# WARNING: This package is synced with Fedora # # WARNING, READ FIRST: # # This is a special package that needs special treatment. Due to the amount of # security updates it needs, it's common to ship new upstream versions instead of patching. # That means this package MUST be BUILDABLE for stable official releases. # This also means only STABLE upstream releases, NO betas. # This is a discussed topic. Please, do not flame it again. # Stay on ESR for stable releases and for cauldron before mageia 9. # /!\ Do not update more than FF 102 for mga9. /!\ # ff 102 -> 113? %ifarch %{ix86} armv7hl %global debug_package %{nil} %endif # Produce debug (non-optimized) package build. Suitable for debugging only # as the build is *very* slow. %global debug_build 0 #squidf: to fix i586 build. FIXME : no clear reason why it is mandatory %ifarch %{ix86} #global debug_build 1 %endif #squidf: NOTE: x86_64 to build with gcc due to bug #30372 %global build_with_clang 0 # Place rpm-macros into proper location %global rpm_macros_dir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d) %global system_nss 1 %global system_libicu 1 %global system_libevent 1 %global system_libvpx 1 %global system_webp 1 %global system_pixman 1 %global hardened_build 1 %global disable_elfhack 1 # Bundled cbindgen makes build slow. # Enable only if system cbindgen is not available. %global use_bundled_cbindgen 0 #squidf: as of ff-91.9.0esr, i586 fails gcc building, switch to clang # (tv) error was: # BUILD/firefox-102.0/memory/build/mozjemalloc.cpp: In static member function 'static unsigned int FastDivide::divide(size_t, unsigned int)': # BUILD/firefox-102.0/memory/build/mozjemalloc.cpp:2297:24: internal compiler error: unexpected expression 'Q' of kind template_parm_index # # (tv) that error is now fixed, but we now hit either memory or linkage error depending on the run. Either: # out of memory allocating 4080720 bytes after a total of 3518176080 bytes # /usr/bin/ld: /home/iurt/rpmbuild/BUILD/firefox-102.0/objdir/i586-unknown-linux-gnu/debug/libgkrust.a: error adding symbols: file format not recognize %ifarch aarch64 %{ix86} %{arm} # (tv) it fails on i586 with "LLVM ERROR: out of memory" %global build_with_clang 1 %endif %global build_with_pgo 0 %global major 115 %global ff_epoch 0 # (tpg) set version HERE !!! %global extra esr %global realver %{version}%extra %global firefox_appid \{ec8030f7-c20a-464f-9b0e-13a3a9e97384\} # (tpg) MOZILLA_FIVE_HOME %global mozappdir %{_libdir}/%{name} %global pluginsdir %{_libdir}/mozilla/plugins # exclude libnss from provides (eg: when system_nss is disabled) %global __provides_exclude %{?__provides_exclude:%__provides_exclude|}^libnss|^libnspr|^libsmime3|^libssl3|^libsoftokn3|^libfreeblpriv3|^libplc4|^libplds4 # exclude libnss from requires when system_nss is disabled (requires on ourselves): %if !%{?system_nss} %global __requires_exclude %{?