# Contributor: Sören Tempel # Maintainer: Natanael Copa pkgname=firefox-esr pkgver=68.2.0 pkgrel=1 pkgdesc="Firefox web browser - Extended Support Release" url="https://www.mozilla.org/en-US/firefox/organizations/" # limited by rust and cargo arch="x86_64 aarch64" license="GPL LGPL MPL" makedepends=" alsa-lib-dev autoconf2.13 automake bsd-compat-headers bzip2-dev cargo cbindgen clang-dev dbus-glib-dev ffmpeg-dev gtk+2.0-dev gtk+3.0-dev hunspell-dev icu-dev>=64.2 libevent-dev libidl-dev libjpeg-turbo-dev libnotify-dev libogg-dev libtheora-dev libtool libvorbis-dev libxt-dev libxcomposite-dev llvm9-dev mesa-dev nasm nodejs nspr-dev nss-dev>=3.45 nss-static python3-dev sqlite-dev sed startup-notification-dev wireless-tools-dev yasm zip python2 " source="https://ftp.mozilla.org/pub/firefox/releases/${pkgver}esr/source/firefox-"$pkgver"esr.source.tar.xz stab.h fix-fortify-system-wrappers.patch fix-seccomp-bpf.patch fix-toolkit.patch fix-tools.patch mallinfo.patch disable-moz-stackwalk.patch fix-musl.patch fix-rust-target.patch fix-webrtc-glibcisms.patch fix-sandbox-membarrier.patch firefox.desktop firefox-safe.desktop" builddir="${srcdir}/firefox-$pkgver" _mozappdir=/usr/lib/firefox # help our shared-object scanner to find the libs ldpath="$_mozappdir" # secfixes: # 68.2.0-r0: # - CVE-2019-11757 # - CVE-2019-11758 # - CVE-2019-11759 # - CVE-2019-11760 # - CVE-2019-11761 # - CVE-2019-11762 # - CVE-2019-11763 # - CVE-2019-11764 # - CVE-2019-15903 # 68.1.0-r0: # - CVE-2019-9812 # - CVE-2019-11740 # - CVE-2019-11742 # - CVE-2019-11743 # - CVE-2019-11744 # - CVE-2019-11746 # - CVE-2019-11752 # 68.0.2-r0: # - CVE-2019-11733 # 68.0-r0: # - CVE-2019-11709 # - CVE-2019-11711 # - CVE-2019-11712 # - CVE-2019-11713 # - CVE-2019-11715 # - CVE-2019-11717 # - CVE-2019-11719 # - CVE-2019-11729 # - CVE-2019-11730 # - CVE-2019-9811 # 60.7.2-r0: # - CVE-2019-11708 # 60.7.1-r0: # - CVE-2019-11707 # 60.7.0-r0: # - CVE-2019-9815 # - CVE-2019-9816 # - CVE-2019-9817 # - CVE-2019-9818 # - CVE-2019-9819 # - CVE-2019-9820 # - CVE-2019-11691 # - CVE-2019-11692 # - CVE-2019-11693 # - CVE-2019-7317 # - CVE-2019-9797 # - CVE-2018-18511 # - CVE-2019-11694 # - CVE-2019-11698 # - CVE-2019-5798 # - CVE-2019-9800 # 60.6.1-r0: # - CVE-2019-9810 # - CVE-2019-9813 # - CVE-2019-9790 # - CVE-2019-9791 # - CVE-2019-9792 # - CVE-2019-9793 # - CVE-2019-9794 # - CVE-2019-9795 # - CVE-2019-9796 # - CVE-2019-9801 # - CVE-2018-18506 # - CVE-2019-9788 # 60.5.2-r0: # - CVE-2019-5785 # - CVE-2018-18335 # - CVE-2018-18356 # 60.5.0-r0: # - CVE-2018-18500 # - CVE-2018-18505 # - CVE-2018-18501 # 52.6.0-r0: # - CVE-2018-5089 # - CVE-2018-5091 # - CVE-2018-5095 # - CVE-2018-5096 # - CVE-2018-5097 # - CVE-2018-5098 # - CVE-2018-5099 # - CVE-2018-5102 # - CVE-2018-5103 # - CVE-2018-5104 # - CVE-2018-5117 # 52.5.2-r0: # - CVE-2017-7843 # - CVE-2017-7843 prepare() { default_prepare cp "$srcdir"/stab.h toolkit/crashreporter/google-breakpad/src/ } build() { mkdir -p "$builddir"/objdir cd "$builddir"/objdir export SHELL=/bin/sh export BUILD_OFFICIAL=1 export MOZILLA_OFFICIAL=1 export USE_SHORT_LIBNAME=1 # gcc 6 export CXXFLAGS="-fno-delete-null-pointer-checks -fno-schedule-insns2" # set rpath so linker finds the libs export LDFLAGS="$LDFLAGS -Wl,-rpath,${_mozappdir}" case "$CARCH" in x86_64) # disable-elf-hack: exists only on arm, x86, x86_64 _arch_config="--disable-elf-hack" ;; esac ../configure \ --prefix=/usr \ $_arch_config \ \ --disable-crashreporter \ --disable-gold \ --disable-install-strip \ --disable-jemalloc \ --disable-profiling \ --disable-pulseaudio \ --disable-strip \ --disable-tests \ --disable-updater \ \ --enable-alsa \ --enable-default-toolkit=cairo-gtk3 \ --enable-official-branding \ --enable-optimize="$CFLAGS -O2" \ --enable-startup-notification \ --enable-system-ffi \ --enable-system-sqlite \ --enable-ffmpeg \ --enable-hardening \ --enable-rust-simd \ \ --with-system-bz2 \ --with-system-icu \ --with-system-libevent \ --with-system-nspr \ --with-system-nss \ --with-system-pixman \ --with-system-png \ --with-system-zlib \ --with-clang-path=/usr/bin/clang \ --with-libclang-path=/usr/lib # FIXME: fix build with --with-system-libvpx and libvpx 1.8.0 # https://bugzilla.mozilla.org/show_bug.cgi?id=1525393 make } package() { cd "$builddir"/objdir make install \ DESTDIR="$pkgdir" \ MOZ_MAKE_FLAGS="$MAKEOPTS" install -m755 -d ${pkgdir}/usr/share/applications install -m755 -d ${pkgdir}/usr/share/pixmaps local png for png in ../browser/branding/official/default*.png; do local i=${_png%.png} i=${i##*/default} install -D -m644 "$png" "$pkgdir"/usr/share/icons/hicolor/${i}x${i}/apps/firefox.png done install -m644 "$builddir"/browser/branding/official/default48.png \ ${pkgdir}/usr/share/pixmaps/firefox.png install -m644 ${srcdir}/firefox.desktop ${pkgdir}/usr/share/applications/firefox.desktop install -m644 ${srcdir}/firefox-safe.desktop ${pkgdir}/usr/share/applications/firefox-safe.desktop # launcher as symlink is broken from firefox-7.0 rm "$pkgdir"/usr/bin/firefox libgl=$(scanelf -qF '#F%S' /usr/lib/libGL.so) cat > "$pkgdir"/usr/bin/firefox << __EOF__ #!