1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
|
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Maintainer: Rasmus Thomsen <oss@cogitri.dev>
pkgname=firefox
pkgver=90.0
# Date of release, YY-MM-DD for metainfo file (see package())
_releasedate=2021-07-13
pkgrel=0
pkgdesc="Firefox web browser"
url="https://www.firefox.com/"
# s390x, mips64 and riscv64 blocked by rust and cargo
# s390x: limited by pipewire
# armhf: build failure on armhf due to wasm
# ppc64le: Rust SIGSEGVs when compiling gkrust
# armv7: Needs Rust nightly for WASM
arch="x86_64 aarch64 armv7"
license="GPL-3.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND MPL-2.0"
makedepends="
alsa-lib-dev
automake
bsd-compat-headers
cargo
cbindgen>=0.18.0
clang-dev
dbus-glib-dev
ffmpeg-dev
gtk+3.0-dev
hunspell-dev
icu-dev>=64.2
libevent-dev
libidl-dev
libjpeg-turbo-dev
libnotify-dev
libogg-dev
libtheora-dev
libtool
libvorbis-dev
libvpx-dev
libxt-dev
libxcomposite-dev
llvm-dev
m4
mesa-dev
nasm
nodejs
nspr-dev
nss-dev>=3.44.1
nss-static
python3
sed
wireless-tools-dev
yasm
zip
libffi-dev
libwebp-dev
pipewire-dev
gettext
pulseaudio-dev
"
source="https://ftp.mozilla.org/pub/firefox/releases/$pkgver/source/firefox-$pkgver.source.tar.xz
stab.h
fix-fortify-system-wrappers.patch
fix-tools.patch
mallinfo.patch
disable-moz-stackwalk.patch
fix-rust-target.patch
fix-webrtc-glibcisms.patch
fd6847c9416f9eebde636e21d794d25d1be8791d.patch
allow-custom-rust-vendor.patch
firefox.desktop
firefox-safe.desktop
disable-neon-in-aom.patch
sandbox-fork.patch
sandbox-sched_setscheduler.patch
sandbox-largefile.patch
avoid-redefinition.patch
"
_mozappdir=/usr/lib/firefox
# help our shared-object scanner to find the libs
ldpath="$_mozappdir"
sonameprefix="$pkgname:"
# secfixes:
# 90.0-r0:
# - CVE-2021-29970
# - CVE-2021-29972
# - CVE-2021-29974
# - CVE-2021-29975
# - CVE-2021-29976
# - CVE-2021-29977
# - CVE-2021-30547
# 89.0-r0:
# - CVE-2021-29959
# - CVE-2021-29960
# - CVE-2021-29961
# - CVE-2021-29962
# - CVE-2021-29963
# - CVE-2021-29965
# - CVE-2021-29966
# - CVE-2021-29967
# 88.0.1-r0:
# - CVE-2021-29952
# 88.0-r0:
# - CVE-2021-23994
# - CVE-2021-23995
# - CVE-2021-23996
# - CVE-2021-23997
# - CVE-2021-23998
# - CVE-2021-23999
# - CVE-2021-24000
# - CVE-2021-24001
# - CVE-2021-24002
# - CVE-2021-29944
# - CVE-2021-29945
# - CVE-2021-29946
# - CVE-2021-29947
# 87.0-r0:
# - CVE-2021-23968
# - CVE-2021-23969
# - CVE-2021-23970
# - CVE-2021-23971
# - CVE-2021-23972
# - CVE-2021-23973
# - CVE-2021-23974
# - CVE-2021-23975
# - CVE-2021-23976
# - CVE-2021-23977
# - CVE-2021-23978
# - CVE-2021-23979
# - CVE-2021-23981
# - CVE-2021-23982
# - CVE-2021-23983
# - CVE-2021-23984
# - CVE-2021-23985
# - CVE-2021-23986
# - CVE-2021-23987
# - CVE-2021-23988
# 85.0-r0:
# - CVE-2021-23954
# - CVE-2021-23955
# - CVE-2021-23956
# - CVE-2021-23957
# - CVE-2021-23958
# - CVE-2021-23959
# - CVE-2021-23960
# - CVE-2021-23961
# - CVE-2021-23962
# - CVE-2021-23963
# - CVE-2021-23964
# - CVE-2021-23965
# 84.0.2-r0:
# - CVE-2020-16044
# 84.0.1-r0:
# - CVE-2020-16042
# - CVE-2020-26971
# - CVE-2020-26972
# - CVE-2020-26973
# - CVE-2020-26974
# - CVE-2020-26975
# - CVE-2020-26976
# - CVE-2020-26977
# - CVE-2020-26978
# - CVE-2020-26979
# - CVE-2020-35111
# - CVE-2020-35112
# - CVE-2020-35113
# - CVE-2020-35114
# 83.0-r0:
# - CVE-2020-15999
# - CVE-2020-16012
# - CVE-2020-26952
# - CVE-2020-26953
# - CVE-2020-26954
# - CVE-2020-26955
# - CVE-2020-26956