__requires_exclude:%__requires_exclude|}^libnss|^libnspr|^libsmime3|^libssl3|^libsoftokn3|^libfreeblpriv3|^libplc4|^libplds4 %endif # Minimal required versions %global cairo_version 1.13.1 %global freetype_version 2.1.9 %global libnotify_version 0.7.0 %if %{?system_libvpx} %global libvpx_version 1.10.0 %endif %if %{?system_webp} %global libwebp_version 1.1.0 %endif # this seems fragile, so require the exact version or later (#58754) %global nspr_version 4.32 %global nspr_build_version %(pkg-config --silence-errors --modversion nspr 2>/dev/null || echo 65536) %global nss_version 3.94 %global nss_build_version %(pkg-config --silence-errors --modversion nss 2>/dev/null || echo 65536) %global sqlite_version 3.34.1 # The actual sqlite version (see #480989): %global sqlite_build_version %(pkg-config --silence-errors --modversion sqlite3 2>/dev/null || echo 65536) %global official_branding 1 Summary: Mozilla Firefox Web browser Name: firefox Version: %{major}.9.1 Epoch: %{ff_epoch} Release: %mkrel 1 License: MPLv1.1 or GPLv2+ or LGPLv2+ Group: Networking/WWW URL: https://www.mozilla.org/firefox/organizations/ Source0: https://ftp.mozilla.org/pub/firefox/releases/%{realver}/source/firefox-%{realver}.source.tar.xz Source2: cbindgen-vendor.tar.xz Source4: %{name}.desktop Source8: firefox-searchengines-duckduckgo.xml Source9: kde.js # From Fedora: Source10: firefox-mozconfig Source12: firefox-mageia-default-prefs.js Source23: firefox.1 Source24: mozilla-api-key Source26: distribution.ini Source27: google-api-key # To generate cbindgen-vendor.tar.xz Source100: gen_cbindgen-vendor.sh # Fedora patches: # Build patches Patch41: build-disable-elfhack.patch Patch44: build-arm-libopus.patch Patch53: firefox-gcc-build.patch Patch71: 0001-GLIBCXX-fix-for-GCC-12.patch # Fedora specific patches Patch219: rhbz-1173156.patch #ARM run-time patch Patch226: rhbz-1354671.patch Patch231: webrtc-nss-fix.patch Patch301: CVE-2023-44488-libvpx.patch # Upstream patches Patch402: mozilla-1196777.patch # Bundled expat backported patches Patch501: expat-CVE-2022-25235.patch Patch502: expat-CVE-2022-25236.patch Patch503: expat-CVE-2022-25315.patch # Mageia patches: # (OpenSuse) add patch to make firefox always use /usr/bin/firefox when "make firefox # the default web browser" is used fix mdv bug#58784 Patch1005: firefox-66.0-appname.patch Patch1009: fix-build.diff # Patches for kde integration of FF # (doktor5000) if the patches need updating, grab both from the branch corresponding with the current firefox version at # https://www.rosenauer.org/hg/mozilla Patch1011: https://www.rosenauer.org/hg/mozilla/raw-file/tip/mozilla-kde.patch # (fwang) please modify patch12 with `sed -e 's/MozillaFirefox/firefox/'` to fit our desktop filename Patch1012: https://www.rosenauer.org/hg/mozilla/raw-file/tip/firefox-kde.patch Patch1040: no-MOZ_SIGNAL_TRAMPOLINE.patch Patch1042: typenum-fix-cargo-checksum.patch # Patch by Martin Whitaker to fix building i586 with rust Patch1043: force-i586-host.patch # (martinw) don't check for cmov support when running on older CPUs Patch1044: bypass-cmov-assert-on-i586.patch Patch1045: mga-fix-double_t-conflicting-declaration.patch BuildRequires: pkgconfig(nspr) >= %{nspr_version} %if %{?system_nss} BuildRequires: pkgconfig(nss) >= %{nss_version} BuildRequires: nss-static-devel >= %{nss_version} %endif %if %{?system_libevent} BuildRequires: pkgconfig(libevent) %endif BuildRequires: pkgconfig(libpng) BuildRequires: pkgconfig(libjpeg) BuildRequires: zip BuildRequires: bzip2-devel BuildRequires: pkgconfig(zlib) BuildRequires: pkgconfig(gtk+-3.0) BuildRequires: pkgconfig(gtk+-2.0) BuildRequires: pkgconfig(krb5) BuildRequires: pkgconfig(pango) BuildRequires: pkgconfig(freetype2) >= %{freetype_version} BuildRequires: pkgconfig(xt) BuildRequires: pkgconfig(xrender) BuildRequires: pkgconfig(libstartup-notification-1.0) BuildRequires: pkgconfig(libnotify) >= %{libnotify_version} BuildRequires: pkgconfig(dri) BuildRequires: dbus-glib-devel %if %{?system_pixman} BuildRequires: pixman-devel %endif %if %{?system_libvpx} BuildRequires: pkgconfig(libvpx) >= %{libvpx_version} %endif %if %{?system_webp} BuildRequires: pkgconfig(libwebp) >= %{libwebp_version} BuildRequires: pkgconfig(libwebpdemux) >= %{libwebp_version} %endif BuildRequires: autoconf2.1 BuildRequires: pkgconfig(libpulse) BuildRequires: pkgconfig(icu-i18n) >= 58.0 #BuildRequires: valgrind-devel BuildRequires: yasm BuildRequires: libatomic-devel BuildRequires: llvm BuildRequires: llvm-devel BuildRequires: clang BuildRequires: clang-devel %if 0%{?build_with_clang} BuildRequires: lld %endif %if !0%{?use_bundled_cbindgen} BuildRequires: cbindgen %endif BuildRequires: nodejs BuildRequires: nasm >= 1.13 %if %{?system_nss} Requires: %{mklibname nss 3} >= 2:%{nss_build_version} Requires: %{mklibname nspr 4} >= 2:%{nspr_build_version} %endif BuildRequires: pkgconfig(libavcodec) BuildRequires: python3-devel BuildRequires: pkgconfig(sqlite3) >= %{sqlite_version} Requires: %{mklibname sqlite3_ 0} >= %{sqlite_build_version} BuildRequires: pkgconfig(libffi) BuildRequires: rootcerts >= 1:20130411.00 BuildRequires: doxygen BuildRequires: libiw-devel BuildRequires: python3-setuptools BuildRequires: python3-virtualenv BuildRequires: pkgconfig(libproxy-1.0) BuildRequires: rust >= 1.43.0 BuildRequires: cargo >= 1.43.0 Provides: %{name} = %{epoch}:%{version} Provides: mozilla-firefox = %{epoch}:%{version}-%{release} Provides: webclient Requires: indexhtml Requires: xdg-utils # fixes bug #42096 Requires: mailcap Recommends: hunspell-en Requires: %{_lib}notify4 # make sure our default bookmarks are present Requires: desktop-common-data # try to fix mga#1344 (automatic installation of proper -l10n package) # packages requiring locales-XX will be automatically preferred when locales-XX # is already installed Recommends: firefox-l10n Recommends: %{_lib}canberra0 Recommends: %{_lib}cups2 # npapi is no more as of firefox 91 Obsoletes: firefox-devel < 91.0 %description Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %prep %setup -q -n firefox-%{version} # Fedora patches: %if 0%{?disable_elfhack} %patch -P41 -p1 -b .disable-elfhack %endif %patch -P44 -p1 -b .build-arm-libopus %patch -P53 -p1 -b .firefox-gcc-build %patch -P71 -p1 -b .0001-GLIBCXX-fix-for-GCC-12 # Fedora patches %patch -P219 -p1 -b .rhbz-1173156 #ARM run-time patch %ifarch aarch64 #patch -P226 -p1 -b .1354671 %endif %patch -P231 -p1 -b .webrtc-nss-fix %patch -P402 -p1 -b .1196777 %patch -P501 -p1 -b .expat-CVE-2022-25235 %patch -P502 -p1 -b .expat-CVE-2022-25236 %patch -P503 -p1 -b .expat-CVE-2022-25315 pushd media/libvpx/libvpx %patch -P301 -p1 -b .CVE-2023-44488-libvpx popd # Mageia patches: %patch -P1005 -p1 -b .appname %patch -P1009 -p1 -b .fbts #squidf: crashes i586 build #squidf: FIXME: are these patches really necessary anymore even for x86_64? #ifnarch #{ix86} %patch -P1011 -p1 -b .mozkde %patch -P1012 -p1 -b .ffkde #endif #patch -P1042 -p1 -b .typenum %patch -P1043 -p0 %patch -P1044 -p1 %patch -P1045 -p1 -b .fix-build-i586 %{__rm} -f .mozconfig %{__cp} %{SOURCE10} .mozconfig # Mageia specific options: cat << EOF >> .mozconfig ac_add_options --enable-libproxy ac_add_options --with-system-png ac_add_options --with-distribution-id=org.mageia ac_add_options --enable-update-channel=release EOF # Options shared with FC: echo "ac_add_options --enable-default-toolkit=cairo-gtk3-wayland" >> .mozconfig %if %{official_branding} echo "ac_add_options --enable-official-branding" >> .mozconfig %endif %{__cp} %{SOURCE24} mozilla-api-key %{__cp} %{SOURCE27} google-api-key echo "ac_add_options --prefix=\"%{_prefix}\"" >> .mozconfig echo "ac_add_options --libdir=\"%{_libdir}\"" >> .mozconfig %if %{?system_nss} echo "ac_add_options --with-system-nspr" >> .mozconfig echo "ac_add_options --with-system-nss" >> .mozconfig %else echo "ac_add_options --without-system-nspr" >> .mozconfig echo "ac_add_options --without-system-nss" >> .mozconfig %endif echo "ac_add_options --enable-system-ffi" >> .mozconfig %if %{?system_libevent} echo "ac_add_options --with-system-libevent" >> .mozconfig %endif %ifarch %{arm} echo "ac_add_options --disable-elf-hack" >> .mozconfig %endif %if %{?debug_build} echo "ac_add_options --enable-debug" >> .mozconfig echo "ac_add_options --disable-optimize" >> .mozconfig %else %global optimize_flags "none" %ifarch ppc64le aarch64 %global optimize_flags "-g -O2" %endif %if %{optimize_flags} != "none" echo 'ac_add_options --enable-optimize=%{?optimize_flags}' >> .mozconfig %else echo 'ac_add_options --enable-optimize' >> .mozconfig %endif echo "ac_add_options --disable-debug" >> .mozconfig %endif # Second arches fail to start with jemalloc enabled %ifnarch x86_64 echo "ac_add_options --disable-jemalloc" >> .mozconfig %endif %ifnarch %{ix86} x86_64 ppc64le echo "ac_add_options --disable-webrtc" >> .mozconfig %endif echo "ac_add_options --disable-crashreporter" >> .mozconfig echo "ac_add_options --disable-tests" >> .mozconfig echo "ac_add_options --with-system-jpeg" >> .mozconfig %if %{?system_pixman} echo "ac_add_options --enable-system-pixman" >> .mozconfig %endif %if %{?system_libvpx} echo "ac_add_options --with-system-libvpx" >> .mozconfig %else echo "ac_add_options --without-system-libvpx" >> .mozconfig %endif %if %{?system_webp} echo "ac_add_options --with-system-webp" >> .mozconfig %else echo "ac_add_options --without-system-webp" >> .mozconfig %endif %if %{?system_libicu} echo "ac_add_options --with-system-icu" >> .mozconfig %else echo "ac_add_options --without-system-icu" >> .mozconfig %endif %ifarch i586 # Rust seems to default to i686 otherwise echo "ac_add_options --host=i586-mageia-linux-gnu" >> .mozconfig echo "ac_add_options --target=i586-mageia-linux-gnu" >> .mozconfig %endif # api keys full path echo "ac_add_options --with-mozilla-api-keyfile=`pwd`/mozilla-api-key" >> .mozconfig # It seems that the api key we have is for the safe browsing only #echo "ac_add_options --with-google-location-service-api-keyfile=`pwd`/google-api-key" >> .mozconfig echo "ac_add_options --with-google-safebrowsing-api-keyfile=`pwd`/google-api-key" >> .mozconfig # Remove executable bit to make brp-mangle-shebangs happy. chmod -x third_party/rust/itertools/src/lib.rs chmod a-x third_party/rust/ash/src/extensions/ext/*.rs