community/firefox-esr/APKBUILD


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266

# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Contributor: 
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=firefox-esr
pkgver=60.6.2
pkgrel=0
pkgdesc="Firefox web browser - Extended Support Release"
url="https://www.mozilla.org/en-US/firefox/organizations/"
# limited by rust and cargo
arch="x86_64"
license="GPL LGPL MPL"
makedepends="
	alsa-lib-dev
	autoconf2.13
	automake
	bsd-compat-headers
	bzip2-dev
	cargo
	clang-dev
	dbus-glib-dev
	ffmpeg-dev
	gconf-dev
	gtk+2.0-dev
	gtk+3.0-dev
	hunspell-dev
	icu-dev
	libevent-dev
	libidl-dev
	libjpeg-turbo-dev
	libnotify-dev
	libogg-dev
	libtheora-dev
	libtool
	libvorbis-dev
	libxt-dev
	libxcomposite-dev
	llvm5-dev
	mesa-dev
	nspr-dev
	nss-dev>=3.26
	nss-static
	paxmark
	python2
	sqlite-dev
	sed
	startup-notification-dev
	wireless-tools-dev
	yasm
	zip
	"

source="https://ftp.mozilla.org/pub/firefox/releases/${pkgver}esr/source/firefox-"$pkgver"esr.source.tar.xz
	stab.h

	fix-fortify-system-wrappers.patch
	fix-fortify-inline.patch
	disable-hunspell_hooks.patch
	fix-seccomp-bpf.patch
	fix-toolkit.patch
	fix-tools.patch
	mallinfo.patch

	fix-arm-version-detect.patch
	mozilla-build-arm.patch
	disable-moz-stackwalk.patch
	fix-rust-target.patch
	fix-bug-1261392.patch
	rust-unitialized-field.patch
	fix-webrtc-glibcisms.patch
	sandbox-membarrier.patch

	firefox.desktop
	firefox-safe.desktop"

builddir="${srcdir}/firefox-$pkgver"
_mozappdir=/usr/lib/firefox

# help our shared-object scanner to find the libs
ldpath="$_mozappdir"

# secfixes:
#   60.6.1-r0:
#     - CVE-2019-9810
#     - CVE-2019-9813
#     - CVE-2019-9790
#     - CVE-2019-9791
#     - CVE-2019-9792
#     - CVE-2019-9793
#     - CVE-2019-9794
#     - CVE-2019-9795
#     - CVE-2019-9796
#     - CVE-2019-9801
#     - CVE-2018-18506
#     - CVE-2019-9788
#   60.5.2-r0:
#     - CVE-2019-5785
#     - CVE-2018-18335
#     - CVE-2018-18356
#   60.5.0-r0:
#     - CVE-2018-18500
#     - CVE-2018-18505
#     - CVE-2018-18501
#   52.6.0-r0:
#     - CVE-2018-5089
#     - CVE-2018-5091
#     - CVE-2018-5095
#     - CVE-2018-5096
#     - CVE-2018-5097
#     - CVE-2018-5098
#     - CVE-2018-5099
#     - CVE-2018-5102
#     - CVE-2018-5103
#     - CVE-2018-5104
#     - CVE-2018-5117
#   52.5.2-r0:
#     - CVE-2017-7843
#     - CVE-2017-7843

prepare() {
	default_prepare
	cp "$srcdir"/stab.h toolkit/crashreporter/google-breakpad/src/
}

build() {
	mkdir -p "$builddir"/objdir
	cd "$builddir"/objdir

	export SHELL=/bin/sh
	export BUILD_OFFICIAL=1
	export MOZILLA_OFFICIAL=1
	export USE_SHORT_LIBNAME=1
	# gcc 6
	export CXXFLAGS="-fno-delete-null-pointer-checks -fno-schedule-insns2"

