fix out of bounds access in BZ2_decompress(), CVE-2019-12900

set HOMEPAGE while there

based on a diff from Henry Jensen

archivers/bzip2/Makefile

@@ -1,12 +1,14 @@
-# $OpenBSD: Makefile,v 1.74 2018/08/24 19:06:12 sthen Exp $
+# $OpenBSD: Makefile,v 1.75 2019/06/24 14:46:36 sthen Exp $
 
 COMMENT=	block-sorting file compressor, unencumbered
 
 DISTNAME=	bzip2-1.0.6
-REVISION=	9
+REVISION=	10
 
 CATEGORIES=	archivers
 
+HOMEPAGE=	https://gitlab.com/federicomenaquintero/bzip2
+
 SHARED_LIBS=	bz2	10.4
 
 # BSD

archivers/bzip2/patches/patch-decompress_c

@@ -0,0 +1,27 @@
+$OpenBSD: patch-decompress_c,v 1.1 2019/06/24 14:46:36 sthen Exp $
+
+From 74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Tue, 28 May 2019 19:35:18 +0200
+Subject: [PATCH] Make sure nSelectors is not out of range
+
+nSelectors is used in a loop from 0 to nSelectors to access selectorMtf
+which is
+	UChar    selectorMtf[BZ_MAX_SELECTORS];
+so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory
+access
+
+Fixes out of bounds access discovered while fuzzying karchive
+
+Index: decompress.c
+--- decompress.c.orig
++++ decompress.c
+@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s )
+       GET_BITS(BZ_X_SELECTOR_1, nGroups, 3);
+       if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR);
+       GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15);
+-      if (nSelectors < 1) RETURN(BZ_DATA_ERROR);
++      if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR);
+       for (i = 0; i < nSelectors; i++) {
+          j = 0;
+          while (True) {