diff options
author | Ian Stakenvicius <axs@gentoo.org> | 2015-05-16 00:58:19 +0000 |
---|---|---|
committer | Ian Stakenvicius <axs@gentoo.org> | 2015-05-16 00:58:19 +0000 |
commit | 1869a015d25b04af80c1e8ee15d84ac245560551 (patch) | |
tree | fc0847a0de417ad9de83afeb947ffe9b485a2e34 /www-client | |
parent | ia64 stable wrt bug #545348 (diff) | |
download | gentoo-2-1869a015d25b04af80c1e8ee15d84ac245560551.tar.gz gentoo-2-1869a015d25b04af80c1e8ee15d84ac245560551.tar.bz2 gentoo-2-1869a015d25b04af80c1e8ee15d84ac245560551.zip |
version bump of firefox ESR for security bug 549356
(Portage version: 2.2.18/cvs/Linux x86_64, signed Manifest commit with key 2B6559ED)
Diffstat (limited to 'www-client')
-rw-r--r-- | www-client/firefox/ChangeLog | 7 | ||||
-rw-r--r-- | www-client/firefox/firefox-31.7.0.ebuild | 377 |
2 files changed, 383 insertions, 1 deletions
diff --git a/www-client/firefox/ChangeLog b/www-client/firefox/ChangeLog index b65070cc4cd5..49ebd3737b5e 100644 --- a/www-client/firefox/ChangeLog +++ b/www-client/firefox/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for www-client/firefox # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/www-client/firefox/ChangeLog,v 1.416 2015/04/29 09:12:59 ago Exp $ +# $Header: /var/cvsroot/gentoo-x86/www-client/firefox/ChangeLog,v 1.417 2015/05/16 00:58:19 axs Exp $ + +*firefox-31.7.0 (16 May 2015) + + 16 May 2015; Ian Stakenvicius (_AxS_) <axs@gentoo.org> +firefox-31.7.0.ebuild: + version bump of firefox ESR for security bug 549356 29 Apr 2015; Agostino Sarubbo <ago@gentoo.org> firefox-31.6.0.ebuild: Stable for ppc, wrt bug #545232 diff --git a/www-client/firefox/firefox-31.7.0.ebuild b/www-client/firefox/firefox-31.7.0.ebuild new file mode 100644 index 000000000000..51d570e5b38f --- /dev/null +++ b/www-client/firefox/firefox-31.7.0.ebuild @@ -0,0 +1,377 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/www-client/firefox/firefox-31.7.0.ebuild,v 1.1 2015/05/16 00:58:19 axs Exp $ + +EAPI="5" +VIRTUALX_REQUIRED="pgo" +WANT_AUTOCONF="2.1" +MOZ_ESR="1" + +# This list can be updated with scripts/get_langs.sh from the mozilla overlay +MOZ_LANGS=( af ar as ast be bg bn-BD bn-IN br bs ca cs csb cy da de el en +en-GB en-US en-ZA eo es-AR es-CL es-ES es-MX et eu fa fi fr fy-NL ga-IE gd +gl gu-IN he hi-IN hr hu hy-AM id is it ja kk km kn ko ku lt lv mai mk ml mr +nb-NO nl nn-NO or pa-IN pl pt-BR pt-PT rm ro ru si sk sl son sq sr sv-SE ta te +th tr uk vi xh zh-CN zh-TW zu ) + +# Convert the ebuild version to the upstream mozilla version, used by mozlinguas +MOZ_PV="${PV/_alpha/a}" # Handle alpha for SRC_URI +MOZ_PV="${MOZ_PV/_beta/b}" # Handle beta for SRC_URI +MOZ_PV="${MOZ_PV/_rc/rc}" # Handle rc for SRC_URI + +if [[ ${MOZ_ESR} == 1 ]]; then + # ESR releases have slightly version numbers + MOZ_PV="${MOZ_PV}esr" +fi + +# Patch version +PATCH="${PN}-31.0-patches-0.2" +# Upstream ftp release URI that's used by mozlinguas.eclass +# We don't use the http mirror because it deletes old tarballs. +MOZ_FTP_URI="ftp://ftp.mozilla.org/pub/${PN}/releases" +MOZ_HTTP_URI="http://ftp.mozilla.org/pub/${PN}/releases" + +MOZCONFIG_OPTIONAL_WIFI=1 +MOZCONFIG_OPTIONAL_JIT="enabled" + +inherit check-reqs flag-o-matic toolchain-funcs eutils gnome2-utils mozconfig-v5.31 multilib pax-utils fdo-mime autotools virtualx mozlinguas + +DESCRIPTION="Firefox Web