aboutsummaryrefslogtreecommitdiffstats
path: root/community/firefox/APKBUILD
blob: 79ceead383729fba2e9b4c902b71908ab2cb3fbb (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Maintainer: Rasmus Thomsen <oss@cogitri.dev>
pkgname=firefox
pkgver=85.0.2
# Date of release, YY-MM-DD for metainfo file (see package())
_releasedate=2021-02-09
pkgrel=0
pkgdesc="Firefox web browser"
url="https://www.firefox.com/"
# Limited on:
# s390x, mips, mips64: limited by rust and cargo
# s390x: limited by pipewire
# armhf: build failure on armhf due to wasm
# ppc64le: Rust SIGSEGVs when compiling gkrust
# armv7: Needs Rust nightly for WASM
arch="all !s390x !armhf !mips !mips64 !ppc64le !armv7"
license="GPL-3.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND MPL-2.0"
makedepends="
	alsa-lib-dev
	autoconf2.13
	automake
	bsd-compat-headers
	cargo
	cbindgen>=0.14.1
	clang-dev
	dbus-glib-dev
	ffmpeg-dev
	gtk+2.0-dev
	gtk+3.0-dev
	hunspell-dev
	icu-dev>=64.2
	libevent-dev
	libidl-dev
	libjpeg-turbo-dev
	libnotify-dev
	libogg-dev
	libtheora-dev
	libtool
	libvorbis-dev
	libvpx-dev
	libxt-dev
	libxcomposite-dev
	llvm-dev
	mesa-dev
	nasm
	nodejs
	nspr-dev
	nss-dev>=3.44.1
	nss-static
	python3
	sed
	wireless-tools-dev
	yasm
	zip
	libffi-dev
	libwebp-dev
	pipewire-dev
	gettext
	pulseaudio-dev
	"

source="https://ftp.mozilla.org/pub/firefox/releases/$pkgver/source/firefox-$pkgver.source.tar.xz
	stab.h

	fix-fortify-system-wrappers.patch
	fix-tools.patch
	mallinfo.patch

	disable-moz-stackwalk.patch
	fix-rust-target.patch
	fix-webrtc-glibcisms.patch
	fd6847c9416f9eebde636e21d794d25d1be8791d.patch
	allow-custom-rust-vendor.patch

	firefox.desktop
	firefox-safe.desktop
	disable-neon-in-aom.patch
	sandbox-fork.patch
	sandbox-sched_setscheduler.patch
	sandbox-largefile.patch

	avoid-redefinition.patch
	fix-rust-1.50-build.patch
	"

subpackages="$pkgname-npapi"

