From ba0699a8d7296d21e518c8364e4c3321346099de Mon Sep 17 00:00:00 2001
From: Dustin Rodrigues <dust.rod@gmail.com>
Date: Wed, 11 Nov 2020 10:38:14 -0500
Subject: [PATCH] audit: only flag if checksum changes when version and full
 url stay the same

---
 Library/Homebrew/dev-cmd/audit.rb           | 6 +++++-
 Library/Homebrew/test/dev-cmd/audit_spec.rb | 4 ++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb
index 7dc0887d62c9e..153b904909a0e 100644
--- a/Library/Homebrew/dev-cmd/audit.rb
+++ b/Library/Homebrew/dev-cmd/audit.rb
@@ -903,6 +903,7 @@ def audit_revision_and_version_scheme
       current_checksum = formula.stable.checksum
       current_version_scheme = formula.version_scheme
       current_revision = formula.revision
+      current_url = formula.stable.url
 
       previous_version = nil
       previous_version_scheme = nil
@@ -911,6 +912,7 @@ def audit_revision_and_version_scheme
       newest_committed_version = nil
       newest_committed_checksum = nil
       newest_committed_revision = nil
+      newest_committed_url = nil
 
       fv.rev_list("origin/master") do |rev|
         fv.formula_at_revision(rev) do |f|
@@ -925,6 +927,7 @@ def audit_revision_and_version_scheme
           newest_committed_version ||= previous_version
           newest_committed_checksum ||= previous_checksum
           newest_committed_revision ||= previous_revision
+          newest_committed_url ||= stable.url
         end
 
         break if previous_version && current_version != previous_version
@@ -932,9 +935,10 @@ def audit_revision_and_version_scheme
       end
 
       if current_version == newest_committed_version &&
+         current_url == newest_committed_url &&
          current_checksum != newest_committed_checksum
         problem(
-          "stable sha256 changed without the version also changing; " \
+          "stable sha256 changed without the url/version also changing; " \
           "please create an issue upstream to rule out malicious " \
           "circumstances and to find out why the file changed.",
         )
diff --git a/Library/Homebrew/test/dev-cmd/audit_spec.rb b/Library/Homebrew/test/dev-cmd/audit_spec.rb
index d1945a68eee3f..a283686f3da7f 100644
--- a/Library/Homebrew/test/dev-cmd/audit_spec.rb
+++ b/Library/Homebrew/test/dev-cmd/audit_spec.rb
@@ -682,7 +682,7 @@ def formula_gsub_origin_commit(before, after = "")
             )
           end
 
-          it { is_expected.to match("stable sha256 changed without the version also changing") }
+          it { is_expected.to match("stable sha256 changed without the url/version also changing") }
         end
 
         context "should not change with the same version when not the first commit" do
@@ -699,7 +699,7 @@ def formula_gsub_origin_commit(before, after = "")
             )
           end
 
-          it { is_expected.to match("stable sha256 changed without the version also changing") }
+          it { is_expected.to match("stable sha256 changed without the url/version also changing") }
         end
 
         context "can change with the different version" do