summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIan Stakenvicius <axs@gentoo.org>2015-05-16 00:58:19 +0000
committerIan Stakenvicius <axs@gentoo.org>2015-05-16 00:58:19 +0000
commit1869a015d25b04af80c1e8ee15d84ac245560551 (patch)
treefc0847a0de417ad9de83afeb947ffe9b485a2e34 /www-client
parentia64 stable wrt bug #545348 (diff)
downloadgentoo-2-1869a015d25b04af80c1e8ee15d84ac245560551.tar.gz
gentoo-2-1869a015d25b04af80c1e8ee15d84ac245560551.tar.bz2
gentoo-2-1869a015d25b04af80c1e8ee15d84ac245560551.zip
version bump of firefox ESR for security bug 549356
(Portage version: 2.2.18/cvs/Linux x86_64, signed Manifest commit with key 2B6559ED)
Diffstat (limited to 'www-client')
-rw-r--r--www-client/firefox/ChangeLog7
-rw-r--r--www-client/firefox/firefox-31.7.0.ebuild377
2 files changed, 383 insertions, 1 deletions
diff --git a/www-client/firefox/ChangeLog b/www-client/firefox/ChangeLog
index b65070cc4cd5..49ebd3737b5e 100644
--- a/www-client/firefox/ChangeLog
+++ b/www-client/firefox/ChangeLog
@@ -1,6 +1,11 @@
# ChangeLog for www-client/firefox
# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-client/firefox/ChangeLog,v 1.416 2015/04/29 09:12:59 ago Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-client/firefox/ChangeLog,v 1.417 2015/05/16 00:58:19 axs Exp $
+
+*firefox-31.7.0 (16 May 2015)
+
+ 16 May 2015; Ian Stakenvicius (_AxS_) <axs@gentoo.org> +firefox-31.7.0.ebuild:
+ version bump of firefox ESR for security bug 549356
29 Apr 2015; Agostino Sarubbo <ago@gentoo.org> firefox-31.6.0.ebuild:
Stable for ppc, wrt bug #545232
diff --git a/www-client/firefox/firefox-31.7.0.ebuild b/www-client/firefox/firefox-31.7.0.ebuild
new file mode 100644
index 000000000000..51d570e5b38f
--- /dev/null
+++ b/www-client/firefox/firefox-31.7.0.ebuild
@@ -0,0 +1,377 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-client/firefox/firefox-31.7.0.ebuild,v 1.1 2015/05/16 00:58:19 axs Exp $
+
+EAPI="5"
+VIRTUALX_REQUIRED="pgo"
+WANT_AUTOCONF="2.1"
+MOZ_ESR="1"
+
+# This list can be updated with scripts/get_langs.sh from the mozilla overlay
+MOZ_LANGS=( af ar as ast be bg bn-BD bn-IN br bs ca cs csb cy da de el en
+en-GB en-US en-ZA eo es-AR es-CL es-ES es-MX et eu fa fi fr fy-NL ga-IE gd
+gl gu-IN he hi-IN hr hu hy-AM id is it ja kk km kn ko ku lt lv mai mk ml mr
+nb-NO nl nn-NO or pa-IN pl pt-BR pt-PT rm ro ru si sk sl son sq sr sv-SE ta te
+th tr uk vi xh zh-CN zh-TW zu )
+
+# Convert the ebuild version to the upstream mozilla version, used by mozlinguas
+MOZ_PV="${PV/_alpha/a}" # Handle alpha for SRC_URI
+MOZ_PV="${MOZ_PV/_beta/b}" # Handle beta for SRC_URI
+MOZ_PV="${MOZ_PV/_rc/rc}" # Handle rc for SRC_URI
+
+if [[ ${MOZ_ESR} == 1 ]]; then
+ # ESR releases have slightly version numbers
+ MOZ_PV="${MOZ_PV}esr"
+fi
+
+# Patch version
+PATCH="${PN}-31.0-patches-0.2"
+# Upstream ftp release URI that's used by mozlinguas.eclass
+# We don't use the http mirror because it deletes old tarballs.
+MOZ_FTP_URI="ftp://ftp.mozilla.org/pub/${PN}/releases"
+MOZ_HTTP_URI="http://ftp.mozilla.org/pub/${PN}/releases"
+
+MOZCONFIG_OPTIONAL_WIFI=1
+MOZCONFIG_OPTIONAL_JIT="enabled"
+
+inherit check-reqs flag-o-matic toolchain-funcs eutils gnome2-utils mozconfig-v5.31 multilib pax-utils fdo-mime autotools virtualx mozlinguas
+
+DESCRIPTION="Firefox Web Browser"
+HOMEPAGE="http://www.mozilla.com/firefox"
+
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
+SLOT="0"
+LICENSE="MPL-2.0 GPL-2 LGPL-2.1"
+IUSE="bindist hardened +minimal pgo selinux test"
+RESTRICT="!bindist? ( bindist )"
+
+# More URIs appended below...
