--- /dev/null
+This patch eliminates let-else usage in the code introduced
+to fix CVE-2022-46176 as that construct is not stabalised in
+the version of rustc currently in Debian.
+
+It was written specifical for Debian by Peter Michael Green.
+
+Index: cargo/src/cargo/sources/git/known_hosts.rs
+===================================================================
+--- cargo.orig/src/cargo/sources/git/known_hosts.rs
++++ cargo/src/cargo/sources/git/known_hosts.rs
+@@ -89,11 +89,13 @@ pub fn certificate_check(
+ config_known_hosts: Option<&Vec<Value<String>>>,
+ diagnostic_home_config: &str,
+ ) -> Result<CertificateCheckStatus, git2::Error> {
+- let Some(host_key) = cert.as_hostkey() else {
++ let host_key = cert.as_hostkey();
++ if host_key.is_none() {
+ // Return passthrough for TLS X509 certificates to use whatever validation
+ // was done in git2.
+ return Ok(CertificateCheckStatus::CertificatePassthrough)
+ };
++ let host_key = host_key.unwrap();
+ // If a nonstandard port is in use, check for that first.
+ // The fallback to check without a port is handled in the HostKeyNotFound handler.
+ let host_maybe_port = match port {
+@@ -234,9 +236,11 @@ fn check_ssh_known_hosts(
+ host: &str,
+ config_known_hosts: Option<&Vec<Value<String>>>,
+ ) -> Result<(), KnownHostError> {
+- let Some(remote_host_key) = cert_host_key.hostkey() else {
++ let remote_host_key = cert_host_key.hostkey();
++ if remote_host_key.is_none() {
+ return Err(anyhow::format_err!("remote host key is not available").into());
+ };
++ let remote_host_key = remote_host_key.unwrap();
+ let remote_key_type = cert_host_key.hostkey_type().unwrap();
+
+ // Collect all the known host entries from disk.
+@@ -455,10 +459,18 @@ impl KnownHost {
+ }
+
+ fn hashed_hostname_matches(host: &str, hashed: &str) -> bool {
+- let Some((b64_salt, b64_host)) = hashed.split_once('|') else { return false; };
+- let Ok(salt) = base64::decode(b64_salt) else { return false; };
+- let Ok(hashed_host) = base64::decode(b64_host) else { return false; };
+- let Ok(mut mac) = hmac::Hmac::<sha1::Sha1>::new_from_slice(&salt) else { return false; };
++ let hostandsalt = hashed.split_once('|');
++ if hostandsalt.is_none() { return false; };
++ let (b64_salt, b64_host) = hostandsalt.unwrap();
++ let salt = base64::decode(b64_salt);
++ if salt.is_err() { return false; };
++ let salt = salt.unwrap();
++ let hashed_host = base64::decode(b64_host);
++ if hashed_host.is_err() { return false; };
++ let hashed_host = hashed_host.unwrap();
++ let mac = hmac::Hmac::<sha1::Sha1>::new_from_slice(&salt);
++ if mac.is_err() { return false; };
++ let mut mac = mac.unwrap();
+ mac.update(host.as_bytes());
+ let result = mac.finalize().into_bytes();
+ hashed_host == &result[..]