_mozappdir=/usr/lib/firefox

# help our shared-object scanner to find the libs
ldpath="$_mozappdir"

# secfixes:
#   85.0-r0:
#     - CVE-2021-23954
#     - CVE-2021-23955
#     - CVE-2021-23956
#     - CVE-2021-23957
#     - CVE-2021-23958
#     - CVE-2021-23959
#     - CVE-2021-23960
#     - CVE-2021-23961
#     - CVE-2021-23962
#     - CVE-2021-23963
#     - CVE-2021-23964
#     - CVE-2021-23965
#   84.0.2-r0:
#     - CVE-2020-16044
#   84.0.1-r0:
#     - CVE-2020-16042
#     - CVE-2020-26971
#     - CVE-2020-26972
#     - CVE-2020-26973
#     - CVE-2020-26974
#     - CVE-2020-26975
#     - CVE-2020-26976
#     - CVE-2020-26977
#     - CVE-2020-26978
#     - CVE-2020-26979
#     - CVE-2020-35111
#     - CVE-2020-35112
#     - CVE-2020-35113
#     - CVE-2020-35114
#   83.0-r0:
#     - CVE-2020-15999
#     - CVE-2020-16012
#     - CVE-2020-26952
#     - CVE-2020-26953
#     - CVE-2020-26954
#     - CVE-2020-26955
#     - CVE-2020-26956
#     - CVE-2020-26957
#     - CVE-2020-26958
#     - CVE-2020-26959
#     - CVE-2020-26960
#     - CVE-2020-26961
#     - CVE-2020-26962
#     - CVE-2020-26963
#     - CVE-2020-26964
#     - CVE-2020-26965
#     - CVE-2020-26966
#     - CVE-2020-26967
#     - CVE-2020-26968
#     - CVE-2020-26969
#   82.0.3-r0:
#     - CVE-2020-26950
#   82.0-r0:
#     - CVE-2020-15254
#     - CVE-2020-15680
#     - CVE-2020-15681
#     - CVE-2020-15682
#     - CVE-2020-15683
#     - CVE-2020-15684
#     - CVE-2020-15969
#   81.0-r0:
#     - CVE-2020-15673
#     - CVE-2020-15674
#     - CVE-2020-15675
#     - CVE-2020-15676
#     - CVE-2020-15677
#     - CVE-2020-15678
#   80.0-r0:
#     - CVE-2020-6829
#     - CVE-2020-12400
#     - CVE-2020-12401
#     - CVE-2020-15663
#     - CVE-2020-15664
#     - CVE-2020-15665
#     - CVE-2020-15666
#     - CVE-2020-15667
#     - CVE-2020-15668
#     - CVE-2020-15670
#   79.0-r0:
#     - CVE-2020-6463
#     - CVE-2020-6514
#     - CVE-2020-15652
#     - CVE-2020-15653
#     - CVE-2020-15654
#     - CVE-2020-15655
#     - CVE-2020-15656
#     - CVE-2020-15657
#     - CVE-2020-15658
#     - CVE-2020-15659
#   78.0-r0:
#     - CVE-2020-12415
#     - CVE-2020-12416
#     - CVE-2020-12417
#     - CVE-2020-12418
#     - CVE-2020-12419
#     - CVE-2020-12420
#     - CVE-2020-12402
#     - CVE-2020-12421
#     - CVE-2020-12422
#     - CVE-2020-12423
#     - CVE-2020-12424
#     - CVE-2020-12425
#     - CVE-2020-12426
#   77.0-r0:
#     - CVE-2020-12399
#     - CVE-2020-12405
#     - CVE-2020-12406
#     - CVE-2020-12407
#     - CVE-2020-12408
#     - CVE-2020-12409
#     - CVE-2020-12411
#   76.0-r0:
#     - CVE-2020-6831
#     - CVE-2020-12387
#     - CVE-2020-12388
#     - CVE-2020-12389
#     - CVE-2020-12390
#     - CVE-2020-12391
#     - CVE-2020-12392
#     - CVE-2020-12393
#     - CVE-2020-12394
#     - CVE-2020-12395
#     - CVE-2020-12396
#   75.0-r0:
#     - CVE-2020-6821
#     - CVE-2020-6822
#     - CVE-2020-6823
#     - CVE-2020-6824
#     - CVE-2020-6825
#     - CVE-2020-6826
#   74.0.1-r0:
#     - CVE-2020-6819
#     - CVE-2020-6820
#   74.0-r0:
#     - CVE-2020-6805
#     - CVE-2020-6806
#     - CVE-2020-6807
#     - CVE-2020-6808
#     - CVE-2020-6809
#     - CVE-2020-6810
#     - CVE-2020-6811
#     - CVE-2019-20503
#     - CVE-2020-6812
#     - CVE-2020-6813
#     - CVE-2020-6814
#     - CVE-2020-6815
#   71.0.1-r0:
#     - CVE-2019-17016
#     - CVE-2019-17017
#     - CVE-2019-17020
#     - CVE-2019-17022
#     - CVE-2019-17023
#     - CVE-2019-17024
#     - CVE-2019-17025
#     - CVE-2019-17026
#   70.0-r0:
#     - CVE-2018-6156
#     - CVE-2019-15903
#     - CVE-2019-11757
#     - CVE-2019-11759
#     - CVE-2019-11760
#     - CVE-2019-11761
#     - CVE-2019-11762
#     - CVE-2019-11763
#     - CVE-2019-11764
#     - CVE-2019-11765
#     - CVE-2019-17000
#     - CVE-2019-17001
#     - CVE-2019-17002
#   68.0.2-r0:
#     - CVE-2019-11733

# we need this because cargo verifies checksums of all files in vendor
# crates when it builds and gives us no way to override or update the
# file sanely... so just clear out the file list
_clear_vendor_checksums() {
	sed -i 's/\("files":{\)[^}]*/\1/' third_party/rust/$1/.cargo-checksum.json
}

prepare() {
	default_prepare
	cp "$srcdir"/stab.h toolkit/crashreporter/google-breakpad/src/

	_clear_vendor_checksums audio_thread_priority
	_clear_vendor_checksums target-lexicon-0.9.0
}

build() {
	mkdir -p "$builddir"/objdir
	cd "$builddir"/objdir

	export SHELL=/bin/sh
	export BUILD_OFFICIAL=1
	export MOZILLA_OFFICIAL=1
	export USE_SHORT_LIBNAME=1
	export MACH_USE_SYSTEM_PYTHON=1
	# Find our triplet JSON
	export RUST_TARGET="$CTARGET"

