Add notes pointing out that bsdiff does not store file hashes and

bspatch thus does not verify file hashes, and that consequently it
is recommended that users store hashes separately and verify files
before and after running bspatch.

Requested by:	BugMagnet
MFC after:	1 week

2 files changed, 40 insertions, 0 deletions

diff --git a/usr.bin/bsdiff/bsdiff/bsdiff.1 b/usr.bin/bsdiff/bsdiff/bsdiff.1
index 5c608b4..4ceb9ed 100644
--- a/usr.bin/bsdiff/bsdiff/bsdiff.1
+++ b/usr.bin/bsdiff/bsdiff/bsdiff.1
@@ -65,5 +65,24 @@ an absolute minimum working set size of 8 times the size of
 .Ar oldfile .
 .Sh SEE ALSO
 .Xr bspatch 1
+.Sh BUGS
+The
+.Nm
+utility does not store the hashes of
+.Ar oldfile
+or 
+.Ar newfile
+in
+.Ar patchfile .
+As a result, it is possible to apply a patch to the wrong file; this
+will usually produce garbage.
+It is recommended that users of
+.Nm
+store the hashes of
+.Ar oldfile
+and
+.Ar newfile
+and compare against them before and after applying
+.Ar patchfile .
 .Sh AUTHORS
 .An Colin Percival Aq cperciva@FreeBSD.org
diff --git a/usr.bin/bsdiff/bspatch/bspatch.1 b/usr.bin/bsdiff/bspatch/bspatch.1
index 894bc50..29b8db3 100644
--- a/usr.bin/bsdiff/bspatch/bspatch.1
+++ b/usr.bin/bsdiff/bspatch/bspatch.1
@@ -61,5 +61,26 @@ but can tolerate a very small working set without a dramatic loss
 of performance.
 .Sh SEE ALSO
 .Xr bsdiff 1
+.Sh BUGS
+The
+.Nm
+utility does not verify that
+.Ar oldfile
+is the correct source file for
+.Ar patchfile .
+Attempting to apply a patch to the wrong file will usually produce
+garbage; consequently it is strongly recommended that users of
+.Nm
+verify that
+.Ar oldfile
+matches the source file from which
+.Ar patchfile
+was built, by comparing cryptographic hashes, for example.
+Users may also wish to verify after running
+.Nm
+that
+.Ar newfile
+matches the target file from which
+.Ar was built.
 .Sh AUTHORS
 .An Colin Percival Aq cperciva@FreeBSD.org