# Contributor: Natanael Copa # Contributor: Sören Tempel # Maintainer: Rasmus Thomsen pkgname=firefox pkgver=84.0.2 # Date of release, YY-MM-DD for metainfo file (see package()) _releasedate=2021-01-06 pkgrel=0 pkgdesc="Firefox web browser" url="https://www.firefox.com/" # Limited on: # s390x, mips, mips64: limited by rust and cargo # armhf: build failure on armhf due to wasm # ppc64le: Rust SIGSEGVs when compiling gkrust # armv7: Needs Rust nightly for WASM arch="all !s390x !armhf !mips !mips64 !ppc64le !armv7" license="GPL-3.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND MPL-2.0" makedepends=" alsa-lib-dev autoconf2.13 automake bsd-compat-headers cargo cbindgen>=0.15 clang-dev dbus-glib-dev ffmpeg-dev gtk+2.0-dev gtk+3.0-dev hunspell-dev icu-dev>=64.2 libevent-dev libidl-dev libjpeg-turbo-dev libnotify-dev libogg-dev libtheora-dev libtool libvorbis-dev libvpx-dev libxt-dev libxcomposite-dev llvm-dev mesa-dev nasm nodejs nspr-dev nss-dev>=3.58 nss-static python3 sed wireless-tools-dev yasm zip libffi-dev libwebp-dev pipewire-dev gettext pulseaudio-dev " source="https://ftp.mozilla.org/pub/firefox/releases/$pkgver/source/firefox-$pkgver.source.tar.xz stab.h fix-fortify-system-wrappers.patch fix-tools.patch mallinfo.patch disable-moz-stackwalk.patch fix-rust-target.patch fix-webrtc-glibcisms.patch fd6847c9416f9eebde636e21d794d25d1be8791d.patch allow-custom-rust-vendor.patch firefox.desktop firefox-safe.desktop disable-neon-in-aom.patch sandbox-fork.patch sandbox-sched_setscheduler.patch sandbox-largefile.patch avoid-redefinition.patch " _mozappdir=/usr/lib/firefox # help our shared-object scanner to find the libs ldpath="$_mozappdir" # secfixes: # 84.0.2-r0: # - CVE-2020-16044 # 84.0.1-r0: # - CVE-2020-16042 # - CVE-2020-26971 # - CVE-2020-26972 # - CVE-2020-26973 # - CVE-2020-26974 # - CVE-2020-26975 # - CVE-2020-26976 # - CVE-2020-26977 # - CVE-2020-26978 # - CVE-2020-26979 # - CVE-2020-35111 # - CVE-2020-35112 # - CVE-2020-35113 # - CVE-2020-35114 # 83.0-r0: # - CVE-2020-15999 # - CVE-2020-16012 # - CVE-2020-26952 # - CVE-2020-26953 # - CVE-2020-26954 # - CVE-2020-26955 # - CVE-2020-26956 # - CVE-2020-26957 # - CVE-2020-26958 # - CVE-2020-26959 # - CVE-2020-26960 # - CVE-2020-26961 # - CVE-2020-26962 # - CVE-2020-26963 # - CVE-2020-26964 # - CVE-2020-26965 # - CVE-2020-26966 # - CVE-2020-26967 # - CVE-2020-26968 # - CVE-2020-26969 # 82.0.3-r0: # - CVE-2020-26950 # 82.0-r0: # - CVE-2020-15254 # - CVE-2020-15680 # - CVE-2020-15681 # - CVE-2020-15682 # - CVE-2020-15683 # - CVE-2020-15684 # - CVE-2020-15969 # 81.0-r0: # - CVE-2020-15673 # - CVE-2020-15674 # - CVE-2020-15675 # - CVE-2020-15676 # - CVE-2020-15677 # - CVE-2020-15678 # 80.0-r0: # - CVE-2020-6829 # - CVE-2020-12400 # - CVE-2020-12401 # - CVE-2020-15663 # - CVE-2020-15664 # - CVE-2020-15665 # - CVE-2020-15666 # - CVE-2020-15667 # - CVE-2020-15668 # - CVE-2020-15670 # 79.0-r0: # - CVE-2020-6463 # - CVE-2020-6514 # - CVE-2020-15652 # - CVE-2020-15653 # - CVE-2020-15654 # - CVE-2020-15655 # - CVE-2020-15656 # - CVE-2020-15657 # - CVE-2020-15658 # - CVE-2020-15659 # 78.0-r0: # - CVE-2020-12415 # - CVE-2020-12416 # - CVE-2020-12417 # - CVE-2020-12418 # - CVE-2020-12419 # - CVE-2020-12420 # - CVE-2020-12402 # - CVE-2020-12421 # - CVE-2020-12422 # - CVE-2020-12423 # - CVE-2020-12424 # - CVE-2020-12425 # - CVE-2020-12426 # 77.0-r0: # - CVE-2020-12399 # - CVE-2020-12405 # - CVE-2020-12406 # - CVE-2020-12407 # - CVE-2020-12408 # - CVE-2020-12409 # - CVE-2020-12411 # 76.0-r0: # - CVE-2020-6831 # - CVE-2020-12387 # - CVE-2020-12388 # - CVE-2020-12389 # - CVE-2020-12390 # - CVE-2020-12391 # - CVE-2020-12392 # - CVE-2020-12393 # - CVE-2020-12394 # - CVE-2020-12395 # - CVE-2020-12396 # 75.0-r0: # - CVE-2020-6821 # - CVE-2020-6822 # - CVE-2020-6823 # - CVE-2020-6824 # - CVE-2020-6825 # - CVE-2020-6826 # 74.0.1-r0: # - CVE-2020-6819 # - CVE-2020-6820 # 74.0-r0: # - CVE-2020-6805 # - CVE-2020-6806 # - CVE-2020-6807 # - CVE-2020-6808 # - CVE-2020-6809 # - CVE-2020-6810 # - CVE-2020-6811 # - CVE-2019-20503 # - CVE-2020-6812 # - CVE-2020-6813 # - CVE-2020-6814 # - CVE-2020-6815 # 71.0.1-r0: # - CVE-2019-17016 # - CVE-2019-17017 # - CVE-2019-17020 # - CVE-2019-17022 # - CVE-2019-17023 # - CVE-2019-17024 # - CVE-2019-17025 # - CVE-2019-17026 # 70.0-r0: # - CVE-2018-6156 # - CVE-2019-15903 # - CVE-2019-11757 # - CVE-2019-11759 # - CVE-2019-11760 # - CVE-2019-11761 # - CVE-2019-11762 # - CVE-2019-11763 # - CVE-2019-11764 # - CVE-2019-11765 # - CVE-2019-17000 # - CVE-2019-17001 # - CVE-2019-17002 # 68.0.2-r0: # - CVE-2019-11733 # we need this because cargo verifies checksums of all files in vendor # crates when it builds and gives us no way to override or update the # file sanely... so just clear out the file list _clear_vendor_checksums() { sed -i 's/\("files":{\)[^}]*/\1/' third_party/rust/$1/.cargo-checksum.json } prepare() { default_prepare cp "$srcdir"/stab.h toolkit/crashreporter/google-breakpad/src/ _clear_vendor_checksums audio_thread_priority _clear_vendor_checksums target-lexicon-0.9.0 } build() { mkdir -p "$builddir"/objdir cd "$builddir"/objdir export SHELL=/bin/sh export BUILD_OFFICIAL=1 export MOZILLA_OFFICIAL=1 export USE_SHORT_LIBNAME=1 export MACH_USE_SYSTEM_PYTHON=1 # Find our triplet JSON export RUST_TARGET="$CTARGET" # set rpath so linker finds the libs export LDFLAGS="$LDFLAGS -Wl,-rpath,$_mozappdir" case "$CARCH" in arm*|x86*) # disable-elf-hack: exists only on arm, x86, x86_64 _arch_config="--disable-elf-hack" ;; esac # FF doesn't have SIMD available on these arches. case "$CARCH" in armhf|armv7) _rust_simd="--disable-rust-simd" _low_mem_flags="--disable-debug-symbols --disable-debug" export