/bin/sh exec $_mozappdir/firefox "\$@" __EOF__ chmod 755 "$pkgdir"/usr/bin/firefox # install our vendor prefs install -d "$pkgdir"/$_mozappdir/browser/defaults/preferences cat >> "$pkgdir"/$_mozappdir/browser/defaults/preferences/firefox-branding.js <<- EOF // Use LANG environment variable to choose locale pref("intl.locale.requested", ""); // Disable default browser checking. pref("browser.shell.checkDefaultBrowser", false); // Don't disable our bundled extensions in the application directory pref("extensions.autoDisableScopes", 11); pref("extensions.shownSelectionUI", true); EOF # remove copied, huge, libraries rm -f "$pkgdir"/${_mozappdirdev}/sdk/lib/libmozjs.so rm -f "$pkgdir"/${_mozappdirdev}/sdk/lib/libmozalloc.so rm -f "$pkgdir"/${_mozappdirdev}/sdk/lib/libxul.so } sha512sums="f6522ca6b9efa3fdeb866912ab9cb904eaace5806c606d5721cba23aebd679885670011c743ca8d381b579b728077182dc766f9b6d3b31ccf51c3eb583c547ee firefox-68.2.0esr.source.tar.xz 0b3f1e4b9fdc868e4738b5c81fd6c6128ce8885b260affcb9a65ff9d164d7232626ce1291aaea70132b3e3124f5e13fef4d39326b8e7173e362a823722a85127 stab.h 2f4f15974d52de4bb273b62a332d13620945d284bbc6fe6bd0a1f58ff7388443bc1d3bf9c82cc31a8527aad92b0cd3a1bc41d0af5e1800e0dcbd7033e58ffd71 fix-fortify-system-wrappers.patch 84b84d2d7dbc16002510bf856796ad345ac38ef6d3254670230189bba7c2d4781714d231236d5a3d70129a4597b430c3171644b01ad0f5a5bb13b55d407337a4 fix-seccomp-bpf.patch 2c65ea7280e6e89826ebad563ee25203a99ff0b4ba8fc60ec261ada6c69874d649c6ac92fcecc6307a6e5a00de27d7956acf944d556ddfadec0411be16f4e0b8 fix-toolkit.patch 4d55f41d15be7457ad630f8f07e4fc0314c2f75720010b4bbe6a2a7f3228210a1e069949e11795efbe2e784b0762e79fdfe5b8ec38e8a64cb8d9cf3b57dd5af1 fix-tools.patch a4a3e062661bda64d502d426c480ac9645345860118de9df9ffe6e0597738c70c11e5cdef2d4fd12c5e2ee30a09310159230524655a419a4f7e4eeeb0f3c06b0 mallinfo.patch 454ea3263cabce099accbdc47aaf83be26a19f8b5a4568c01a7ef0384601cf8315efd86cd917f9c8bf419c2c845db89a905f3ff9a8eb0c8e41042e93aa96a85c disable-moz-stackwalk.patch e0df4fc649012f023443ce9165da29d36459dbca5df64a31008b28d96264fba909858de36d0cf1b1cb1aab898342413f0cd77c90ebe21d1f9a0504631d6d1d0e fix-musl.patch 7903987b4b661286de03c6940bf67aaed6d78c9adc57680413407a84a1f1f26aaded35e6d53ea6ad527b474968b343d844e81e16d777c0e29b830b51aa2ca8c3 fix-rust-target.patch d35cacb9ede80e6bfbef0709823e536dddfb1c02d776275b0b7adb5969e9927d8c6117df96873569c3f3db0a18ee5db24f8086a9311a05077892be43a3dd8d79 fix-webrtc-glibcisms.patch f85f2c19c3dafab915bcb40e580fc442fd9eab5916696849edf0b105c758dd807dfe23a6479935613c81496711eb377c73227c03eb8582204c3442a4d0e397a2 fix-sandbox-membarrier.patch f3b7c3e804ce04731012a46cb9e9a6b0769e3772aef9c0a4a8c7520b030fdf6cd703d5e9ff49275f14b7d738fe82a0a4fde3bc3219dff7225d5db0e274987454 firefox.desktop 5dcb6288d0444a8a471d669bbaf61cdb1433663eff38b72ee5e980843f5fc07d0d60c91627a2c1159215d0ad77ae3f115dcc5fdfe87e64ca704b641aceaa44ed firefox-safe.desktop"