	# set rpath so linker finds the libs
	export LDFLAGS="$LDFLAGS -Wl,-rpath,$_mozappdir"

	case "$CARCH" in
		arm*|x86*)
			# disable-elf-hack: exists only on arm, x86, x86_64
			_arch_config="--disable-elf-hack"
			;;
	esac

	# FF doesn't have SIMD available on these arches.
	case "$CARCH" in
		armhf|armv7)
			_rust_simd="--disable-rust-simd"
			_low_mem_flags="--disable-debug-symbols --disable-debug"
			export RUSTFLAGS="$RUSTFLAGS -C debuginfo=0"
			;;
		x86)
			_low_mem_flags="--disable-debug-symbols --disable-debug"
			export RUSTFLAGS="$RUSTFLAGS -C debuginfo=0"
			;;
		*) _rust_simd="--enable-rust-simd" ;;
	esac

	../mach configure \
		--prefix=/usr \
		$_arch_config \
		$_low_mem_flags \
		$_rust_simd \
		\
		--disable-crashreporter \
		--disable-gold \
		--disable-install-strip \
		--disable-jemalloc \
		--disable-profiling \
		--disable-strip \
		--disable-tests \
		--disable-updater \
		\
		--enable-alsa \
		--enable-cdp \
		--enable-dbus \
		--enable-default-toolkit=cairo-gtk3-wayland \
		--enable-ffmpeg \
		--enable-hardening \
		--enable-necko-wifi \
		--enable-official-branding \
		--enable-optimize="$CFLAGS -O2" \
		--enable-pulseaudio \
		--disable-smoosh \
		--enable-system-ffi \
		--enable-system-pixman \
		\
		--with-system-ffi \
		--with-system-icu \
		--with-system-jpeg \
		--with-system-libevent \
		--with-system-libvpx \
		--with-system-nspr \
		--with-system-nss \
		--with-system-pixman \
		--with-system-png \
		--with-system-webp \
		--with-system-zlib \
		--with-clang-path=/usr/bin/clang \
		--with-libclang-path=/usr/lib
	../mach build
}

package() {
	cd "$builddir"/objdir

	DESTDIR="$pkgdir" MOZ_MAKE_FLAGS="$MAKEOPTS" ../mach install

	install -m755 -d "$pkgdir"/usr/share/applications
	install -m755 -d "$pkgdir"/usr/share/pixmaps

	local _png
	for _png in ../browser/branding/official/default*.png; do
		local i=${_png%.png}
		i=${i##*/default}
		install -D -m644 "$_png" "$pkgdir"/usr/share/icons/hicolor/"$i"x"$i"/apps/firefox.png
	done

	install -m644 "$builddir"/browser/branding/official/default48.png \
		"$pkgdir"/usr/share/pixmaps/firefox.png
	install -m644 "$srcdir"/firefox.desktop "$pkgdir"/usr/share/applications/org.mozilla.firefox.desktop
	install -m644 "$srcdir"/firefox-safe.desktop "$pkgdir"/usr/share/applications/org.mozilla.firefox-safe.desktop

	# Add StartupWMClass=firefox on the .desktop files so Desktop Environments
	# correctly associate the window with their icon, the correct fix is to have
	# firefox sets its own AppID but this will work for the meantime
	# See: https://bugzilla.mozilla.org/show_bug.cgi?id=1607399
	echo "StartupWMClass=firefox" >> "$pkgdir"/usr/share/applications/org.mozilla.firefox.desktop
	echo "StartupWMClass=firefox" >> "$pkgdir"/usr/share/applications/org.mozilla.firefox-safe.desktop

	# install our vendor prefs
	install -d "$pkgdir"/$_mozappdir/browser/defaults/preferences

	cat >> "$pkgdir"/$_mozappdir/browser/defaults/preferences/firefox-branding.js <<- EOF
	// Use LANG environment variable to choose locale
	pref("intl.locale.requested", "");

	// Disable default browser checking.
	pref("browser.shell.checkDefaultBrowser", false);

	// Don't disable our bundled extensions in the application directory
	pref("extensions.autoDisableScopes", 11);
	pref("extensions.shownSelectionUI", true);
	EOF