RUSTFLAGS="$RUSTFLAGS -C debuginfo=0" ;; x86) _low_mem_flags="--disable-debug-symbols --disable-debug" export RUSTFLAGS="$RUSTFLAGS -C debuginfo=0" ;; *) _rust_simd="--enable-rust-simd" ;; esac ../mach configure \ --prefix=/usr \ $_arch_config \ $_low_mem_flags \ $_rust_simd \ \ --disable-crashreporter \ --disable-gold \ --disable-install-strip \ --disable-jemalloc \ --disable-profiling \ --disable-strip \ --disable-tests \ --disable-updater \ \ --enable-alsa \ --enable-cdp \ --enable-dbus \ --enable-default-toolkit=cairo-gtk3-wayland \ --enable-ffmpeg \ --enable-hardening \ --enable-necko-wifi \ --enable-official-branding \ --enable-optimize="$CFLAGS -O2" \ --enable-pulseaudio \ --enable-smoosh \ --enable-system-ffi \ --enable-system-pixman \ \ --with-system-ffi \ --with-system-icu \ --with-system-jpeg \ --with-system-libevent \ --with-system-libvpx \ --with-system-nspr \ --with-system-nss \ --with-system-pixman \ --with-system-png \ --with-system-webp \ --with-system-zlib \ --with-clang-path=/usr/bin/clang \ --with-libclang-path=/usr/lib ../mach build } package() { cd "$builddir"/objdir DESTDIR="$pkgdir" MOZ_MAKE_FLAGS="$MAKEOPTS" ../mach install install -m755 -d "$pkgdir"/usr/share/applications install -m755 -d "$pkgdir"/usr/share/pixmaps local _png for _png in ../browser/branding/official/default*.png; do local i=${_png%.png} i=${i##*/default} install -D -m644 "$_png" "$pkgdir"/usr/share/icons/hicolor/"$i"x"$i"/apps/firefox.png done install -m644 "$builddir"/browser/branding/official/default48.png \ "$pkgdir"/usr/share/pixmaps/firefox.png install -m644 "$srcdir"/firefox.desktop "$pkgdir"/usr/share/applications/org.mozilla.firefox.desktop install -m644 "$srcdir"/firefox-safe.desktop "$pkgdir"/usr/share/applications/org.mozilla.firefox-safe.desktop # Add StartupWMClass=firefox on the .desktop files so Desktop Environments # correctly associate the window with their icon, the correct fix is to have # firefox sets its own AppID but this will work for the meantime # See: https://bugzilla.mozilla.org/show_bug.cgi?id=1607399 echo "StartupWMClass=firefox" >> "$pkgdir"/usr/share/applications/org.mozilla.firefox.desktop echo "StartupWMClass=firefox" >> "$pkgdir"/usr/share/applications/org.mozilla.firefox-safe.desktop # install our vendor prefs install -d "$pkgdir"/$_mozappdir/browser/defaults/preferences cat >> "$pkgdir"/$_mozappdir/browser/defaults/preferences/firefox-branding.js <<- EOF // Use LANG environment variable to choose locale pref("intl.locale.requested", ""); // Disable default browser checking. pref("browser.shell.checkDefaultBrowser", false); // Don't disable our bundled extensions in the application directory pref("extensions.autoDisableScopes", 11); pref("extensions.shownSelectionUI", true); EOF # Generate appdata file mkdir "$pkgdir"/usr/share/metainfo/ export