# - CVE-2020-26957
# - CVE-2020-26958
# - CVE-2020-26959
# - CVE-2020-26960
# - CVE-2020-26961
# - CVE-2020-26962
# - CVE-2020-26963
# - CVE-2020-26964
# - CVE-2020-26965
# - CVE-2020-26966
# - CVE-2020-26967
# - CVE-2020-26968
# - CVE-2020-26969
# 82.0.3-r0:
# - CVE-2020-26950
# 82.0-r0:
# - CVE-2020-15254
# - CVE-2020-15680
# - CVE-2020-15681
# - CVE-2020-15682
# - CVE-2020-15683
# - CVE-2020-15684
# - CVE-2020-15969
# 81.0-r0:
# - CVE-2020-15673
# - CVE-2020-15674
# - CVE-2020-15675
# - CVE-2020-15676
# - CVE-2020-15677
# - CVE-2020-15678
# 80.0-r0:
# - CVE-2020-6829
# - CVE-2020-12400
# - CVE-2020-12401
# - CVE-2020-15663
# - CVE-2020-15664
# - CVE-2020-15665
# - CVE-2020-15666
# - CVE-2020-15667
# - CVE-2020-15668
# - CVE-2020-15670
# 79.0-r0:
# - CVE-2020-6463
# - CVE-2020-6514
# - CVE-2020-15652
# - CVE-2020-15653
# - CVE-2020-15654
# - CVE-2020-15655
# - CVE-2020-15656
# - CVE-2020-15657
# - CVE-2020-15658
# - CVE-2020-15659
# 78.0-r0:
# - CVE-2020-12415
# - CVE-2020-12416
# - CVE-2020-12417
# - CVE-2020-12418
# - CVE-2020-12419
# - CVE-2020-12420
# - CVE-2020-12402
# - CVE-2020-12421
# - CVE-2020-12422
# - CVE-2020-12423
# - CVE-2020-12424
# - CVE-2020-12425
# - CVE-2020-12426
# 77.0-r0:
# - CVE-2020-12399
# - CVE-2020-12405
# - CVE-2020-12406
# - CVE-2020-12407
# - CVE-2020-12408
# - CVE-2020-12409
# - CVE-2020-12411
# 76.0-r0:
# - CVE-2020-6831
# - CVE-2020-12387
# - CVE-2020-12388
# - CVE-2020-12389
# - CVE-2020-12390
# - CVE-2020-12391
# - CVE-2020-12392
# - CVE-2020-12393
# - CVE-2020-12394
# - CVE-2020-12395
# - CVE-2020-12396
# 75.0-r0:
# - CVE-2020-6821
# - CVE-2020-6822
# - CVE-2020-6823
# - CVE-2020-6824
# - CVE-2020-6825
# - CVE-2020-6826
# 74.0.1-r0:
# - CVE-2020-6819
# - CVE-2020-6820
# 74.0-r0:
# - CVE-2020-6805
# - CVE-2020-6806
# - CVE-2020-6807
# - CVE-2020-6808
# - CVE-2020-6809
# - CVE-2020-6810
# - CVE-2020-6811
# - CVE-2019-20503
# - CVE-2020-6812
# - CVE-2020-6813
# - CVE-2020-6814
# - CVE-2020-6815
# 71.0.1-r0:
# - CVE-2019-17016
# - CVE-2019-17017
# - CVE-2019-17020
# - CVE-2019-17022
# - CVE-2019-17023
# - CVE-2019-17024
# - CVE-2019-17025
# - CVE-2019-17026
# 70.0-r0:
# - CVE-2018-6156
# - CVE-2019-15903
# - CVE-2019-11757
# - CVE-2019-11759
# - CVE-2019-11760
# - CVE-2019-11761
# - CVE-2019-11762
# - CVE-2019-11763
# - CVE-2019-11764
# - CVE-2019-11765
# - CVE-2019-17000
# - CVE-2019-17001
# - CVE-2019-17002
# 68.0.2-r0:
# - CVE-2019-11733
# we need this because cargo verifies checksums of all files in vendor
# crates when it builds and gives us no way to override or update the
# file sanely... so just clear out the file list
_clear_vendor_checksums() {
sed -i 's/\("files":{\)[^}]*/\1/' third_party/rust/$1/.cargo-checksum.json
}
prepare() {
default_prepare
cp "$srcdir"/stab.h toolkit/crashreporter/google-breakpad/src/
_clear_vendor_checksums audio_thread_priority
_clear_vendor_checksums target-lexicon-0.9.0
}
build() {
mkdir -p "$builddir"/objdir
cd "$builddir"/objdir
export SHELL=/bin/sh
export BUILD_OFFICIAL=1
export MOZILLA_OFFICIAL=1
export USE_SHORT_LIBNAME=1
export MACH_USE_SYSTEM_PYTHON=1
# Find our triplet JSON
export RUST_TARGET="$CTARGET"
# Build with Clang, takes less RAM
export CC="clang"
export CXX="clang++"
# set rpath so linker finds the libs
export LDFLAGS="$LDFLAGS -Wl,-rpath,$_mozappdir"
case "$CARCH" in
arm*|x86*)
# disable-elf-hack: exists only on arm, x86, x86_64
_arch_config="--disable-elf-hack"
;;
