st) != 0) { + logit("User %.100s not allowed because shell %.100s " + "does not exist", pw->pw_name, shell); + free(shell); + return 0; + } ++ ++ /* Do not check shell attributes */ ++ /* + if (S_ISREG(st.st_mode) == 0 || + (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) { + logit("User %.100s not allowed because shell %.100s " + "is not executable", pw->pw_name, shell); + free(shell); + return 0; +- } ++ }*/ + free(shell); + } + +diff -pur openssh-7.7p1-orig/authfile.c openssh-7.7p1/authfile.c +--- openssh-7.7p1-orig/authfile.c 2018-04-02 07:38:28.000000000 +0200 ++++ openssh-7.7p1/authfile.c 2018-06-15 10:25:23.207400000 +0200 +@@ -167,7 +167,7 @@ sshkey_perm_ok(int fd, const char *filen + /* XXX kill perm_ok now that we have SSH_ERR_KEY_BAD_PERMISSIONS? */ + int + sshkey_load_private_type(int type, const char *filename, const char *passphrase, +- struct sshkey **keyp, char **commentp, int *perm_ok) ++ struct sshkey **keyp, char **commentp, int *perm_ok, int strict_key_modes) + { + int fd, r; + +@@ -181,7 +181,7 @@ sshkey_load_private_type(int type, const + *perm_ok = 0; + return SSH_ERR_SYSTEM_ERROR; + } +- if (sshkey_perm_ok(fd, filename) != 0) { ++ if (strict_key_modes && sshkey_perm_ok(fd, filename) != 0) { + if (perm_ok != NULL) + *perm_ok = 0; + r = SSH_ERR_KEY_BAD_PERMISSIONS; +@@ -226,7 +226,7 @@ sshkey_load_private_type_fd(int fd, int + /* XXX this is almost identical to sshkey_load_private_type() */ + int + sshkey_load_private(const char *filename, const char *passphrase, +- struct sshkey **keyp, char **commentp) ++ struct sshkey **keyp, char **commentp, int strict_key_modes) + { + struct sshbuf *buffer = NULL; + int r, fd; +@@ -238,7 +238,7 @@ sshkey_load_private(const char *filename + + if ((fd = open(filename, O_RDONLY)) < 0) + return SSH_ERR_SYSTEM_ERROR; +- if (sshkey_perm_ok(fd, filename) != 0) { ++ if (strict_key_modes && sshkey_perm_ok(fd, filename) != 0) { + r = SSH_ERR_KEY_BAD_PERMISSIONS; + goto out; + } +@@ -387,7 +387,7 @@ sshkey_load_cert(const char *filename, s + /* Load private key and certificate */ + int + sshkey_load_private_cert(int type, const char *filename, const char *passphrase, +- struct sshkey **keyp, int *perm_ok) ++ struct sshkey **keyp, int *perm_ok, int strict_key_modes) + { + struct sshkey *key = NULL, *cert = NULL; + int r; +@@ -410,7 +410,7 @@ sshkey_load_private_cert(int type, const + } + + if ((r = sshkey_load_private_type(type, filename, +- passphrase, &key, NULL, perm_ok)) != 0 || ++ passphrase, &key, NULL, perm_ok, strict_key_modes)) != 0 || + (r = sshkey_load_cert(filename, &cert)) != 0) + goto out; + +diff -pur openssh-7.7p1-orig/authfile.h openssh-7.7p1/authfile.h +--- openssh-7.7p1-orig/authfile.h 2018-04-02 07:38:28.000000000 +0200 ++++ openssh-7.7p1/authfile.h 2018-06-15 10:25:45.276400000 +0200 +@@ -38,11 +38,12 @@ int sshkey_save_private(struct sshkey *, + int sshkey_load_file(int, struct sshbuf *); + int sshkey_load_cert(const char *, struct sshkey **); + int sshkey_load_public(const char *, struct sshkey **, char **); +-int sshkey_load_private(const char *, const char *, struct sshkey **, char **); ++int sshkey_load_private(const char *, const char *, struct sshkey **, char **, ++ int); + int sshkey_load_private_cert(int, const char *, const char *, +- struct sshkey **, int *); ++ struct sshkey **, int *, int); + int sshkey_load_private_type(int, const char *, const char *, +- struct sshkey **, char **, int *); ++ struct sshkey **, char **, int *, int); + int sshkey_load_private_type_fd(int fd, int type, const char *passphrase, + struct sshkey **keyp, char **commentp); + int sshkey_perm_ok(int, const char *); +diff -pur openssh-7.7p1-orig/key.c openssh-7.7p1/key.c +--- openssh-7.7p1-orig/key.c 2018-04-02 07:38:28.000000000 +0200 ++++ openssh-7.7p1/key.c 2018-06-15 10:27:27.586400000 +0200 +@@ -175,12 +175,13 @@ key_load_public(const char *filename, ch + + Key * + key_load_private(const char *path, const char *passphrase, +- char **commentp) ++ char **commentp, int strict_key_modes) + { + int r; + Key *ret = NULL; + +- if ((r = sshkey_load_private(path, passphrase, &ret, commentp)) != 0) { ++ if ((r = sshkey_load_private(path, passphrase, &ret, commentp, ++ strict_key_modes)) != 0) { + fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); + /* Old authfile.c ignored all file errors. */ + if (r == SSH_ERR_SYSTEM_ERROR || +@@ -195,13 +196,13 @@ key_load_private(const char *path, const + + Key * + key_load_private_cert(int type, const char *filename, const char *passphrase, +- int *perm_ok) ++ int *perm_ok, int strict_key_modes) + { + int r; + Key *ret = NULL; + + if ((r = sshkey_load_private_cert(type, filename, passphrase, +- &ret, perm_ok)) != 0) { ++ &ret, perm_ok, strict_key_modes)) != 0) { + fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); + /* Old authfile.c ignored all file errors. */ + if (r == SSH_ERR_SYSTEM_ERROR || +@@ -216,13 +217,13 @@ key_load_private_cert(int type, const ch + + Key * + key_load_private_type(int type, const char *filename, const char *passphrase, +- char **commentp, int *perm_ok) ++ char **commentp, int *perm_ok, int strict_key_modes) + { + int r; + Key *ret = NULL; + + if ((r = sshkey_load_private_type(type, filename, passphrase, +- &ret, commentp, perm_ok)) != 0) { ++ &ret, commentp, perm_ok, strict_key_modes)) != 0) { + fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); + /* Old authfile.c ignored all file errors. */ + if (r == SSH_ERR_SYSTEM_ERROR || +diff -pur openssh-7.7p1-orig/key.h openssh-7.7p1/key.h +--- openssh-7.7p1-orig/key.h 2018-04-02 07:38:28.000000000 +0200 ++++ openssh-7.7p1/key.h 2018-06-15 10:27:42.702400000 +0200 +@@ -62,8 +62,9 @@ int key_sign(const Key *, u_char **, u_ + /* authfile.c */ + Key *key_load_cert(const char *); + Key *key_load_public(const char *, char **); +-Key *key_load_private(const char *, const char *, char **); +-Key *key_load_private_cert(int, const char *, const char *, int *); +-Key *key_load_private_type(int, const char *, const char *, char **, int *); ++Key *key_load_private(const char *, const char *, char **, int); ++Key *key_load_private_cert(int, const char *, const char *, int *, int); ++Key *key_load_private_type(int, const char *, const char *, char **, int *, ++ int); + + #endif +diff -pur openssh-7.7p1-orig/servconf.c openssh-7.7p1/servconf.c +--- openssh-7.7p1-orig/servconf.c 2018-04-02 07:38:28.000000000 +0200 ++++ openssh-7.7p1/servconf.c 2018-06-15 08:49:53.141600000 +0200 +@@ -109,6 +109,7 @@ initialize_server_options(ServerOptions + options->permit_user_rc = -1; + options->xauth_location = NULL; + options->strict_modes = -1; ++ options->strict_key_modes = -1; + options->tcp_keep_alive = -1; + options->log_facility = SYSLOG_FACILITY_NOT_SET; + options->log_level = SYSLOG_LEVEL_NOT_SET; +@@ -293,6 +294,8 @@ fill_default_server_options(ServerOption + options->permit_user_rc = 1; + if (options->strict_modes == -1) + options->strict_modes = 1; ++ if (options->strict_key_modes == -1) ++ options->strict_key_modes = 1; + if (options->tcp_keep_alive == -1) + options->tcp_keep_alive = 1; + if (options->log_facility == SYSLOG_FACILITY_NOT_SET) +@@ -450,7 +453,7 @@ typedef enum { + sListenAddress, sAddressFamily, + sPrintMotd, sPrintLastLog, sIgnoreRhosts, + sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, +- sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive, ++ sPermitTTY, sStrictModes, sStrictKeyModes, sEmptyPasswd, sTCPKeepAlive, + sPermitUserEnvironment, sAllowTcpForwarding, sCompression, + sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, + sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile, +@@ -561,6 +564,7 @@ static struct { + { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, + { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, + { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, ++ { "strictkeymodes", sStrictKeyModes, SSHCFG_GLOBAL }, + { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, + { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, + { "uselogin", sDeprecated, SSHCFG_GLOBAL }, +@@ -1470,6 +1474,10 @@ process_server_config_line(ServerOptions + intptr = &options->strict_modes; + goto parse_flag; + ++ case sStrictKeyModes: ++ intptr = &options->strict_key_modes; ++ goto parse_flag; ++ + case sTCPKeepAlive: + intptr = &options->tcp_keep_alive; + goto parse_flag; +@@ -2469,6 +2477,7 @@ dump_config(ServerOptions *o) + dump_cfg_fmtint(sPermitTTY, o->permit_tty); + dump_cfg_fmtint(sPermitUserRC, o->permit_user_rc); + dump_cfg_fmtint(sStrictModes, o->strict_modes); ++ dump_cfg_fmtint(sStrictKeyModes, o->strict_key_modes); + dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); + dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); + dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); +diff -pur openssh-7.7p1-orig/servconf.h openssh-7.7p1/servconf.h +--- openssh-7.7p1-orig/servconf.h 2018-04-02 07:38:28.000000000 +0200 ++++ openssh-7.7p1/servconf.h 2018-06-15 09:01:37.108600000 +0200 +@@ -103,6 +103,7 @@ typedef struct { + int permit_tty; /* If false, deny pty allocation */ + int permit_user_rc; /* If false, deny ~/.ssh/rc execution */ + int strict_modes; /* If true, require string home dir modes. */ ++ int strict_key_modes; /* If true, require strict private key file modes. */ + int tcp_keep_alive; /* If true, set SO_KEEPALIVE. */ + int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */ + int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ +diff -pur openssh-7.7p1-orig/session.c openssh-7.7p1/session.c +--- openssh-7.7p1-orig/session.c 2018-04-02 07:38:28.000000000 +0200 ++++ openssh-7.7p1/session.c 2018-06-15 07:41:16.592800000 +0200 +@@ -1539,6 +1539,18 @@ do_child(struct ssh *ssh, Session *s, co + shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell); + #endif + ++ ++ /* Workaround for X2Go Client ++ * Path to shell is specified in sshd_config file ++ * as "subsystem shell" ++ */ ++ int i = 0; ++ for (i = 0; i < options.num_subsystems; ++i) { ++ if (!strcmp("shell", options.subsystem_name[i])) { ++ shell = options.subsystem_command[i]; ++ } ++ } ++ + /* + * Close the connection descriptors; note that this is the child, and + * the server will still have the socket open, and it is important +diff -pur openssh-7.7p1-orig/ssh.c openssh-7.7p1/ssh.c +--- openssh-7.7p1-orig/ssh.c 2018-04-02 07:38:28.000000000 +0200 ++++ openssh-7.7p1/ssh.c 2018-06-15 10:28:11.513400000 +0200 +@@ -1393,28 +1393,28 @@ main(int ac, char **av) + PRIV_START; + #ifdef OPENSSL_HAS_ECC + sensitive_data.keys[1] = key_load_private_cert(KEY_ECDSA, +- _PATH_HOST_ECDSA_KEY_FILE, "", NULL); ++ _PATH_HOST_ECDSA_KEY_FILE, "", NULL, 1); + #endif + sensitive_data.keys[2] = key_load_private_cert(KEY_ED25519, +- _PATH_HOST_ED25519_KEY_FILE, "", NULL); ++ _PATH_HOST_ED25519_KEY_FILE, "", NULL, 1); + sensitive_data.keys[3] = key_load_private_cert(KEY_RSA, +- _PATH_HOST_RSA_KEY_FILE, "", NULL); ++ _PATH_HOST_RSA_KEY_FILE, "", NULL, 1); + sensitive_data.keys[4] = key_load_private_cert(KEY_DSA, +- _PATH_HOST_DSA_KEY_FILE, "", NULL); ++ _PATH_HOST_DSA_KEY_FILE, "", NULL, 1); + #ifdef OPENSSL_HAS_ECC + sensitive_data.keys[5] = key_load_private_type(KEY_ECDSA, +- _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL); ++ _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL, 1); + #endif + sensitive_data.keys[6] = key_load_private_type(KEY_ED25519, +- _PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL); ++ _PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL, 1); + sensitive_data.keys[7] = key_load_private_type(KEY_RSA, +- _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL); ++ _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL, 1); + sensitive_data.keys[8] = key_load_private_type(KEY_DSA, +- _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL); ++ _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL, 1); + sensitive_data.keys[9] = key_load_private_cert(KEY_XMSS, +- _PATH_HOST_XMSS_KEY_FILE, "", NULL); ++ _PATH_HOST_XMSS_KEY_FILE, "", NULL, 1); + sensitive_data.keys[10] = key_load_private_type(KEY_XMSS, +- _PATH_HOST_XMSS_KEY_FILE, "", NULL, NULL); ++ _PATH_HOST_XMSS_KEY_FILE, "", NULL, NULL, 1); + PRIV_END; + + if (options.hostbased_authentication == 1 && +diff -pur openssh-7.7p1-orig/sshconnect2.c openssh-7.7p1/sshconnect2.c +--- openssh-7.7p1-orig/sshconnect2.c 2018-04-02 07:38:28.000000000 +0200 ++++ openssh-7.7p1/sshconnect2.c 2018-06-15 09:20:24.196600000 +0200 +@@ -1256,7 +1256,7 @@ load_identity_file(Identity *id) + } + } + switch ((r = sshkey_load_private_type(KEY_UNSPEC, id->filename, +- passphrase, &private, &comment, &perm_ok))) { ++ passphrase, &private, &comment, &perm_ok, 1))) { + case 0: + break; + case SSH_ERR_KEY_WRONG_PASSPHRASE: +diff -pur openssh-7.7p1-orig/sshd.c openssh-7.7p1/sshd.c +--- openssh-7.7p1-orig/sshd.c 2018-04-02 07:38:28.000000000 +0200 ++++ openssh-7.7p1/sshd.c 2018-06-15 09:44:24.432600000 +0200 +@@ -1714,7 +1714,8 @@ main(int ac, char **av) + for (i = 0; i < options.num_host_key_files; i++) { + if (options.host_key_files[i] == NULL) + continue; +- key = key_load_private(options.host_key_files[i], "", NULL); ++ key = key_load_private(options.host_key_files[i], "", NULL, ++ options.strict_key_modes); + pubkey = key_load_public(options.host_key_files[i], NULL); + + if (pubkey == NULL && key != NULL) +diff -pur openssh-7.7p1-orig/sshd_config.0 openssh-7.7p1/sshd_config.0 +--- openssh-7.7p1-orig/sshd_config.0 2018-04-02 07:39:27.000000000 +0200 ++++ openssh-7.7p1/sshd_config.0 2018-06-15 09:30:05.802600000 +0200 +@@ -856,6 +856,12 @@ DESCRIPTION + yes. Note that this does not apply to ChrootDirectory, whose + permissions and ownership are checked unconditionally. + ++ StrictKeyModes ++ Specifies whether sshd(8) should check file modes and ownership ++ of private host keys upon startup. This is normally desirable ++ for private host keys to not to be replaced by malicious third ++ parties. The default is yes. ++ + Subsystem + Configures an external subsystem (e.g. file transfer daemon). + Arguments should be a subsystem name and a command (with optional +diff -pur openssh-7.7p1-orig/sshd_config.5 openssh-7.7p1/sshd_config.5 +--- openssh-7.7p1-orig/sshd_config.5 2018-04-02 07:38:28.000000000 +0200 ++++ openssh-7.7p1/sshd_config.5 2018-06-15 09:30:43.520600000 +0200 +@@ -1441,6 +1441,14 @@ The default is + Note that this does not apply to + .Cm ChrootDirectory , + whose permissions and ownership are checked unconditionally. ++.It Cm StrictKeyModes ++Specifies whether ++.Xr sshd8 ++should check file modes and ownership of private host keys upon startup. ++This is normally desirable for private host keys to not to be replaced by ++malicious third parties. ++The default is ++.Cm yes . + .It Cm Subsystem + Configures an external subsystem (e.g. file transfer daemon). + Arguments should be a subsystem name and a command (with optional arguments) +diff -pur openssh-7.7p1-orig/ssh-keygen.c openssh-7.7p1/ssh-keygen.c +--- openssh-7.7p1-orig/ssh-keygen.c 2018-04-02 07:38:28.000000000 +0200 ++++ openssh-7.7p1/ssh-keygen.c 2018-06-15 09:42:03.452600000 +0200 +@@ -302,7 +302,7 @@ load_identity(char *filename) + struct sshkey *prv; + int r; + +- if ((r = sshkey_load_private(filename, "", &prv, NULL)) == 0) ++ if ((r = sshkey_load_private(filename, "", &prv, NULL, 1)) == 0) + return prv; + if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) + fatal("Load key \"%s\": %s", filename, ssh_err(r)); +@@ -310,7 +310,7 @@ load_identity(char *filename) + pass = xstrdup(identity_passphrase); + else + pass = read_passphrase("Enter passphrase: ", RP_ALLOW_STDIN); +- r = sshkey_load_private(filename, pass, &prv, NULL); ++ r = sshkey_load_private(filename, pass, &prv, NULL, 1); + explicit_bzero(pass, strlen(pass)); + free(pass); + if (r != 0) +@@ -854,7 +854,7 @@ fingerprint_private(const char *path) + if ((r = sshkey_load_public(path, &public, &comment)) != 0) { + debug("load public \"%s\": %s", path, ssh_err(r)); + if ((r = sshkey_load_private(path, NULL, +- &public, &comment)) != 0) { ++ &public, &comment, 1)) != 0) { + debug("load private \"%s\": %s", path, ssh_err(r)); + fatal("%s is not a key file.", path); + } +@@ -1327,7 +1327,7 @@ do_change_passphrase(struct passwd *pw) + if (stat(identity_file, &st) < 0) + fatal("%s: %s", identity_file, strerror(errno)); + /* Try to load the file with empty passphrase. */ +- r = sshkey_load_private(identity_file, "", &private, &comment); ++ r = sshkey_load_private(identity_file, "", &private, &comment, 1); + if (r == SSH_ERR_KEY_WRONG_PASSPHRASE) { + if (identity_passphrase) + old_passphrase = xstrdup(identity_passphrase); +@@ -1336,7 +1336,7 @@ do_change_passphrase(struct passwd *pw) + read_passphrase("Enter old passphrase: ", + RP_ALLOW_STDIN); + r = sshkey_load_private(identity_file, old_passphrase, +- &private, &comment); ++ &private, &comment, 1); + explicit_bzero(old_passphrase, strlen(old_passphrase)); + free(old_passphrase); + if (r != 0) +@@ -1439,7 +1439,7 @@ do_change_comment(struct passwd *pw) + if (stat(identity_file, &st) < 0) + fatal("%s: %s", identity_file, strerror(errno)); + if ((r = sshkey_load_private(identity_file, "", +- &private, &comment)) == 0) ++ &private, &comment, 1)) == 0) + passphrase = xstrdup(""); + else if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) + fatal("Cannot load private key \"%s\": %s.", +@@ -1454,7 +1454,7 @@ do_change_comment(struct passwd *pw) + RP_ALLOW_STDIN); + /* Try to load using the passphrase. */ + if ((r = sshkey_load_private(identity_file, passphrase, +- &private, &comment)) != 0) { ++ &private, &comment, 1)) != 0) { + explicit_bzero(passphrase, strlen(passphrase)); + free(passphrase); + fatal("Cannot load private key \"%s\": %s.", -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2goclient-contrib.git