blob: 5693da17a142ac62a1348cd87f55744a9f61f402 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
|
# Contributor: William Pitcock <nenolod@dereferenced.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=firefox-esr
pkgver=52.7.2
_pkgver=$pkgver
_xulver=$pkgver
pkgrel=0
pkgdesc="Firefox web browser - Extended Support Release"
url="https://www.mozilla.org/en-US/firefox/organizations/faq/"
arch="all"
license="GPL LGPL MPL"
depends=""
depends_dev="
alsa-lib-dev
bzip2-dev
dbus-glib-dev
gconf-dev
gtk+2.0-dev
gtk+3.0-dev
hunspell-dev
icu-dev
libevent-dev
libidl-dev
libjpeg-turbo-dev
libnotify-dev
libogg-dev
libtheora-dev
libvorbis-dev
libvpx-dev
libxt-dev
libxcomposite-dev
mesa-dev
nspr-dev
nss-dev
sqlite-dev
startup-notification-dev
wireless-tools-dev
"
makedepends="$depends_dev
autoconf2.13
automake
bsd-compat-headers
libtool
nss-static
paxmark
python2
sed
yasm
zip
"
install=""
subpackages="$pkgname-dev"
source="https://ftp.mozilla.org/pub/firefox/releases/${pkgver}esr/source/firefox-${pkgver}esr.source.tar.xz
stab.h
0002-Use-C99-math-isfinite.patch
fix-fortify-inline.patch
disable-hunspell_hooks.patch
fix-seccomp-bpf.patch
fix-toolkit.patch
fix-tools.patch
mallinfo.patch
musl-pthread-setname.patch
fix-fortify-system-wrappers.patch
fix-arm-atomics-grsec.patch
fix-arm-version-detect.patch
mozilla-build-arm.patch
disable-moz-stackwalk.patch
missing-header-s390x.patch
firefox.desktop
firefox-safe.desktop"
builddir="${srcdir}/firefox-${pkgver}esr"/objdir
_mozappdir=/usr/lib/firefox-${pkgver}
_mozappdirdev=/usr/lib/firefox-devel-${pkgver}
# help our shared-object scanner to find the libs
ldpath="$_mozappdir"
# secfixes:
# 52.6.0-r0:
# - CVE-2018-5089
# - CVE-2018-5091
# - CVE-2018-5095
# - CVE-2018-5096
# - CVE-2018-5097
# - CVE-2018-5098
# - CVE-2018-5099
# - CVE-2018-5102
# - CVE-2018-5103
# - CVE-2018-5104
# - CVE-2018-5117
# 52.5.2-r0:
# - CVE-2017-7843
# - CVE-2017-7843
prepare() {
local i
mkdir -p "$builddir"
cd "$builddir"/..
for i in $source; do
case $i in
*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
esac
done
cp "$srcdir"/stab.h toolkit/crashreporter/google-breakpad/src/
}
build() {
cd "$builddir"
export SHELL=/bin/sh
export BUILD_OFFICIAL=1
export MOZILLA_OFFICIAL=1
export USE_SHORT_LIBNAME=1
# gcc 6
export CXXFLAGS="-fno-delete-null-pointer-checks -fno-schedule-insns2"
# set rpath so linker finds the libs
export LDFLAGS="$LDFLAGS -Wl,-rpath,${_mozappdir}"
local extra_flags=""
[ "$CARCH" = "s390x" ] && extra_flags="--disable-startupcache"
../configure \
--prefix=/usr \
\
--disable-crashreporter \
--disable-elf-hack \
--disable-install-strip \
--disable-jemalloc \
--disable-profiling \
--disable-pulseaudio \
--disable-strip \
--disable-tests \
--disable-updater \
\
--enable-alsa \
--enable-default-toolkit=cairo-gtk3 \
--enable-gio \
--enable-gold=no \
--enable-official-branding \
--enable-optimize="$CFLAGS" \
--enable-pie \
--enable-startup-notification \
--enable-system-ffi \
--enable-system-hunspell \
--enable-system-sqlite \
\
--with-pthreads \
--with-system-bz2 \
--with-system-icu \
--with-system-jpeg \
--with-system-libevent \
--with-system-libvpx \
--with-system-nspr \
--with-system-nss \
--with-system-pixman \
--with-system-png \
--with-system-zlib \
$extra_flags
make || return 1
# paxmark outside fakeroot
paxmark -msp dist/bin/xpcshell || return 1
}
package() {
cd "$builddir"
