===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-keygen.c,v
retrieving revision 1.426
retrieving revision 1.430
diff -u -r1.426 -r1.430
--- src/usr.bin/ssh/ssh-keygen.c	2020/11/28 12:52:32	1.426
+++ src/usr.bin/ssh/ssh-keygen.c	2021/07/05 01:16:46	1.430
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.426 2020/11/28 12:52:32 dtucker Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.430 2021/07/05 01:16:46 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -26,10 +26,10 @@
 #include <fcntl.h>
 #include <netdb.h>
 #include <pwd.h>
+#include <stdarg.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <stdarg.h>
 #include <unistd.h>
 #include <limits.h>
 #include <locale.h>
@@ -1318,7 +1318,7 @@
 	foreach_options |= print_fingerprint ? HKF_WANT_PARSE_KEY : 0;
 	if ((r = hostkeys_foreach(identity_file, (find_host || !hash_hosts) ?
 	    known_hosts_find_delete : known_hosts_hash, &ctx, name, NULL,
-	    foreach_options)) != 0) {
+	    foreach_options, 0)) != 0) {
 		if (inplace)
 			unlink(tmp);
 		fatal_fr(r, "hostkeys_foreach");
@@ -1986,7 +1986,7 @@
 			fatal("Invalid source-address list");
 		certflags_src_addr = xstrdup(val);
 	} else if (strncasecmp(opt, "extension:", 10) == 0 ||
-		   (iscrit = (strncasecmp(opt, "critical:", 9) == 0))) {
+		    (iscrit = (strncasecmp(opt, "critical:", 9) == 0))) {
 		val = xstrdup(strchr(opt, ':') + 1);
 		if ((cp = strchr(val, '=')) != NULL)
 			*cp++ = '\0';
@@ -2706,12 +2706,12 @@
 				fatal_f("sshkey_fingerprint failed");
 			if (principal == NULL) {
 				printf("Good \"%s\" signature with %s key %s\n",
-				       sig_namespace, sshkey_type(sign_key), fp);
+				    sig_namespace, sshkey_type(sign_key), fp);
 
 			} else {
 				printf("Good \"%s\" signature for %s with %s key %s\n",
-				       sig_namespace, principal,
-				       sshkey_type(sign_key), fp);
+				    sig_namespace, principal,
+				    sshkey_type(sign_key), fp);
 			}
 		} else {
 			printf("Could not verify signature.\n");
@@ -3130,6 +3130,7 @@
 	pw = getpwuid(getuid());
 	if (!pw)
 		fatal("No user exists for uid %lu", (u_long)getuid());
+	pw = pwcopy(pw);
 	if (gethostname(hostname, sizeof(hostname)) == -1)
 		fatal("gethostname: %s", strerror(errno));
 
@@ -3344,12 +3345,12 @@
 		if (strncmp(sign_op, "find-principals", 15) == 0) {
 			if (ca_key_path == NULL) {
 				error("Too few arguments for find-principals:"
-				      "missing signature file");
+				    "missing signature file");
 				exit(1);
 			}
 			if (!have_identity) {
 				error("Too few arguments for find-principals:"
-				      "missing allowed keys file");
+				    "missing allowed keys file");
 				exit(1);
 			}
 			return sig_find_principals(ca_key_path, identity_file);
@@ -3370,7 +3371,7 @@
 		} else if (strncmp(sign_op, "check-novalidate", 16) == 0) {
 			if (ca_key_path == NULL) {
 				error("Too few arguments for check-novalidate: "
-				      "missing signature file");
+				    "missing signature file");
 				exit(1);
 			}
 			return sig_verify(ca_key_path, cert_principals,