	# Generate appdata file
	mkdir "$pkgdir"/usr/share/metainfo/
	export VERSION="$pkgver"
	export DATE="$_releasedate"
	cat "$builddir"/taskcluster/docker/firefox-flatpak/org.mozilla.firefox.appdata.xml.in | envsubst > "$pkgdir"/usr/share/metainfo/org.mozilla.firefox.appdata.xml
}

npapi() {
	pkgdesc="$pkgdesc: GTK+ 2 support for NPAPI plugins"
	install_if="adobe-flashplayer"
	amove usr/lib/firefox/gtk2
}

sha512sums="ae1dd0fd5729458ccb2f2526f9a6822db90a67ad9dd726aece724e758012dd381f02143007cdf7abfd57187912c2e32a368450d89c121464775243b4255243aa  firefox-85.0.2.source.tar.xz
0b3f1e4b9fdc868e4738b5c81fd6c6128ce8885b260affcb9a65ff9d164d7232626ce1291aaea70132b3e3124f5e13fef4d39326b8e7173e362a823722a85127  stab.h
2f4f15974d52de4bb273b62a332d13620945d284bbc6fe6bd0a1f58ff7388443bc1d3bf9c82cc31a8527aad92b0cd3a1bc41d0af5e1800e0dcbd7033e58ffd71  fix-fortify-system-wrappers.patch
4510fb92653d0fdcfbc6d30e18087c0d22d4acd5eb53be7d0a333abe087a9e0bf9e58e56bafe96e1e1b28ebd1fd33b8926dbb70c221007e335b33d1468755c66  fix-tools.patch
a4a3e062661bda64d502d426c480ac9645345860118de9df9ffe6e0597738c70c11e5cdef2d4fd12c5e2ee30a09310159230524655a419a4f7e4eeeb0f3c06b0  mallinfo.patch
454ea3263cabce099accbdc47aaf83be26a19f8b5a4568c01a7ef0384601cf8315efd86cd917f9c8bf419c2c845db89a905f3ff9a8eb0c8e41042e93aa96a85c  disable-moz-stackwalk.patch
cd68b89e29e5f6379fbd5679db27b9a5ef70ea65e51c0d0a8137e1f1fd210e35a8cfb047798e9549bc7275606d7ec5c8d8af1335d29da4699db7acd8bc7ff556  fix-rust-target.patch
47c2c2428c3598a42f6241705179642b3378a86ace39c8c3cbef4954e6d220b42e6c76f3d71731d65f67ce2c8597259122ac44bbd45e20993bb8bc70c0c8a010  fix-webrtc-glibcisms.patch
60845dcb034b2c4459c30f7d5f25c8176cf42df794e2cc0e86c3e2abb6541c24b962f3a16ca70a288d4d6f377b68d00b2904b22463108559612053d835d9bff1  fd6847c9416f9eebde636e21d794d25d1be8791d.patch
4e584621145cf8add069c6dac18e805b3274a1ee402d84e924df2341f7d3c5be261a93ef51283bacbd606f47fbdc628c4323ecc31efc5b403b8d224b18dc278f  allow-custom-rust-vendor.patch
f3b7c3e804ce04731012a46cb9e9a6b0769e3772aef9c0a4a8c7520b030fdf6cd703d5e9ff49275f14b7d738fe82a0a4fde3bc3219dff7225d5db0e274987454  firefox.desktop
5dcb6288d0444a8a471d669bbaf61cdb1433663eff38b72ee5e980843f5fc07d0d60c91627a2c1159215d0ad77ae3f115dcc5fdfe87e64ca704b641aceaa44ed  firefox-safe.desktop
f963fcdba7307a0b1712dfb95ceba4ab49f449f60e550bb69d15d50272e6df9add90862251ee561e4ea5fd171a2703552ffa7aade92996f5f0b3e577f1544a6d  disable-neon-in-aom.patch
2518f2fc75b5db30058e0735f47d60fdf1e7adfaeee4b33fb2afb1bd9a616ce943fd88f4404d0802d4083703f4acf1d5ad42377218d025bc768807fbaf7e1609  sandbox-fork.patch
db26757b2ebf9f567962e32294b4ae48b3a5d0378a7589dfe650fe3a179ff58befbab5082981c68e1c25fb9e56b2db1e4e510d4bca17c3e3aedbf9a2f21806eb  sandbox-sched_setscheduler.patch
b7d0a6126bdf6c0569f80aabf5b37ed2c7a35712eb8a0404a2d85381552f5555d4f97d213ea26cec6a45dc2785f22439376ed5f8e78b4fd664ef0223307b333e  sandbox-largefile.patch
b1cb2db3122634f66d2bae7066e76f2dcd455c464e021db4de3b0a08314df95cb667846081682db549dd2af8a00831cabe44a2420c66cdfb5e3b5fa7e6bd21d3  avoid-redefinition.patch
82ab4acd3a91828f5b6b62cfbb464c3d4887913c3522b4381e08eaf96a5da6e9e35a97a584500cfae84f397a190d0c8e4523b97837a2fce2f13d71abbcf5b1e1  fix-rust-1.50-build.patch"