Browser" +HOMEPAGE="http://www.mozilla.com/firefox" + +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux" +SLOT="0" +LICENSE="MPL-2.0 GPL-2 LGPL-2.1" +IUSE="bindist hardened +minimal pgo selinux test" +RESTRICT="!bindist? ( bindist )" + +# More URIs appended below... +SRC_URI="${SRC_URI} + http://dev.gentoo.org/~anarchy/mozilla/patchsets/${PATCH}.tar.xz + http://dev.gentoo.org/~axs/distfiles/${PATCH}.tar.xz" + +ASM_DEPEND=">=dev-lang/yasm-1.1" + +CDEPEND=" + >=dev-libs/nss-3.17.1 + >=dev-libs/nspr-4.10.6 +" + +DEPEND="${CDEPEND} + pgo? ( + >=sys-devel/gcc-4.5 ) + amd64? ( ${ASM_DEPEND} + virtual/opengl ) + x86? ( ${ASM_DEPEND} + virtual/opengl )" + +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-mozilla ) +" + +# No source releases for alpha|beta +if [[ ${PV} =~ alpha ]]; then + CHANGESET="8a3042764de7" + SRC_URI="${SRC_URI} + http://dev.gentoo.org/~nirbheek/mozilla/firefox/firefox-${MOZ_PV}_${CHANGESET}.source.tar.bz2" + S="${WORKDIR}/mozilla-aurora-${CHANGESET}" +elif [[ ${PV} =~ beta ]]; then + S="${WORKDIR}/mozilla-beta" + SRC_URI="${SRC_URI} + ${MOZ_FTP_URI}/${MOZ_PV}/source/firefox-${MOZ_PV}.source.tar.bz2 + ${MOZ_HTTP_URI}/${MOZ_PV}/source/firefox-${MOZ_PV}.source.tar.bz2" +else + SRC_URI="${SRC_URI} + ${MOZ_FTP_URI}/${MOZ_PV}/source/firefox-${MOZ_PV}.source.tar.bz2 + ${MOZ_HTTP_URI}/${MOZ_PV}/source/firefox-${MOZ_PV}.source.tar.bz2" + if [[ ${MOZ_ESR} == 1 ]]; then + S="${WORKDIR}/mozilla-esr${PV%%.*}" + else + S="${WORKDIR}/mozilla-release" + fi +fi + +QA_PRESTRIPPED="usr/$(get_libdir)/${PN}/firefox" + +pkg_setup() { + moz_pkgsetup + + # Avoid PGO profiling problems due to enviroment leakage + # These should *always* be cleaned up anyway + unset DBUS_SESSION_BUS_ADDRESS \ + DISPLAY \ + ORBIT_SOCKETDIR \ + SESSION_MANAGER \ + XDG_SESSION_COOKIE \ + XAUTHORITY + + if ! use bindist; then + einfo + elog "You are enabling official branding. You may not redistribute this build" + elog "to any users on your network or the internet. Doing so puts yourself into" + elog "a legal problem with Mozilla Foundation" + elog "You can disable it by emerging ${PN} _with_ the bindist USE-flag" + fi + + if use pgo; then + einfo + ewarn "You will do a double build for profile guided optimization." + ewarn "This will result in your build taking at least twice as long as before." + fi +} + +pkg_pretend() { + # Ensure we have enough disk space to compile + if use pgo || use debug || use test ; then + CHECKREQS_DISK_BUILD="8G" + else + CHECKREQS_DISK_BUILD="4G" + fi + check-reqs_pkg_setup + + if use jit && [[ -n ${PROFILE_IS_HARDENED} ]]; then + ewarn "You are emerging this package on a hardened profile with USE=jit enabled." + ewarn "This is horribly insecure as it disables all PAGEEXEC restrictions." + ewarn "Please ensure you know what you are doing. If you don't, please consider" + ewarn "emerging the package with USE=-jit" + fi +} + +src_unpack() { + unpack ${A} + + # Unpack language packs + mozlinguas_src_unpack +} + +src_prepare() { + # Apply our patches + EPATCH_SUFFIX="patch" \ + EPATCH_FORCE="yes" \ + epatch "${WORKDIR}/firefox" + + epatch "${FILESDIR}"/${PN}-32.0-hppa-js-configure.patch # bug 524556 + + # Allow user to apply any additional patches without modifing ebuild + epatch_user + + # Enable gnomebreakpad + if use debug ; then + sed -i -e "s:GNOME_DISABLE_CRASH_DIALOG=1:GNOME_DISABLE_CRASH_DIALOG=0:g" \ + "${S}"/build/unix/run-mozilla.sh || die "sed failed!" + fi + + # Ensure that our plugins