# Contributor: Sören Tempel # Contributor: # Maintainer: Natanael Copa pkgname=firefox-esr pkgver=60.7.0 pkgrel=0 pkgdesc="Firefox web browser - Extended Support Release" url="https://www.mozilla.org/en-US/firefox/organizations/" # limited by rust and cargo arch="x86_64" license="GPL LGPL MPL" makedepends=" alsa-lib-dev autoconf2.13 automake bsd-compat-headers bzip2-dev cargo clang-dev dbus-glib-dev ffmpeg-dev gconf-dev gtk+2.0-dev gtk+3.0-dev hunspell-dev icu-dev libevent-dev libidl-dev libjpeg-turbo-dev libnotify-dev libogg-dev libtheora-dev libtool libvorbis-dev libxt-dev libxcomposite-dev llvm5-dev mesa-dev nspr-dev nss-dev>=3.26 nss-static paxmark python2 sqlite-dev sed startup-notification-dev wireless-tools-dev yasm zip " source="https://ftp.mozilla.org/pub/firefox/releases/${pkgver}esr/source/firefox-"$pkgver"esr.source.tar.xz stab.h fix-rust.patch fix-fortify-system-wrappers.patch fix-fortify-inline.patch disable-hunspell_hooks.patch fix-seccomp-bpf.patch fix-toolkit.patch fix-tools.patch mallinfo.patch fix-arm-version-detect.patch mozilla-build-arm.patch disable-moz-stackwalk.patch fix-rust-target.patch fix-bug-1261392.patch rust-unitialized-field.patch fix-webrtc-glibcisms.patch sandbox-membarrier.patch firefox.desktop firefox-safe.desktop" builddir="${srcdir}/firefox-$pkgver" _mozappdir=/usr/lib/firefox # help our shared-object scanner to find the libs ldpath="$_mozappdir" # secfixes: # 60.7.0-r0: # - CVE-2019-9815 # - CVE-2019-9816 # - CVE-2019-9817 # - CVE-2019-9818 # - CVE-2019-9819 # - CVE-2019-9820 # - CVE-2019-11691 # - CVE-2019-11692 # - CVE-2019-11693 # - CVE-2019-7317 # - CVE-2019-9797 # - CVE-2018-18511 # - CVE-2019-11694 # - CVE-2019-11698 # - CVE-2019-5798 # - CVE-2019-9800 # 60.6.1-r0: # - CVE-2019-9810 # - CVE-2019-9813 # - CVE-2019-9790 # - CVE-2019-9791 # - CVE-2019-9792 # - CVE-2019-9793 # - CVE-2019-9794 # - CVE-2019-9795 # - CVE-2019-9796 # - CVE-2019-9801 # - CVE-2018-18506 # - CVE-2019-9788 # 60.5.2-r0: # - CVE-2019-5785 # - CVE-2018-18335 # - CVE-2018-18356 # 60.5.0-r0: # - CVE-2018-18500 # - CVE-2018-18505 # - CVE-2018-18501 # 52.6.0-r0: # - CVE-2018-5089 # - CVE-2018-5091 # - CVE-2018-5095 # - CVE-2018-5096 # - CVE-2018-5097 # - CVE-2018-5098 # - CVE-2018-5099 # - CVE-2018-5102 # - CVE-2018-5103 # - CVE-2018-5104 # - CVE-2018-5117 # 52.5.2-r0: # - CVE-2017-7843 # - CVE-2017-7843 prepare() { default_prepare cp "$srcdir"/stab.h toolkit/crashreporter/google-breakpad/src/ } build() { mkdir -p "$builddir"/objdir cd "$builddir"/objdir export SHELL=/bin/sh export BUILD_OFFICIAL=1 export MOZILLA_OFFICIAL=1 export USE_SHORT_LIBNAME=1 # gcc 6 export CXXFLAGS="-fno-delete-null-pointer-checks -fno-schedule-insns2" # set rpath so linker finds the libs export LDFLAGS="$LDFLAGS -Wl,-rpath,${_mozappdir}" ../configure \ --prefix=/usr \ \ --disable-crashreporter \ --disable-elf-hack \ --disable-gold \ --disable-install-strip \ --disable-jemalloc \ --disable-profiling \ --disable-pulseaudio \ --disable-strip \ --disable-tests \ --disable-updater \ \ --enable-alsa \ --enable-default-toolkit=cairo-gtk3 \ --enable-official-branding \ --enable-optimize="$CFLAGS" \ --enable-pie \ --enable-startup-notification \ --enable-system-ffi \ --enable-system-hunspell \ --enable-system-sqlite \ --enable-ffmpeg \ \ --with-pthreads \ --with-system-bz2 \ --with-system-icu \ --with-system-jpeg \ --with-system-libevent \ --with-system-nspr \ --with-system-nss \ --with-system-pixman \ --with-system-png \ --with-system-zlib \ --with-clang-path=/usr/bin/clang \ --with-libclang-path=/usr/lib # FIXME: fix build with --with-system-libvpx and libvpx 1.8.0 # https://bugzilla.mozilla.org/show_bug.cgi?id=1525393 make # paxmark outside fakeroot paxmark -msp dist/bin/xpcshell } package() { cd "$builddir"/objdir # only used for startupcache creation. local paxflags="-msp" paxmark "$paxflags" dist/bin/xpcshell make install \ DESTDIR="$pkgdir" \ MOZ_MAKE_FLAGS="$MAKEOPTS" install -m755 -d ${pkgdir}/usr/share/applications install -m755 -d ${pkgdir}/usr/share/pixmaps local png for png in ../browser/branding/official/default*.png; do local i=${_png%.png} i=${i##*/default} install -D -m644 "$png" "$pkgdir"/usr/share/icons/hicolor/${i}x${i}/apps/firefox.png done install -m644 "$builddir"/browser/branding/official/default48.png \ ${pkgdir}/usr/share/pixmaps/firefox.png install -m644 ${srcdir}/firefox.desktop ${pkgdir}/usr/share/applications/firefox.desktop install -m644 ${srcdir}/firefox-safe.desktop ${pkgdir}/usr/share/applications/firefox-safe.desktop # firefox currently does not work with mprotect. disable it for now local paxflags="-mp" [ "$CARCH" = "x86" ] && paxflags="-msp" paxmark "$paxflags" "$pkgdir"/$_mozappdir/firefox paxmark "$paxflags" "$pkgdir"/$_mozappdir/plugin-container # launcher as symlink is broken from firefox-7.0 rm "$pkgdir"/usr/bin/firefox libgl=$(scanelf -qF '#F%S' /usr/lib/libGL.so) cat > "$pkgdir"/usr/bin/firefox << __EOF__ #!/bin/sh exec $_mozappdir/firefox "\$@" __EOF__ chmod 755 "$pkgdir"/usr/bin/firefox # install our vendor prefs install -d "$pkgdir"/$_mozappdir/browser/defaults/preferences cat >> "$pkgdir"/$_mozappdir/browser/defaults/preferences/firefox-branding.js <<- EOF // Use LANG environment variable to choose locale pref("intl.locale.matchOS", true); // Disable default browser checking. pref("browser.shell.checkDefaultBrowser", false); // Don't disable our bundled extensions in the application directory pref("extensions.autoDisableScopes", 11); pref("extensions.shownSelectionUI", true); EOF # remove copied, huge, libraries rm -f "$pkgdir"/${_mozappdirdev}/sdk/lib/libmozjs.so rm -f "$pkgdir"/${_mozappdirdev}/sdk/lib/libmozalloc.so rm -f "$pkgdir"/${_mozappdirdev}/sdk/lib/libxul.so } sha512sums="c2152857f5f1c816a12fcf5c450268025ee47ee9299ae3355650d86c7c97191b731123a4964154222ca5ba1edc44fee0d1d5f803ae9515841283ecaff6dc9a55 