+SRC_URI="${SRC_URI}
+ http://dev.gentoo.org/~anarchy/mozilla/patchsets/${PATCH}.tar.xz
+ http://dev.gentoo.org/~axs/distfiles/${PATCH}.tar.xz"
+
+ASM_DEPEND=">=dev-lang/yasm-1.1"
+
+CDEPEND="
+ >=dev-libs/nss-3.17.1
+ >=dev-libs/nspr-4.10.6
+"
+
+DEPEND="${CDEPEND}
+ pgo? (
+ >=sys-devel/gcc-4.5 )
+ amd64? ( ${ASM_DEPEND}
+ virtual/opengl )
+ x86? ( ${ASM_DEPEND}
+ virtual/opengl )"
+
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-mozilla )
+"
+
+# No source releases for alpha|beta
+if [[ ${PV} =~ alpha ]]; then
+ CHANGESET="8a3042764de7"
+ SRC_URI="${SRC_URI}
+ http://dev.gentoo.org/~nirbheek/mozilla/firefox/firefox-${MOZ_PV}_${CHANGESET}.source.tar.bz2"
+ S="${WORKDIR}/mozilla-aurora-${CHANGESET}"
+elif [[ ${PV} =~ beta ]]; then
+ S="${WORKDIR}/mozilla-beta"
+ SRC_URI="${SRC_URI}
+ ${MOZ_FTP_URI}/${MOZ_PV}/source/firefox-${MOZ_PV}.source.tar.bz2
+ ${MOZ_HTTP_URI}/${MOZ_PV}/source/firefox-${MOZ_PV}.source.tar.bz2"
+else
+ SRC_URI="${SRC_URI}
+ ${MOZ_FTP_URI}/${MOZ_PV}/source/firefox-${MOZ_PV}.source.tar.bz2
+ ${MOZ_HTTP_URI}/${MOZ_PV}/source/firefox-${MOZ_PV}.source.tar.bz2"
+ if [[ ${MOZ_ESR} == 1 ]]; then
+ S="${WORKDIR}/mozilla-esr${PV%%.*}"
+ else
+ S="${WORKDIR}/mozilla-release"
+ fi
+fi
+
+QA_PRESTRIPPED="usr/$(get_libdir)/${PN}/firefox"
+
+pkg_setup() {
+ moz_pkgsetup
+
+ # Avoid PGO profiling problems due to enviroment leakage
+ # These should *always* be cleaned up anyway
+ unset DBUS_SESSION_BUS_ADDRESS \
+ DISPLAY \
+ ORBIT_SOCKETDIR \
+ SESSION_MANAGER \
+ XDG_SESSION_COOKIE \
+ XAUTHORITY
+
+ if ! use bindist; then
+ einfo
+ elog "You are enabling official branding. You may not redistribute this build"
+ elog "to any users on your network or the internet. Doing so puts yourself into"
+ elog "a legal problem with Mozilla Foundation"
+ elog "You can disable it by emerging ${PN} _with_ the bindist USE-flag"
+ fi
+
+ if use pgo; then
+ einfo
+ ewarn "You will do a double build for profile guided optimization."
+ ewarn "This will result in your build taking at least twice as long as before."
+ fi
+}
+
+pkg_pretend() {
+ # Ensure we have enough disk space to compile
+ if use pgo || use debug || use test ; then
+ CHECKREQS_DISK_BUILD="8G"
+ else
+ CHECKREQS_DISK_BUILD="4G"
+ fi
+ check-reqs_pkg_setup
+
+ if use jit && [[ -n ${PROFILE_IS_HARDENED} ]]; then
+ ewarn "You are emerging this package on a hardened profile with USE=jit enabled."
+ ewarn "This is horribly insecure as it disables all PAGEEXEC restrictions."
+ ewarn "Please ensure you know what you are doing. If you don't, please consider"
+ ewarn "emerging the package with USE=-jit"
+ fi
+}
+
+src_unpack() {
+ unpack ${A}
+
+ # Unpack language packs
+ mozlinguas_src_unpack
+}
+
+src_prepare() {
+ # Apply our patches
+ EPATCH_SUFFIX="patch" \
+ EPATCH_FORCE="yes" \
+ epatch "${WORKDIR}/firefox"
+
+ epatch "${FILESDIR}"/${PN}-32.0-hppa-js-configure.patch # bug 524556
+
+ # Allow user to apply any additional patches without modifing ebuild
+ epatch_user
+
+ # Enable gnomebreakpad
+ if use debug ; then
+ sed -i -e "s:GNOME_DISABLE_CRASH_DIALOG=1:GNOME_DISABLE_CRASH_DIALOG=0:g" \
+ "${S}"/build/unix/run-mozilla.sh || die "sed failed!"