dir is enabled as default + sed -i -e "s:/usr/lib/mozilla/plugins:/usr/lib/nsbrowser/plugins:" \ + "${S}"/xpcom/io/nsAppFileLocationProvider.cpp || die "sed failed to replace plugin path for 32bit!" + sed -i -e "s:/usr/lib64/mozilla/plugins:/usr/lib64/nsbrowser/plugins:" \ + "${S}"/xpcom/io/nsAppFileLocationProvider.cpp || die "sed failed to replace plugin path for 64bit!" + + # Fix sandbox violations during make clean, bug 372817 + sed -e "s:\(/no-such-file\):${T}\1:g" \ + -i "${S}"/config/rules.mk \ + -i "${S}"/nsprpub/configure{.in,} \ + || die + + # Don't exit with error when some libs are missing which we have in + # system. + sed '/^MOZ_PKG_FATAL_WARNINGS/s@= 1@= 0@' \ + -i "${S}"/browser/installer/Makefile.in || die + + # Don't error out when there's no files to be removed: + sed 's@\(xargs rm\)$@\1 -f@' \ + -i "${S}"/toolkit/mozapps/installer/packager.mk || die + + eautoreconf + + # Must run autoconf in js/src + cd "${S}"/js/src || die + eautoconf +} + +src_configure() { + MOZILLA_FIVE_HOME="/usr/$(get_libdir)/${PN}" + MEXTENSIONS="default" + # Google API keys (see http://www.chromium.org/developers/how-tos/api-keys) + # Note: These are for Gentoo Linux use ONLY. For your own distribution, please + # get your own set of keys. + _google_api_key=AIzaSyDEAOvatFo0eTgsV_ZlEzx0ObmepsMzfAc + + #################################### + # + # mozconfig, CFLAGS and CXXFLAGS setup + # + #################################### + + mozconfig_init + mozconfig_config + + # It doesn't compile on alpha without this LDFLAGS + use alpha && append-ldflags "-Wl,--no-relax" + + # Add full relro support for hardened + use hardened && append-ldflags "-Wl,-z,relro,-z,now" + + # Setup api key for location services + echo -n "${_google_api_key}" > "${S}"/google-api-key + mozconfig_annotate '' --with-google-api-keyfile="${S}/google-api-key" + + mozconfig_annotate '' --enable-extensions="${MEXTENSIONS}" + mozconfig_annotate '' --disable-mailnews + + # Other ff-specific settings + mozconfig_annotate '' --with-default-mozilla-five-home=${MOZILLA_FIVE_HOME} + + # Allow for a proper pgo build + if use pgo; then + echo "mk_add_options PROFILE_GEN_SCRIPT='\$(PYTHON) \$(OBJDIR)/_profile/pgo/profileserver.py'" >> "${S}"/.mozconfig + fi + + # Finalize and report settings + mozconfig_final + + if [[ $(gcc-major-version) -lt 4 ]]; then + append-cxxflags -fno-stack-protector + elif [[ $(gcc-major-version) -gt 4 || $(gcc-minor-version) -gt 3 ]]; then + if use amd64 || use x86; then + append-flags -mno-avx + fi + fi +} + +src_compile() { + if use pgo; then + addpredict /root + addpredict /etc/gconf + # Reset and cleanup environment variables used by GNOME/XDG + gnome2_environment_reset + + # Firefox tries to use dri stuff when it's run, see bug 380283 + shopt -s nullglob + cards=$(echo -n /dev/dri/card* | sed 's/ /:/g') + if test -z "${cards}"; then + cards=$(echo -n /dev/ati/card* /dev/nvidiactl* | sed 's/ /:/g') + if test -n "${cards}"; then + # Binary drivers seem to cause access violations anyway, so + # let's use indirect rendering so that the device files aren't + # touched at all. See bug 394715. + export LIBGL_ALWAYS_INDIRECT=1 + fi + fi + shopt -u nullglob + addpredict "${cards}" + + CC="$(tc-getCC)" CXX="$(tc-getCXX)" LD="$(tc-getLD)" \ + MOZ_MAKE_FLAGS="${MAKEOPTS}" SHELL="${SHELL}" \ + Xemake -f client.mk profiledbuild || die "Xemake failed" + else + CC="$(tc-getCC)" CXX="$(tc-getCXX)" LD="$(tc-getLD)" \ + MOZ_MAKE_FLAGS="${MAKEOPTS}" SHELL="${SHELL}" \ + emake -f client.mk + fi + +} + +src_install() { + MOZILLA_FIVE_HOME="/usr/$(get_libdir)/${PN}" + DICTPATH="\"${EPREFIX}/usr/share/myspell\"" + + # MOZ_BUILD_ROOT, and hence OBJ_DIR change depending on arch, compiler, pgo, etc. + local obj_dir="$(echo */config.log)" + obj_dir="${obj_dir%/*}" + cd "${S}/${obj_dir}" || die + + # Pax mark xpcshell for hardened support, only used for startupcache creation. + pax-mark m "${S}/${obj_dir}"/dist/bin/xpcshell + + # Add our default prefs for firefox + cp "${FILESDIR}"/gentoo-default-prefs.js-1 \ + "${S}/${obj_dir}/dist/bin/browser/defaults/preferences/all-gentoo.js" \ + || die + + # Set default path to search for dictionaries. + echo "pref(\"spellchecker.dictionary_path\", ${DICTPATH});" \ + >> "${S}/${obj_dir}/dist/bin/browser/defaults/preferences/all-gentoo.js" \ + || die + + echo "pref(\"extensions.autoDisableScopes\", 3);" >> \ + "${S}/${obj_dir}/dist/bin/browser/defaults/preferences/all-gentoo.js" \ + || die + + MOZ_MAKE_FLAGS="${MAKEOPTS}" \ + emake DESTDIR="${D}" install + + # Install language packs + mozlinguas_src_install + + local size sizes icon_path icon name + if use bindist; then + sizes="16 32 48" + icon_path="${S}/browser/branding/aurora" + # Firefox's new rapid release cycle means no more codenames + # Let's just stick with this one... + icon="aurora" + name="Aurora" + else + sizes="16 22 24 32 256" + icon_path="${S}/browser/branding/official" + icon="${PN}" + name="Mozilla Firefox" + fi + + # Install icons and .desktop for menu entry + for size in ${sizes}; do + insinto "/usr/share/icons/hicolor/${size}x${size}/apps" + newins "${icon_path}/default${size}.png" "${icon}.png" + done + # The 128x128 icon has a different name + insinto "/usr/share/icons/hicolor/128x128/apps" + newins "${icon_path}/mozicon128.png" "${icon}.png" + # Install a 48x48 icon into /usr/share/pixmaps for legacy DEs + newicon "${icon_path}/content/icon48.png" "${icon}.png" + newmenu "${FILESDIR}/icon/${PN}.desktop" "${PN}.desktop" + sed -i -e "s:@NAME@:${name}:" -e "s:@ICON@:${icon}:" \ + "${ED}/usr/share/applications/${PN}.desktop" || die + + # Add StartupNotify=true bug 237317 + if use startup-notification ; then + echo "StartupNotify=true"\ + >> "${ED}/usr/share/applications/${PN}.desktop" \ + || die + fi + + # Required in order to use plugins and even run firefox on hardened. + pax-mark m "${ED}"${MOZILLA_FIVE_HOME}/plugin-container + # Required in order for jit to work on hardened, as of firefox-31 + use jit && pax-mark pm "${ED}"${MOZILLA_FIVE_HOME}/{firefox,firefox-bin} + + if use minimal; then + rm -r "${ED}"/usr/include "${ED}${MOZILLA_FIVE_HOME}"/{idl,include,lib,sdk} \ + || die "Failed to remove sdk and headers" + fi + + # very ugly hack to make firefox not sigbus on sparc + # FIXME: is this still needed?? + use sparc && { sed -e 's/Firefox/FirefoxGentoo/g' \ + -i "${ED}/${MOZILLA_FIVE_HOME}/application.ini" \ + || die "sparc sed failed"; } + + # revdep-rebuild entry + insinto /etc/revdep-rebuild + echo "SEARCH_DIRS_MASK=${MOZILLA_FIVE_HOME}" >> ${T}/10firefox + doins "${T}"/10${PN} || die +} + +pkg_preinst() { + gnome2_icon_savelist +} + +pkg_postinst() { + # Update mimedb for the new .desktop file + fdo-mime_desktop_database_update + gnome2_icon_cache_update +} + +pkg_postrm() { + gnome2_icon_cache_update +} |