# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libvorbis
pkgver=1.3.6
pkgrel=1
pkgdesc="Vorbis codec library"
url="https://xiph.org/vorbis"
arch="all"
license="BSD-3-Clause"
subpackages="$pkgname-dev $pkgname-doc"
depends=
depends_dev="libogg-dev"
makedepends="$depends_dev"
source="http://downloads.xiph.org/releases/vorbis/$pkgname-$pkgver.tar.xz
	CVE-2017-14160.patch
	CVE-2018-10392.patch
	"
builddir="$srcdir/$pkgname-$pkgver"

# secfixes:
#   1.3.6-r1:
#   - CVE-2018-10392
#   1.3.6-r0:
#   - CVE-2018-5146
#   1.3.5-r3:
#   - CVE-2017-14632
#   - CVE-2017-14633
#   1.3.5-r2:
#   - CVE-2017-14160

builddir="$srcdir/$pkgname-$pkgver"

build() {
	cd "$builddir"
	./configure \
		--build=$CBUILD \
		--host=$CHOST \
		--prefix=/usr \
		--disable-static \
		|| return 1
	make || return 1
}

check() {
	cd "$builddir"
	make -j1 check
}

package() {
	cd "$builddir"
	make DESTDIR="$pkgdir" install || return 1

	install -Dm644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING
}
md5sums="b7d1692f275c73e7833ed1cc2697cd65  libvorbis-1.3.6.tar.xz
943275d84d55dfa072ec3a2566fd9bfa  CVE-2017-14160.patch"
sha256sums="af00bb5a784e7c9e69f56823de4637c350643deedaf333d0fa86ecdba6fcb415  libvorbis-1.3.6.tar.xz
f93bf45de3a21db0fa9bb9cd25edefb1182bf24d61028a86cbf45fbcd11fbdf5  CVE-2017-14160.patch"
sha512sums="a5d990bb88db2501b16f8eaee9f2ecb599cefd7dab2134d16538d8905263a972157c7671867848c2a8a358bf5e5dbc7721205ece001032482f168be7bda4f132  libvorbis-1.3.6.tar.xz
4c2f7be947f2159ae47175cba89950c7b7d357b37a20d54382e4fbecd8c268b148e6cb86cb148945c7b68bbe8b14f466e910b35b80903ab51f1b02cfccf5806e  CVE-2017-14160.patch
a60d45144882bc72c3f4937a34baa5e2bda80a3a858b858637fee508755349b616690519e013ff6aafa7e8ff85fd1d0687a3e748b0e8bce25df1abeece97dc36  CVE-2018-10392.patch"