	# set rpath so linker finds the libs
	export LDFLAGS="$LDFLAGS -Wl,-rpath,${_mozappdir}"

	../configure \
		--prefix=/usr \
		\
		--disable-crashreporter \
		--disable-elf-hack \
		--disable-gold \
		--disable-install-strip \
		--disable-jemalloc \
		--disable-profiling \
		--disable-pulseaudio \
		--disable-strip \
		--disable-tests \
		--disable-updater \
		\
		--enable-alsa \
		--enable-default-toolkit=cairo-gtk3 \
		--enable-official-branding \
		--enable-optimize="$CFLAGS" \
		--enable-pie \
		--enable-startup-notification \
		--enable-system-ffi \
		--enable-system-hunspell \
		--enable-system-sqlite \
		--enable-ffmpeg \
		\
		--with-pthreads \
		--with-system-bz2 \
		--with-system-icu \
		--with-system-jpeg \
		--with-system-libevent \
		--with-system-nspr \
		--with-system-nss \
		--with-system-pixman \
		--with-system-png \
		--with-system-zlib \
		--with-clang-path=/usr/bin/clang \
		--with-libclang-path=/usr/lib
		# FIXME: fix build with --with-system-libvpx and libvpx 1.8.0
		# https://bugzilla.mozilla.org/show_bug.cgi?id=1525393
	make

	# paxmark outside fakeroot
	paxmark -msp dist/bin/xpcshell

}

package() {
	cd "$builddir"/objdir

	# only used for startupcache creation.
	local paxflags="-msp"
	paxmark "$paxflags" dist/bin/xpcshell

	make install \
		DESTDIR="$pkgdir" \
		MOZ_MAKE_FLAGS="$MAKEOPTS"

	install -m755 -d ${pkgdir}/usr/share/applications
	install -m755 -d ${pkgdir}/usr/share/pixmaps

	local png
	for png in ../browser/branding/official/default*.png; do
		local i=${_png%.png}
		i=${i##*/default}
		install -D -m644 "$png" "$pkgdir"/usr/share/icons/hicolor/${i}x${i}/apps/firefox.png
	done

	install -m644 "$builddir"/browser/branding/official/default48.png \
		${pkgdir}/usr/share/pixmaps/firefox.png
	install -m644 ${srcdir}/firefox.desktop ${pkgdir}/usr/share/applications/firefox.desktop
	install -m644 ${srcdir}/firefox-safe.desktop ${pkgdir}/usr/share/applications/firefox-safe.desktop

	# firefox currently does not work with mprotect. disable it for now
	local paxflags="-mp"
	[ "$CARCH" = "x86" ] && paxflags="-msp"

	paxmark "$paxflags" "$pkgdir"/$_mozappdir/firefox
	paxmark "$paxflags" "$pkgdir"/$_mozappdir/plugin-container

	# launcher as symlink is broken from firefox-7.0
	rm "$pkgdir"/usr/bin/firefox
	libgl=$(scanelf -qF '#F%S' /usr/lib/libGL.so)
	cat > "$pkgdir"/usr/bin/firefox << __EOF__
#!/bin/sh

exec $_mozappdir/firefox "\$@"
__EOF__
	chmod 755 "$pkgdir"/usr/bin/firefox

	# install our vendor prefs
	install -d "$pkgdir"/$_mozappdir/browser/defaults/preferences

	cat >> "$pkgdir"/$_mozappdir/browser/defaults/preferences/firefox-branding.js <<- EOF
	// Use LANG environment variable to choose locale
	pref("intl.locale.matchOS", true);

	// Disable default browser checking.
	pref("browser.shell.checkDefaultBrowser", false);

	// Don't disable our bundled extensions in the application directory
	pref("extensions.autoDisableScopes", 11);
	pref("extensions.shownSelectionUI", true);
	EOF

	# remove copied, huge, libraries
	rm -f "$pkgdir"/${_mozappdirdev}/sdk/lib/libmozjs.so
	rm -f "$pkgdir"/${_mozappdirdev}/sdk/lib/libmozalloc.so
	rm -f "$pkgdir"/${_mozappdirdev}/sdk/lib/libxul.so
}

