- Fix ssh-keygen -Y find-principals -f /dev/null -s /dev/null segfault

Related: rhbz#2024902

openssh-8.7p1-find-principals-fix.patch

@@ -0,0 +1,13 @@
+diff -up openssh-8.7p1/ssh-keygen.c.find-princ openssh-8.7p1/ssh-keygen.c
+--- openssh-8.7p1/ssh-keygen.c.find-princ	2021-11-29 15:27:03.032070863 +0100
++++ openssh-8.7p1/ssh-keygen.c	2021-11-29 15:27:34.736342968 +0100
+@@ -2700,7 +2700,8 @@ sig_process_opts(char * const *opts, siz
+ 	time_t now;
+ 
+ 	*verify_timep = 0;
+-	*print_pubkey = 0;
++	if (print_pubkey)
++		*print_pubkey = 0;
+ 	for (i = 0; i < nopts; i++) {
+ 		if (strncasecmp(opts[i], "verify-time=", 12) == 0) {
+ 			if (parse_absolute_time(opts[i] + 12,

openssh.spec

@@ -51,7 +51,7 @@
 
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %global openssh_ver 8.7p1
-%global openssh_rel 4
+%global openssh_rel 5
 %global pam_ssh_agent_ver 0.10.4
 %global pam_ssh_agent_rel 4
 
@@ -199,6 +199,8 @@ Patch976: openssh-8.7p1-sftp-default-protocol.patch
 Patch977: openssh-8.7p1-scp-kill-switch.patch
 # CVE-2021-41617
 Patch978: openssh-8.7p1-upstream-cve-2021-41617.patch
+# fix for `ssh-keygen -Y find-principals -f /dev/null -s /dev/null` (#2024902)
+Patch979: openssh-8.7p1-find-principals-fix.patch
 
 License: BSD
 Requires: /sbin/nologin
@@ -377,6 +379,7 @@ popd
 %patch976 -p1 -b .sftp-by-default
 %patch977 -p1 -b .kill-scp
 %patch978 -p1 -b .cve-2021-41617
+%patch979 -p1 -b .find-principals
 
 %patch200 -p1 -b .audit
 %patch201 -p1 -b .audit-race
@@ -661,6 +664,10 @@ test -f %{sysconfig_anaconda} && \
 %endif
 
 %changelog
+* Mon Nov 29 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-5
+- Fix `ssh-keygen -Y find-principals -f /dev/null -s /dev/null` segfault
+  Related: rhbz#2024902
+
 * Mon Oct 25 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-4
 - Fix memory leaks introduced in OpenSSH 8.7
   Related: rhbz#2001002