# only used for startupcache creation.
local paxflags="-msp"
paxmark "$paxflags" dist/bin/xpcshell || return 1
make install \
DESTDIR="$pkgdir" \
MOZ_MAKE_FLAGS="$MAKEOPTS" \
|| return 1
install -m755 -d ${pkgdir}/usr/share/applications
install -m755 -d ${pkgdir}/usr/share/pixmaps
local png
for png in ../browser/branding/official/default*.png; do
local i=${_png%.png}
i=${i##*/default}
install -D -m644 "$png" "$pkgdir"/usr/share/icons/hicolor/${i}x${i}/apps/firefox.png || return 1
done
install -m644 "$builddir"/../browser/branding/official/default48.png \
${pkgdir}/usr/share/pixmaps/firefox.png || return 1
install -m644 ${srcdir}/firefox.desktop ${pkgdir}/usr/share/applications/firefox.desktop
install -m644 ${srcdir}/firefox-safe.desktop ${pkgdir}/usr/share/applications/firefox-safe.desktop
# firefox currently does not work with mprotect. disable it for now
local paxflags="-mp"
[ "$CARCH" = "x86" ] && paxflags="-msp"
paxmark "$paxflags" "$pkgdir"/$_mozappdir/firefox || return 1
paxmark "$paxflags" "$pkgdir"/$_mozappdir/plugin-container || return 1
# xulrunner stub launcher has changed to using a symlink overlay...
# go figure
ln -sf /usr/lib/xulrunner-${_xulver} ${pkgdir}/$_mozappdir/xulrunner
# launcher as symlink is broken from firefox-7.0
rm "$pkgdir"/usr/bin/firefox || return 1
libgl=$(scanelf -qF '#F%S' /usr/lib/libGL.so)
cat > "$pkgdir"/usr/bin/firefox << __EOF__
#!/bin/sh
exec $_mozappdir/firefox "\$@"
__EOF__
chmod 755 "$pkgdir"/usr/bin/firefox
# install our vendor prefs
install -d "$pkgdir"/$_mozappdir/browser/defaults/preferences
cat >> "$pkgdir"/$_mozappdir/browser/defaults/preferences/firefox-branding.js <<- EOF
// Use LANG environment variable to choose locale
pref("intl.locale.matchOS", true);
// Disable default browser checking.
pref("browser.shell.checkDefaultBrowser", false);
// Don't disable our bundled extensions in the application directory
pref("extensions.autoDisableScopes", 11);
pref("extensions.shownSelectionUI", true);
EOF
# remove copied, huge, libraries
rm -f "$pkgdir"/${_mozappdirdev}/sdk/lib/libmozjs.so
rm -f "$pkgdir"/${_mozappdirdev}/sdk/lib/libmozalloc.so
rm -f "$pkgdir"/${_mozappdirdev}/sdk/lib/libxul.so
}
dev() {
mkdir -p "$subpkgdir"/${_mozappdirdev%/*}
mv "$pkgdir"/${_mozappdirdev} "$subpkgdir"/${_mozappdirdev%/*} \
|| return 1
default_dev
}
sha512sums="e275fd10fd32a0dc237135af3395e3a1ae501844632c973ff3b9bca1456702ee36dbee99fc57300598403c924c0db63bd62a199845c8f4a2e29db5d1e5973395 firefox-52.7.2esr.source.tar.xz