+ fi
+
+ # Ensure that our plugins dir is enabled as default
+ sed -i -e "s:/usr/lib/mozilla/plugins:/usr/lib/nsbrowser/plugins:" \
+ "${S}"/xpcom/io/nsAppFileLocationProvider.cpp || die "sed failed to replace plugin path for 32bit!"
+ sed -i -e "s:/usr/lib64/mozilla/plugins:/usr/lib64/nsbrowser/plugins:" \
+ "${S}"/xpcom/io/nsAppFileLocationProvider.cpp || die "sed failed to replace plugin path for 64bit!"
+
+ # Fix sandbox violations during make clean, bug 372817
+ sed -e "s:\(/no-such-file\):${T}\1:g" \
+ -i "${S}"/config/rules.mk \
+ -i "${S}"/nsprpub/configure{.in,} \
+ || die
+
+ # Don't exit with error when some libs are missing which we have in
+ # system.
+ sed '/^MOZ_PKG_FATAL_WARNINGS/s@= 1@= 0@' \
+ -i "${S}"/browser/installer/Makefile.in || die
+
+ # Don't error out when there's no files to be removed:
+ sed 's@\(xargs rm\)$@\1 -f@' \
+ -i "${S}"/toolkit/mozapps/installer/packager.mk || die
+
+ eautoreconf
+
+ # Must run autoconf in js/src
+ cd "${S}"/js/src || die
+ eautoconf
+}
+
+src_configure() {
+ MOZILLA_FIVE_HOME="/usr/$(get_libdir)/${PN}"
+ MEXTENSIONS="default"
+ # Google API keys (see http://www.chromium.org/developers/how-tos/api-keys)
+ # Note: These are for Gentoo Linux use ONLY. For your own distribution, please
+ # get your own set of keys.
+ _google_api_key=AIzaSyDEAOvatFo0eTgsV_ZlEzx0ObmepsMzfAc
+
+ ####################################
+ #
+ # mozconfig, CFLAGS and CXXFLAGS setup
+ #
+ ####################################
+
+ mozconfig_init
+ mozconfig_config
+
+ # It doesn't compile on alpha without this LDFLAGS
+ use alpha && append-ldflags "-Wl,--no-relax"
+
+ # Add full relro support for hardened
+ use hardened && append-ldflags "-Wl,-z,relro,-z,now"
+
+ # Setup api key for location services
+ echo -n "${_google_api_key}" > "${S}"/google-api-key
+ mozconfig_annotate '' --with-google-api-keyfile="${S}/google-api-key"
+
+ mozconfig_annotate '' --enable-extensions="${MEXTENSIONS}"
+ mozconfig_annotate '' --disable-mailnews
+
+ # Other ff-specific settings
+ mozconfig_annotate '' --with-default-mozilla-five-home=${MOZILLA_FIVE_HOME}
+
+ # Allow for a proper pgo build
+ if use pgo; then
+ echo "mk_add_options PROFILE_GEN_SCRIPT='\$(PYTHON) \$(OBJDIR)/_profile/pgo/profileserver.py'" >> "${S}"/.mozconfig
+ fi
+
+ # Finalize and report settings
+ mozconfig_final
+
+ if [[ $(gcc-major-version) -lt 4 ]]; then
+ append-cxxflags -fno-stack-protector
+ elif [[ $(gcc-major-version) -gt 4 || $(gcc-minor-version) -gt 3 ]]; then
+ if use amd64 || use x86; then
+ append-flags -mno-avx
+ fi
+ fi
+}
+
+src_compile() {
+ if use pgo; then
+ addpredict /root
+ addpredict /etc/gconf
+ # Reset and cleanup environment variables used by GNOME/XDG
+ gnome2_environment_reset
+
+ # Firefox tries to use dri stuff when it's run, see bug 380283
+ shopt -s nullglob
+ cards=$(echo -n /dev/dri/card* | sed 's/ /:/g')
+ if test -z "${cards}"; then
+ cards=$(echo -n /dev/ati/card* /dev/nvidiactl* | sed 's/ /:/g')
+ if test -n "${cards}"; then
+ # Binary drivers seem to cause access violations anyway, so
+ # let's use indirect rendering so that the device files aren't
+ # touched at all. See bug 394715.