firefox-60.7.0esr.source.tar.xz 0b3f1e4b9fdc868e4738b5c81fd6c6128ce8885b260affcb9a65ff9d164d7232626ce1291aaea70132b3e3124f5e13fef4d39326b8e7173e362a823722a85127 stab.h 845209a7f831c069a1c1d20f88e388423656f7c2f0915b5e7cfb7f47947883d4f9eb2f887b6f10ac5d75d0b323b495b693ec21cd2208ee5071283089bc023f07 fix-rust.patch 2f4f15974d52de4bb273b62a332d13620945d284bbc6fe6bd0a1f58ff7388443bc1d3bf9c82cc31a8527aad92b0cd3a1bc41d0af5e1800e0dcbd7033e58ffd71 fix-fortify-system-wrappers.patch 09bc32cf9ee81b9cc6bb58ddbc66e6cc5c344badff8de3435cde5848e5a451e0172153231db85c2385ff05b5d9c20760cb18e4138dfc99060a9e960de2befbd5 fix-fortify-inline.patch 0fcc647af53a3ce21c2bc36e5631eb0935e7243ebb3ab59b5719542cc54a6ac023a4a857b43b75756efb9ed80c0aecaa94dc5679a3b3792f82e87bf2c1af82e1 disable-hunspell_hooks.patch 3414fd06110e853b01043d5d1090cfe1e6c13e8aa3c9f97a91ba390b37d6e909d3e836dbc9b2c261e636056ac10ca78de07adbd27f68102b979fc533b2f9c560 fix-seccomp-bpf.patch 892d6a5544c23983a2d62eab954a9b68883e3c0b66e3bdc47255f21ef700bda6fce90657249cbc59f88b1372f4fb83e2f0a7cfd62201d58a5cd6089358223cf3 fix-toolkit.patch 2024a81e867fba6dbd31971ae7a8a984a4db5d4b5fc6dafba92521ac8e0b3e99cc80f1e0bd079faef0d1bb5cb5ea1040ecb4da085fe2bf2a640f3cc4da3ec5c5 fix-tools.patch bdcd1b402d2ec94957ba5d08cbad7b1a7f59c251c311be9095208491a05abb05a956c79f27908e1f26b54a3679387b2f33a51e945b650671ad85c0a2d59a5a29 mallinfo.patch 015e1ff6dbf920033982b5df95d869a0b7bf56c6964e45e50649ddf46d1ce09563458e45240c3ecb92808662b1300b67507f7af272ba184835d91068a9e7d5b0 fix-arm-version-detect.patch e61664bc93eadce5016a06a4d0684b34a05074f1815e88ef2613380d7b369c6fd305fb34f83b5eb18b9e3138273ea8ddcfdcb1084fdcaa922a1e5b30146a3b18 mozilla-build-arm.patch 251c170504f3418e47feeaee5cc5a7cf7fdf4a5ee0283b1497933fdce1857a3fe299da1178a044d5d39f84ddbca761fb542345f8f183bf62c3557cba4a47a874 disable-moz-stackwalk.patch 42cc44fda4b05259b38f055d6f51461746aa89a474cedc5e92fb9d20879da0d12b1b515b273a549e7302cda9c7eddde20d5fdba09853e5c658784ad6d0b20078 fix-rust-target.patch a50b412edf9573a0bd04a43578b1c927967a616b73a5995eefb15bfa78fd2bd14e36ec05315a0703f6370ecd524e6bcb012e7285beb1245e9add9b8553acb79e fix-bug-1261392.patch 01b48a708cc6bc6e3cd7cc7b16f5137ec344566ac891d699b65e322bc992726072fa14a54cef1a7775799fcbbcf90a6c170107c8524caba3bc311b42d93b7581 rust-unitialized-field.patch 75b97d59e81e5f1debe6a459b535da704d5a2ac4a57c446d16058fd18db81e22317fcc3ec11b89f569f4de87e8e80ced027c0e72e7f1dd16f6fd0feb6b263919 fix-webrtc-glibcisms.patch e725a6e9b2361cd566ae2f90861dbce9f2231f16721ec02f4b9f9986b7dc82cc006ea6a500ae7f30c095ce746132a5bd1d9532c4cf0d1541dcc672a20aef8807 sandbox-membarrier.patch f3b7c3e804ce04731012a46cb9e9a6b0769e3772aef9c0a4a8c7520b030fdf6cd703d5e9ff49275f14b7d738fe82a0a4fde3bc3219dff7225d5db0e274987454 firefox.desktop 5dcb6288d0444a8a471d669bbaf61cdb1433663eff38b72ee5e980843f5fc07d0d60c91627a2c1159215d0ad77ae3f115dcc5fdfe87e64ca704b641aceaa44ed firefox-safe.desktop"