VERSION="$pkgver" export DATE="$_releasedate" cat "$builddir"/taskcluster/docker/firefox-flatpak/org.mozilla.firefox.appdata.xml.in | envsubst > "$pkgdir"/usr/share/metainfo/org.mozilla.firefox.appdata.xml } sha512sums="3fd4c9a5ec2409f23507b38c809e71a35aa674779dc5a7a2e3ff82841e0b65ead29d38ac4d5b17f7108479ed7338b3d2b40cbcfa9c51e01696634166d92edf99 firefox-84.0.2.source.tar.xz 0b3f1e4b9fdc868e4738b5c81fd6c6128ce8885b260affcb9a65ff9d164d7232626ce1291aaea70132b3e3124f5e13fef4d39326b8e7173e362a823722a85127 stab.h 2f4f15974d52de4bb273b62a332d13620945d284bbc6fe6bd0a1f58ff7388443bc1d3bf9c82cc31a8527aad92b0cd3a1bc41d0af5e1800e0dcbd7033e58ffd71 fix-fortify-system-wrappers.patch 4510fb92653d0fdcfbc6d30e18087c0d22d4acd5eb53be7d0a333abe087a9e0bf9e58e56bafe96e1e1b28ebd1fd33b8926dbb70c221007e335b33d1468755c66 fix-tools.patch a4a3e062661bda64d502d426c480ac9645345860118de9df9ffe6e0597738c70c11e5cdef2d4fd12c5e2ee30a09310159230524655a419a4f7e4eeeb0f3c06b0 mallinfo.patch 454ea3263cabce099accbdc47aaf83be26a19f8b5a4568c01a7ef0384601cf8315efd86cd917f9c8bf419c2c845db89a905f3ff9a8eb0c8e41042e93aa96a85c disable-moz-stackwalk.patch cd68b89e29e5f6379fbd5679db27b9a5ef70ea65e51c0d0a8137e1f1fd210e35a8cfb047798e9549bc7275606d7ec5c8d8af1335d29da4699db7acd8bc7ff556 fix-rust-target.patch 47c2c2428c3598a42f6241705179642b3378a86ace39c8c3cbef4954e6d220b42e6c76f3d71731d65f67ce2c8597259122ac44bbd45e20993bb8bc70c0c8a010 fix-webrtc-glibcisms.patch 60845dcb034b2c4459c30f7d5f25c8176cf42df794e2cc0e86c3e2abb6541c24b962f3a16ca70a288d4d6f377b68d00b2904b22463108559612053d835d9bff1 fd6847c9416f9eebde636e21d794d25d1be8791d.patch 4e584621145cf8add069c6dac18e805b3274a1ee402d84e924df2341f7d3c5be261a93ef51283bacbd606f47fbdc628c4323ecc31efc5b403b8d224b18dc278f allow-custom-rust-vendor.patch f3b7c3e804ce04731012a46cb9e9a6b0769e3772aef9c0a4a8c7520b030fdf6cd703d5e9ff49275f14b7d738fe82a0a4fde3bc3219dff7225d5db0e274987454 firefox.desktop 5dcb6288d0444a8a471d669bbaf61cdb1433663eff38b72ee5e980843f5fc07d0d60c91627a2c1159215d0ad77ae3f115dcc5fdfe87e64ca704b641aceaa44ed firefox-safe.desktop f963fcdba7307a0b1712dfb95ceba4ab49f449f60e550bb69d15d50272e6df9add90862251ee561e4ea5fd171a2703552ffa7aade92996f5f0b3e577f1544a6d disable-neon-in-aom.patch 2518f2fc75b5db30058e0735f47d60fdf1e7adfaeee4b33fb2afb1bd9a616ce943fd88f4404d0802d4083703f4acf1d5ad42377218d025bc768807fbaf7e1609 sandbox-fork.patch db26757b2ebf9f567962e32294b4ae48b3a5d0378a7589dfe650fe3a179ff58befbab5082981c68e1c25fb9e56b2db1e4e510d4bca17c3e3aedbf9a2f21806eb sandbox-sched_setscheduler.patch b7d0a6126bdf6c0569f80aabf5b37ed2c7a35712eb8a0404a2d85381552f5555d4f97d213ea26cec6a45dc2785f22439376ed5f8e78b4fd664ef0223307b333e sandbox-largefile.patch b1cb2db3122634f66d2bae7066e76f2dcd455c464e021db4de3b0a08314df95cb667846081682db549dd2af8a00831cabe44a2420c66cdfb5e3b5fa7e6bd21d3 avoid-redefinition.patch"