esac
# FF doesn't have SIMD available on these arches.
case "$CARCH" in
armhf|armv7)
_rust_simd="--disable-rust-simd"
_low_mem_flags="--disable-debug-symbols --disable-debug"
export RUSTFLAGS="$RUSTFLAGS -C debuginfo=0"
;;
x86)
_low_mem_flags="--disable-debug-symbols --disable-debug"
export RUSTFLAGS="$RUSTFLAGS -C debuginfo=0"
;;
*) _rust_simd="--enable-rust-simd" ;;
esac
../mach configure \
--prefix=/usr \
$_arch_config \
$_low_mem_flags \
$_rust_simd \
\
--disable-crashreporter \
--disable-gold \
--disable-install-strip \
--disable-jemalloc \
--disable-profiling \
--disable-strip \
--disable-tests \
--disable-updater \
\
--enable-alsa \
--enable-dbus \
--enable-default-toolkit=cairo-gtk3-wayland \
--enable-ffmpeg \
--enable-hardening \
--enable-necko-wifi \
--enable-official-branding \
--enable-optimize="$CFLAGS -O2" \
--enable-pulseaudio \
--disable-smoosh \
--enable-system-ffi \
--enable-system-pixman \
\
--with-system-ffi \
--with-system-icu \
--with-system-jpeg \
--with-system-libevent \
--with-system-libvpx \
--with-system-nspr \
--with-system-nss \
--with-system-pixman \
--with-system-png \
--with-system-webp \
--with-system-zlib \
--with-clang-path=/usr/bin/clang \
--with-libclang-path=/usr/lib
../mach build
}
package() {
cd "$builddir"/objdir
DESTDIR="$pkgdir" MOZ_MAKE_FLAGS="$MAKEOPTS" ../mach install
install -m755 -d "$pkgdir"/usr/share/applications
install -m755 -d "$pkgdir"/usr/share/pixmaps
local _png
for _png in ../browser/branding/official/default*.png; do
local i=${_png%.png}
i=${i##*/default}
install -D -m644 "$_png" "$pkgdir"/usr/share/icons/hicolor/"$i"x"$i"/apps/firefox.png
done
install -m644 "$builddir"/browser/branding/official/default48.png \
"$pkgdir"/usr/share/pixmaps/firefox.png
install -m644 "$srcdir"/firefox.desktop "$pkgdir"/usr/share/applications/org.mozilla.firefox.desktop
install -m644 "$srcdir"/firefox-safe.desktop "$pkgdir"/usr/share/applications/org.mozilla.firefox-safe.desktop
# Add StartupWMClass=firefox on the .desktop files so Desktop Environments
# correctly associate the window with their icon, the correct fix is to have
# firefox sets its own AppID but this will work for the meantime
# See: https://bugzilla.mozilla.org/show_bug.cgi?id=1607399
echo "StartupWMClass=firefox" >> "$pkgdir"/usr/share/applications/org.mozilla.firefox.desktop
echo "StartupWMClass=firefox" >> "$pkgdir"/usr/share/applications/org.mozilla.firefox-safe.desktop
# install our vendor prefs
install -d "$pkgdir"/$_mozappdir/browser/defaults/preferences
cat >> "$pkgdir"/$_mozappdir/browser/defaults/preferences/firefox-branding.js <<- EOF
// Use LANG environment variable to choose locale
pref("intl.locale.requested", "");
// Disable default browser checking.
