From e59c1b4e47a2c0689d6323d3091a813cc0a09525 Mon Sep 17 00:00:00 2001
From: Roberto Ricci <ricci@disroot.org>
Date: Thu, 31 Dec 2020 11:21:04 +0100
Subject: [PATCH] bsdiff: patch for CVE-2014-9862; fix broken distfiles url

---
 srcpkgs/bsdiff/patches/CVE-2014-9862.diff | 13 +++++++++++++
 srcpkgs/bsdiff/template                   |  5 +++--
 2 files changed, 16 insertions(+), 2 deletions(-)
 create mode 100644 srcpkgs/bsdiff/patches/CVE-2014-9862.diff

diff --git a/srcpkgs/bsdiff/patches/CVE-2014-9862.diff b/srcpkgs/bsdiff/patches/CVE-2014-9862.diff
new file mode 100644
index 00000000000..eb2710d8afb
--- /dev/null
+++ b/srcpkgs/bsdiff/patches/CVE-2014-9862.diff
@@ -0,0 +1,13 @@
+--- bspatch.c.orig
++++ bspatch.c
+@@ -164,6 +164,10 @@
+ 		}
+ 
+ 		/* Sanity-check */
++		if ((ctrl[0] < 0) || (ctrl[1] < 0))
++			errx(1,"Corrupt patch\n");
++
++		/* Sanity-check */
+ 		if(newpos+ctrl[0]>newsize)
+ 			errx(1,"Corrupt patch\n");
+ 
diff --git a/srcpkgs/bsdiff/template b/srcpkgs/bsdiff/template
index 9b557c128ad..d1396b8c707 100644
--- a/srcpkgs/bsdiff/template
+++ b/srcpkgs/bsdiff/template
@@ -1,13 +1,14 @@
 # Template file for 'bsdiff'
 pkgname=bsdiff
 version=4.3
-revision=4
+revision=5
 makedepends="bzip2-devel"
 short_desc="Binary diff/patch utility"
 maintainer="Orphaned <orphan@voidlinux.org>"
 license="BSD-2-Clause"
 homepage="http://www.daemonology.net/bsdiff"
-distfiles="${homepage}/${pkgname}-${version}.tar.gz"
+distfiles="${DEBIAN_SITE}/main/b/bsdiff/bsdiff_${version}.orig.tar.gz"
+#distfiles="${homepage}/${pkgname}-${version}.tar.gz"
 checksum=18821588b2dc5bf159aa37d3bcb7b885d85ffd1e19f23a0c57a58723fea85f48
 
 do_build() {