From a0db6b2b7f4adc27668ba33003207ddaa59aa722 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Aug 16 2022 12:32:50 +0000
Subject: Avoid spirous message on connecting to the machine with ssh-rsa keys


Related: rhbz#2115246

---

diff --git a/openssh-8.7p1-minimize-sha1-use.patch b/openssh-8.7p1-minimize-sha1-use.patch
index cbaba49..fc517da 100644
--- a/openssh-8.7p1-minimize-sha1-use.patch
+++ b/openssh-8.7p1-minimize-sha1-use.patch
@@ -87,6 +87,19 @@ diff --color -ru a/clientloop.c b/clientloop.c
  			error_fr(r, "server gave bad signature for %s key %zu",
  			    sshkey_type(ctx->keys[i]), i);
  			goto out;
+diff --git a/hostfile.c b/hostfile.c
+index a035b381..bd49e3ac 100644
+--- a/hostfile.c
++++ b/hostfile.c
+@@ -642,7 +642,7 @@ hostfile_replace_entries(const char *filename, const char *host, const char *ip,
+ 	/* Re-add the requested keys */
+ 	want = HKF_MATCH_HOST | (ip == NULL ? 0 : HKF_MATCH_IP);
+ 	for (i = 0; i < nkeys; i++) {
+-		if ((want & ctx.match_keys[i]) == want)
++		if (keys[i] == NULL || (want & ctx.match_keys[i]) == want)
+ 			continue;
+ 		if ((fp = sshkey_fingerprint(keys[i], hash_alg,
+ 		    SSH_FP_DEFAULT)) == NULL) {
 diff --color -ru a/kex.c b/kex.c
 --- a/kex.c	2022-06-29 16:35:06.775599179 +0200
 +++ b/kex.c	2022-06-29 16:42:00.839710940 +0200
diff --git a/openssh.spec b/openssh.spec
index d7f33b8..e21cf8f 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -51,7 +51,7 @@
 
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %global openssh_ver 8.7p1
-%global openssh_rel 21
+%global openssh_rel 22
 %global pam_ssh_agent_ver 0.10.4
 %global pam_ssh_agent_rel 5
 
@@ -226,6 +226,8 @@ Patch984: openssh-8.7p1-ibmca.patch
 # upstream commits:
 # 291721bc7c840d113a49518f3fca70e86248b8e8
 # 0fa33683223c76289470a954404047bc762be84c
+# Avoid dubious diagnostics on update known hosts (#2115246)
+# 8832402bd500d1661ccc80a476fd563335ef6cdc
 Patch1000: openssh-8.7p1-minimize-sha1-use.patch
 # Fix for scp clearing file when src and dest are the same (#2056884)
 # upstream commits:
@@ -732,6 +734,10 @@ test -f %{sysconfig_anaconda} && \
 %endif
 
 %changelog
+* Tue Aug 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-22
+- Avoid spirous message on connecting to the machine with ssh-rsa keys
+  Related: rhbz#2115246
+
 * Thu Aug 04 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-21
 - IBMCA workaround
   Related: rhbz#1976202