pref("browser.shell.checkDefaultBrowser", false);
// Don't disable our bundled extensions in the application directory
pref("extensions.autoDisableScopes", 11);
pref("extensions.shownSelectionUI", true);
EOF
# Generate appdata file
mkdir "$pkgdir"/usr/share/metainfo/
export VERSION="$pkgver"
export DATE="$_releasedate"
cat "$builddir"/taskcluster/docker/firefox-flatpak/org.mozilla.firefox.appdata.xml.in | envsubst > "$pkgdir"/usr/share/metainfo/org.mozilla.firefox.appdata.xml
}
sha512sums="
233ad59e4ab2f08d2253b49235b51b26fa32fb7c285928110573ccbe67c79965d9401a6c58a3af2ad22b8a58ca5d9b3154e3e8c9d29b153acd16152d9b75442c firefox-90.0.source.tar.xz
0b3f1e4b9fdc868e4738b5c81fd6c6128ce8885b260affcb9a65ff9d164d7232626ce1291aaea70132b3e3124f5e13fef4d39326b8e7173e362a823722a85127 stab.h
2f4f15974d52de4bb273b62a332d13620945d284bbc6fe6bd0a1f58ff7388443bc1d3bf9c82cc31a8527aad92b0cd3a1bc41d0af5e1800e0dcbd7033e58ffd71 fix-fortify-system-wrappers.patch
4510fb92653d0fdcfbc6d30e18087c0d22d4acd5eb53be7d0a333abe087a9e0bf9e58e56bafe96e1e1b28ebd1fd33b8926dbb70c221007e335b33d1468755c66 fix-tools.patch
a4a3e062661bda64d502d426c480ac9645345860118de9df9ffe6e0597738c70c11e5cdef2d4fd12c5e2ee30a09310159230524655a419a4f7e4eeeb0f3c06b0 mallinfo.patch
454ea3263cabce099accbdc47aaf83be26a19f8b5a4568c01a7ef0384601cf8315efd86cd917f9c8bf419c2c845db89a905f3ff9a8eb0c8e41042e93aa96a85c disable-moz-stackwalk.patch
cd68b89e29e5f6379fbd5679db27b9a5ef70ea65e51c0d0a8137e1f1fd210e35a8cfb047798e9549bc7275606d7ec5c8d8af1335d29da4699db7acd8bc7ff556 fix-rust-target.patch
47c2c2428c3598a42f6241705179642b3378a86ace39c8c3cbef4954e6d220b42e6c76f3d71731d65f67ce2c8597259122ac44bbd45e20993bb8bc70c0c8a010 fix-webrtc-glibcisms.patch
60845dcb034b2c4459c30f7d5f25c8176cf42df794e2cc0e86c3e2abb6541c24b962f3a16ca70a288d4d6f377b68d00b2904b22463108559612053d835d9bff1 fd6847c9416f9eebde636e21d794d25d1be8791d.patch
4e584621145cf8add069c6dac18e805b3274a1ee402d84e924df2341f7d3c5be261a93ef51283bacbd606f47fbdc628c4323ecc31efc5b403b8d224b18dc278f allow-custom-rust-vendor.patch
f3b7c3e804ce04731012a46cb9e9a6b0769e3772aef9c0a4a8c7520b030fdf6cd703d5e9ff49275f14b7d738fe82a0a4fde3bc3219dff7225d5db0e274987454 firefox.desktop
5dcb6288d0444a8a471d669bbaf61cdb1433663eff38b72ee5e980843f5fc07d0d60c91627a2c1159215d0ad77ae3f115dcc5fdfe87e64ca704b641aceaa44ed firefox-safe.desktop
55eab1a02e19a19a1ee0e36b11097ab48a44200e07e543d91469967206854f39709c7c0bc31855559528e64642d610868140e9533f1c0e3bebc953353c142fa8 disable-neon-in-aom.patch
2518f2fc75b5db30058e0735f47d60fdf1e7adfaeee4b33fb2afb1bd9a616ce943fd88f4404d0802d4083703f4acf1d5ad42377218d025bc768807fbaf7e1609 sandbox-fork.patch
db26757b2ebf9f567962e32294b4ae48b3a5d0378a7589dfe650fe3a179ff58befbab5082981c68e1c25fb9e56b2db1e4e510d4bca17c3e3aedbf9a2f21806eb sandbox-sched_setscheduler.patch
b7d0a6126bdf6c0569f80aabf5b37ed2c7a35712eb8a0404a2d85381552f5555d4f97d213ea26cec6a45dc2785f22439376ed5f8e78b4fd664ef0223307b333e sandbox-largefile.patch
b1cb2db3122634f66d2bae7066e76f2dcd455c464e021db4de3b0a08314df95cb667846081682db549dd2af8a00831cabe44a2420c66cdfb5e3b5fa7e6bd21d3 avoid-redefinition.patch
"
|