From 8a58dc09cdd75999174d19bb54f2b2bdd6b7a3b5 Mon Sep 17 00:00:00 2001
From: Rylan Polster <rslpolster@gmail.com>
Date: Mon, 9 Nov 2020 09:44:03 -0500
Subject: [PATCH 1/2] audit: fix checksum audit

---
 Library/Homebrew/dev-cmd/audit.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb
index 3241da95d3..9e73fc33c9 100644
--- a/Library/Homebrew/dev-cmd/audit.rb
+++ b/Library/Homebrew/dev-cmd/audit.rb
@@ -915,7 +915,7 @@ module Homebrew
         break if previous_version && current_version != previous_version
       end
 
-      if current_version == previous_version &&
+      if current_version == newest_committed_version &&
          current_checksum != newest_committed_checksum
         problem(
           "stable sha256 changed without the version also changing; " \

From 67127cb2ff50aa0809bcef5ab126267f11a55d29 Mon Sep 17 00:00:00 2001
From: Rylan Polster <rslpolster@gmail.com>
Date: Mon, 9 Nov 2020 10:49:31 -0500
Subject: [PATCH 2/2] audit: add checksum change test

---
 Library/Homebrew/test/dev-cmd/audit_spec.rb | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/Library/Homebrew/test/dev-cmd/audit_spec.rb b/Library/Homebrew/test/dev-cmd/audit_spec.rb
index 315066bc5c..94d478200f 100644
--- a/Library/Homebrew/test/dev-cmd/audit_spec.rb
+++ b/Library/Homebrew/test/dev-cmd/audit_spec.rb
@@ -685,6 +685,23 @@ module Homebrew
           it { is_expected.to match("stable sha256 changed without the version also changing") }
         end
 
+        context "should not change with the same version when not the first commit" do
+          before do
+            formula_gsub_origin_commit(
+              'sha256 "31cccfc6630528db1c8e3a06f6decf2a370060b982841cfab2b8677400a5092e"',
+              'sha256 "3622d2a53236ed9ca62de0616a7e80fd477a9a3f862ba09d503da188f53ca523"',
+            )
+            formula_gsub_origin_commit "revision 2"
+            formula_gsub_origin_commit "foo-1.0.tar.gz", "foo-1.1.tar.gz"
+            formula_gsub(
+              'sha256 "3622d2a53236ed9ca62de0616a7e80fd477a9a3f862ba09d503da188f53ca523"',
+              'sha256 "e048c5e6144f5932d8672c2fade81d9073d5b3ca1517b84df006de3d25414fc1"',
+            )
+          end
+
+          it { is_expected.to match("stable sha256 changed without the version also changing") }
+        end
+
         context "can change with the different version" do
           before do
             formula_gsub_origin_commit(