+ export LIBGL_ALWAYS_INDIRECT=1
+ fi
+ fi
+ shopt -u nullglob
+ addpredict "${cards}"
+
+ CC="$(tc-getCC)" CXX="$(tc-getCXX)" LD="$(tc-getLD)" \
+ MOZ_MAKE_FLAGS="${MAKEOPTS}" SHELL="${SHELL}" \
+ Xemake -f client.mk profiledbuild || die "Xemake failed"
+ else
+ CC="$(tc-getCC)" CXX="$(tc-getCXX)" LD="$(tc-getLD)" \
+ MOZ_MAKE_FLAGS="${MAKEOPTS}" SHELL="${SHELL}" \
+ emake -f client.mk
+ fi
+
+}
+
+src_install() {
+ MOZILLA_FIVE_HOME="/usr/$(get_libdir)/${PN}"
+ DICTPATH="\"${EPREFIX}/usr/share/myspell\""
+
+ # MOZ_BUILD_ROOT, and hence OBJ_DIR change depending on arch, compiler, pgo, etc.
+ local obj_dir="$(echo */config.log)"
+ obj_dir="${obj_dir%/*}"
+ cd "${S}/${obj_dir}" || die
+
+ # Pax mark xpcshell for hardened support, only used for startupcache creation.
+ pax-mark m "${S}/${obj_dir}"/dist/bin/xpcshell
+
+ # Add our default prefs for firefox
+ cp "${FILESDIR}"/gentoo-default-prefs.js-1 \
+ "${S}/${obj_dir}/dist/bin/browser/defaults/preferences/all-gentoo.js" \
+ || die
+
+ # Set default path to search for dictionaries.
+ echo "pref(\"spellchecker.dictionary_path\", ${DICTPATH});" \
+ >> "${S}/${obj_dir}/dist/bin/browser/defaults/preferences/all-gentoo.js" \
+ || die
+
+ echo "pref(\"extensions.autoDisableScopes\", 3);" >> \
+ "${S}/${obj_dir}/dist/bin/browser/defaults/preferences/all-gentoo.js" \
+ || die
+
+ MOZ_MAKE_FLAGS="${MAKEOPTS}" \
+ emake DESTDIR="${D}" install
+
+ # Install language packs
+ mozlinguas_src_install
+
+ local size sizes icon_path icon name
+ if use bindist; then
+ sizes="16 32 48"
+ icon_path="${S}/browser/branding/aurora"
+ # Firefox's new rapid release cycle means no more codenames
+ # Let's just stick with this one...
+ icon="aurora"
+ name="Aurora"
+ else
+ sizes="16 22 24 32 256"
+ icon_path="${S}/browser/branding/official"
+ icon="${PN}"
+ name="Mozilla Firefox"
+ fi
+
+ # Install icons and .desktop for menu entry
+ for size in ${sizes}; do
+ insinto "/usr/share/icons/hicolor/${size}x${size}/apps"
+ newins "${icon_path}/default${size}.png" "${icon}.png"
+ done
+ # The 128x128 icon has a different name
+ insinto "/usr/share/icons/hicolor/128x128/apps"
+ newins "${icon_path}/mozicon128.png" "${icon}.png"
+ # Install a 48x48 icon into /usr/share/pixmaps for legacy DEs
+ newicon "${icon_path}/content/icon48.png" "${icon}.png"
+ newmenu "${FILESDIR}/icon/${PN}.desktop" "${PN}.desktop"
+ sed -i -e "s:@NAME@:${name}:" -e "s:@ICON@:${icon}:" \
+ "${ED}/usr/share/applications/${PN}.desktop" || die
+
+ # Add StartupNotify=true bug 237317
+ if use startup-notification ; then
+ echo "StartupNotify=true"\
+ >> "${ED}/usr/share/applications/${PN}.desktop" \
+ || die
+ fi
+
+ # Required in order to use plugins and even run firefox on hardened.
+ pax-mark m "${ED}"${MOZILLA_FIVE_HOME}/plugin-container
+ # Required in order for jit to work on hardened, as of firefox-31
+ use jit && pax-mark pm "${ED}"${MOZILLA_FIVE_HOME}/{firefox,firefox-bin}
+
+ if use minimal; then
+ rm -r "${ED}"/usr/include "${ED}${MOZILLA_FIVE_HOME}"/{idl,include,lib,sdk} \
+ || die "Failed to remove sdk and headers"
+ fi
+
+ # very ugly hack to make firefox not sigbus on sparc
+ # FIXME: is this still needed??
+ use sparc && { sed -e 's/Firefox/FirefoxGentoo/g' \
+ -i "${ED}/${MOZILLA_FIVE_HOME}/application.ini" \
+ || die "sparc sed failed"; }
+
+ # revdep-rebuild entry
+ insinto /etc/revdep-rebuild
+ echo "SEARCH_DIRS_MASK=${MOZILLA_FIVE_HOME}" >> ${T}/10firefox
+ doins "${T}"/10${PN} || die
+}
+
+pkg_preinst() {
+ gnome2_icon_savelist
+}
+
+pkg_postinst() {
+ # Update mimedb for the new .desktop file
+ fdo-mime_desktop_database_update
+ gnome2_icon_cache_update
+}
+
+pkg_postrm() {
+ gnome2_icon_cache_update
+}