0b3f1e4b9fdc868e4738b5c81fd6c6128ce8885b260affcb9a65ff9d164d7232626ce1291aaea70132b3e3124f5e13fef4d39326b8e7173e362a823722a85127 stab.h
7e123144bc2b1efed149dfb41b255c447d43ea93a63ebe114d01945e6a6d69edc2f2a3c36980a93279106c1842355851b8b6c1d96679ee6be7b9b30513e0b1a8 0002-Use-C99-math-isfinite.patch
09bc32cf9ee81b9cc6bb58ddbc66e6cc5c344badff8de3435cde5848e5a451e0172153231db85c2385ff05b5d9c20760cb18e4138dfc99060a9e960de2befbd5 fix-fortify-inline.patch
0fcc647af53a3ce21c2bc36e5631eb0935e7243ebb3ab59b5719542cc54a6ac023a4a857b43b75756efb9ed80c0aecaa94dc5679a3b3792f82e87bf2c1af82e1 disable-hunspell_hooks.patch
70863b985427b9653ce5e28d6064f078fb6d4ccf43dd1b68e72f97f44868fc0ce063161c39a4e77a0a1a207b7365d5dc7a7ca5e68c726825eba814f2b93e2f5d fix-seccomp-bpf.patch
a2925045154f4fd34e5fc056656f4f9da100341529e5d4104d249154db0c7863384083f421ce6e47e0f20566a8b20787fa35444c7933c03cd03f96f06dcd4532 fix-toolkit.patch
7d7531a0dbb1b3c2f4cbf155168e750f274dbf19cd767d6395d479ef1626a651e714b41e353465d9d58239dc15256d83eeb1bf06c6adf47c521a0db5ee88bb50 fix-tools.patch
bdcd1b402d2ec94957ba5d08cbad7b1a7f59c251c311be9095208491a05abb05a956c79f27908e1f26b54a3679387b2f33a51e945b650671ad85c0a2d59a5a29 mallinfo.patch
3f535b1e4e9a5a0506ef6f6d9427a84fae1efa3c8e8d6b25b21046d2d04c132bde1a7a98e415067e5c542f699d89249b8cc3d925e0be4e96db498037429691ef musl-pthread-setname.patch
2a967e4619fd89a046bd40be7fdcef646fcb1eba5e47afc96aa1d59c25bcc8747cb07baee6c11f3b803db0981aced181534b806778e4d21e74958f5f4d74c784 fix-fortify-system-wrappers.patch
ed0d344c66fc8e1cc83a11e9858b32c42e841cbeedd9eb9438811e9fcc3593dc824a8336d00058d55836cedc970aeadd6a82c6dcd7bc0fb746e564d8b478cc6c fix-arm-atomics-grsec.patch
015e1ff6dbf920033982b5df95d869a0b7bf56c6964e45e50649ddf46d1ce09563458e45240c3ecb92808662b1300b67507f7af272ba184835d91068a9e7d5b0 fix-arm-version-detect.patch
e61664bc93eadce5016a06a4d0684b34a05074f1815e88ef2613380d7b369c6fd305fb34f83b5eb18b9e3138273ea8ddcfdcb1084fdcaa922a1e5b30146a3b18 mozilla-build-arm.patch
4797d2d89ac63a57abb826b8ea9f751314ce66946194033deb9d78c2ff377b88106fd2c7bc5034dc13ad03dd5085b1893c3ccae1a9e63fde35655bb0921f7188 disable-moz-stackwalk.patch
6beba471b6a7fc229a9c105d58137f80cec07219e52bb9a666c787b37ca88635d6ec2eba651eccb5096429c2965709c9475c89839c255c3545f8c96c5d40f403 missing-header-s390x.patch
f3b7c3e804ce04731012a46cb9e9a6b0769e3772aef9c0a4a8c7520b030fdf6cd703d5e9ff49275f14b7d738fe82a0a4fde3bc3219dff7225d5db0e274987454 firefox.desktop
5dcb6288d0444a8a471d669bbaf61cdb1433663eff38b72ee5e980843f5fc07d0d60c91627a2c1159215d0ad77ae3f115dcc5fdfe87e64ca704b641aceaa44ed firefox-safe.desktop"
|