From 9fbb22c41525cf64285c57c56e11b47f0502a8dd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
 <congdanhqx@gmail.com>
Date: Thu, 5 Jan 2023 18:22:47 +0700
Subject: [PATCH] glibc: neutralise supply chain attack

Relies on vasilek.cz is questionable by some of our users.
---
 srcpkgs/glibc/template | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/glibc/template b/srcpkgs/glibc/template
index 452b55c12762..afcb1c4741e1 100644
--- a/srcpkgs/glibc/template
+++ b/srcpkgs/glibc/template
@@ -8,8 +8,12 @@ short_desc="GNU C library"
 maintainer="Enno Boland <gottox@voidlinux.org>"
 license="GPL-2.0-or-later, LGPL-2.1-or-later, BSD-3-Clause"
 homepage="http://www.gnu.org/software/libc"
-distfiles="https://vasilek.cz/paste/glibc-${version}-${_patchver}.tar.xz"
-checksum=656200722d5ba968b4888a2d2950719d72c86290fd0479f61897d25b7db2cb57
+distfiles="${GNU_SITE}/glibc/glibc-${version}.tar.xz
+ https://github.com/bminor/glibc/compare/glibc-${version}...${_patchver#*g}.patch"
+#distfiles="https://vasilek.cz/paste/glibc-${version}-${_patchver}.tar.xz"
+checksum="1c959fea240906226062cb4b1e7ebce71a9f0e3c0836c09e7e3423d434fcfe75
+ 8a1ee7bb3f3b015c4cb9da03695ec0a614730127cf8ff1c19a4b625f95ecbecf"
+skip_extraction="glibc-${version}...${_patchver#*g}.patch"
 # Do not strip these files, objcopy errors out.
 nostrip_files="
 	XBS5_ILP32_OFFBIG
@@ -59,6 +63,12 @@ if [ "$XBPS_TARGET_LIBC" = musl ]; then
 	broken="no point in building this for musl"
 fi
 
+post_extract() {
+	if [ -f $XBPS_SRCDISTDIR/${pkgname}-${version}/glibc-${version}...${_patchver#*g}.patch ]; then
+		patch -Np1 -s -F0 <$XBPS_SRCDISTDIR/${pkgname}-${version}/glibc-${version}...${_patchver#*g}.patch
+	fi
+}
+
 do_configure() {
 	mkdir build
 	cd build