sha512sums="ed4bf61555dcdae953b0a2f7bc23fae581b1c205d401e1bec524f62044455774c5cb18566bc2c96a6465bfd0d2b504fa94fbc719c4a46ea80eec2b776e86309f  firefox-60.6.2esr.source.tar.xz
0b3f1e4b9fdc868e4738b5c81fd6c6128ce8885b260affcb9a65ff9d164d7232626ce1291aaea70132b3e3124f5e13fef4d39326b8e7173e362a823722a85127  stab.h
2f4f15974d52de4bb273b62a332d13620945d284bbc6fe6bd0a1f58ff7388443bc1d3bf9c82cc31a8527aad92b0cd3a1bc41d0af5e1800e0dcbd7033e58ffd71  fix-fortify-system-wrappers.patch
09bc32cf9ee81b9cc6bb58ddbc66e6cc5c344badff8de3435cde5848e5a451e0172153231db85c2385ff05b5d9c20760cb18e4138dfc99060a9e960de2befbd5  fix-fortify-inline.patch
0fcc647af53a3ce21c2bc36e5631eb0935e7243ebb3ab59b5719542cc54a6ac023a4a857b43b75756efb9ed80c0aecaa94dc5679a3b3792f82e87bf2c1af82e1  disable-hunspell_hooks.patch
3414fd06110e853b01043d5d1090cfe1e6c13e8aa3c9f97a91ba390b37d6e909d3e836dbc9b2c261e636056ac10ca78de07adbd27f68102b979fc533b2f9c560  fix-seccomp-bpf.patch
892d6a5544c23983a2d62eab954a9b68883e3c0b66e3bdc47255f21ef700bda6fce90657249cbc59f88b1372f4fb83e2f0a7cfd62201d58a5cd6089358223cf3  fix-toolkit.patch
2024a81e867fba6dbd31971ae7a8a984a4db5d4b5fc6dafba92521ac8e0b3e99cc80f1e0bd079faef0d1bb5cb5ea1040ecb4da085fe2bf2a640f3cc4da3ec5c5  fix-tools.patch
bdcd1b402d2ec94957ba5d08cbad7b1a7f59c251c311be9095208491a05abb05a956c79f27908e1f26b54a3679387b2f33a51e945b650671ad85c0a2d59a5a29  mallinfo.patch
015e1ff6dbf920033982b5df95d869a0b7bf56c6964e45e50649ddf46d1ce09563458e45240c3ecb92808662b1300b67507f7af272ba184835d91068a9e7d5b0  fix-arm-version-detect.patch
e61664bc93eadce5016a06a4d0684b34a05074f1815e88ef2613380d7b369c6fd305fb34f83b5eb18b9e3138273ea8ddcfdcb1084fdcaa922a1e5b30146a3b18  mozilla-build-arm.patch
251c170504f3418e47feeaee5cc5a7cf7fdf4a5ee0283b1497933fdce1857a3fe299da1178a044d5d39f84ddbca761fb542345f8f183bf62c3557cba4a47a874  disable-moz-stackwalk.patch
42cc44fda4b05259b38f055d6f51461746aa89a474cedc5e92fb9d20879da0d12b1b515b273a549e7302cda9c7eddde20d5fdba09853e5c658784ad6d0b20078  fix-rust-target.patch
a50b412edf9573a0bd04a43578b1c927967a616b73a5995eefb15bfa78fd2bd14e36ec05315a0703f6370ecd524e6bcb012e7285beb1245e9add9b8553acb79e  fix-bug-1261392.patch
01b48a708cc6bc6e3cd7cc7b16f5137ec344566ac891d699b65e322bc992726072fa14a54cef1a7775799fcbbcf90a6c170107c8524caba3bc311b42d93b7581  rust-unitialized-field.patch
75b97d59e81e5f1debe6a459b535da704d5a2ac4a57c446d16058fd18db81e22317fcc3ec11b89f569f4de87e8e80ced027c0e72e7f1dd16f6fd0feb6b263919  fix-webrtc-glibcisms.patch
e725a6e9b2361cd566ae2f90861dbce9f2231f16721ec02f4b9f9986b7dc82cc006ea6a500ae7f30c095ce746132a5bd1d9532c4cf0d1541dcc672a20aef8807  sandbox-membarrier.patch
f3b7c3e804ce04731012a46cb9e9a6b0769e3772aef9c0a4a8c7520b030fdf6cd703d5e9ff49275f14b7d738fe82a0a4fde3bc3219dff7225d5db0e274987454  firefox.desktop
5dcb6288d0444a8a471d669bbaf61cdb1433663eff38b72ee5e980843f5fc07d0d60c91627a2c1159215d0ad77ae3f115dcc5fdfe87e64ca704b641aceaa44ed  firefox-safe.desktop"