tests/CMakeLists.txt | 7 0 + 7 - 0 !
1 file changed, 7 deletions(-)

---

CMakeLists.txt | 7 7 + 0 - 0 !
1 file changed, 7 insertions(+)

 enable reproducible builds by default.

include/git2/cert.h | 43 43 + 0 - 0 !
src/transports/ssh.c | 379 329 + 50 - 0 !
2 files changed, 372 insertions(+), 50 deletions(-)

 libgit2 is a cross-platform, linkable library
 implementation of Git. When using an SSH remote with the optional libssh2
 backend, libgit2 does not perform certificate checking by default. Prior
 versions of libgit2 require the caller to set the `certificate_check` field of
 libgit2's `git_remote_callbacks` structure - if a certificate check callback is
 not set, libgit2 does not perform any certificate checking. This means that by
 default - without configuring a certificate check callback, clients will not
 perform validation on the server SSH keys and may be subject to a
 man-in-the-middle attack.
 This is a backport of the upstream fix to the Debian bullseye version.

src/index.c | 7 5 + 2 - 0 !
1 file changed, 5 insertions(+), 2 deletions(-)

 index: correct index has_dir_name check

`has_dir_name` is used to check for directory/file collisions,
and attempts to determine whether the index contains a file with
a directory name that is a proper subset of the new index entry
that we're trying to add.

To determine directory name, the function would walk the path string
backwards to identify a `/`, stopping at the end of the string. However,
the function assumed that the strings did not start with a `/`. If the
paths contain only a single `/` at the beginning of the string, then the
function would continue the loop, erroneously, when they should have
stopped at the first character.

Correct the order of the tests to terminate properly.

Credit to Michael Rodler (@f0rki) and Amazon AWS Security.

Bug-Debian: https://bugs.debian.org/1063416