chmod a-x third_party/rust/ash/src/extensions/khr/*.rs chmod a-x third_party/rust/ash/src/extensions/nv/*.rs find -name lib.rs | xargs chmod -x #--------------------------------------------------------------------- %build %if 0%{?use_bundled_cbindgen} mkdir -p my_rust_vendor cd my_rust_vendor %{__tar} xf %{SOURCE2} mkdir -p .cargo cat > .cargo/config <> .mozconfig %endif %endif %ifarch %{arm} %{ix86} %{s390x} export RUSTFLAGS="-Cdebuginfo=0" %endif # We don't wantfirefox to use CK_GCM_PARAMS_V3 in nss MOZ_OPT_FLAGS="$MOZ_OPT_FLAGS -DNSS_PKCS11_3_0_STRICT" echo "export CFLAGS=\"$MOZ_OPT_FLAGS\"" >> .mozconfig echo "export CXXFLAGS=\"$MOZ_OPT_FLAGS\"" >> .mozconfig echo "export LDFLAGS=\"$MOZ_LINK_FLAGS\"" >> .mozconfig %if 0%{?build_with_clang} echo "export LLVM_PROFDATA=\"llvm-profdata\"" >> .mozconfig echo "export AR=\"llvm-ar\"" >> .mozconfig echo "export NM=\"llvm-nm\"" >> .mozconfig echo "export RANLIB=\"llvm-ranlib\"" >> .mozconfig echo "ac_add_options --enable-linker=lld" >> .mozconfig %else echo "export CC=gcc" >> .mozconfig echo "export CXX=g++" >> .mozconfig echo "export AR=\"gcc-ar\"" >> .mozconfig echo "export NM=\"gcc-nm\"" >> .mozconfig echo "export RANLIB=\"gcc-ranlib\"" >> .mozconfig %endif %if 0%{?build_with_pgo} echo "ac_add_options MOZ_PGO=1" >> .mozconfig %endif MOZ_SMP_FLAGS=-j1 # On x86_64 architectures, Mozilla can build up to 4 jobs at once in parallel, # however builds tend to fail on other arches when building in parallel. %ifarch %{ix86} s390x %{arm} aarch64 [ -z "$RPM_BUILD_NCPUS" ] && \ RPM_BUILD_NCPUS="`/usr/bin/getconf _NPROCESSORS_ONLN`" [ "$RPM_BUILD_NCPUS" -ge 2 ] && MOZ_SMP_FLAGS=-j2 %endif %ifarch x86_64 ppc ppc64 ppc64le aarch64 [ -z "$RPM_BUILD_NCPUS" ] && \ RPM_BUILD_NCPUS="`/usr/bin/getconf _NPROCESSORS_ONLN`" [ "$RPM_BUILD_NCPUS" -ge 2 ] && MOZ_SMP_FLAGS=-j2 [ "$RPM_BUILD_NCPUS" -ge 4 ] && MOZ_SMP_FLAGS=-j4 [ "$RPM_BUILD_NCPUS" -ge 8 ] && MOZ_SMP_FLAGS=-j8 %endif echo "mk_add_options MOZ_MAKE_FLAGS=\"$MOZ_SMP_FLAGS\"" >> .mozconfig echo "mk_add_options MOZ_SERVICES_SYNC=1" >> .mozconfig echo "export STRIP=/bin/true" >> .mozconfig echo "export MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE=system" >> .mozconfig export MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE=system ./mach build %install make -C objdir/browser/installer STRIP=/bin/true MOZ_PKG_FATAL_WARNINGS=0 # Copy files to buildroot %{__mkdir_p} %{buildroot}%{mozappdir} cp -rf objdir/dist/firefox/* %{buildroot}%{mozappdir} %{__mkdir_p} %{buildroot}%{_bindir} ln -sf %{mozappdir}/firefox %{buildroot}%{_bindir}/firefox pushd %{buildroot}%{_bindir} ln -sf firefox mozilla-firefox popd mkdir -p %{buildroot}%{mozappdir}/browser/defaults/preferences/ install -m 644 %{SOURCE9} %{buildroot}%{mozappdir}/browser/defaults/preferences/kde.js # Create and own %{_libdir}/mozilla/plugins & firefox extensions directories %{__mkdir_p} %{buildroot}%{pluginsdir} %{__mkdir_p} %{buildroot}%{_libdir}/mozilla/extensions/%{firefox_appid} %{__mkdir_p} %{buildroot}%{_datadir}/mozilla/extensions/%{firefox_appid} # (tpg) desktop entry %{__mkdir_p} %{buildroot}%{_datadir}/applications install -m 644 %{SOURCE4} %{buildroot}%{_datadir}/applications/%{name}.desktop # (tpg) icons #cp %{buildroot}%{mozappdir}/browser/chrome/icons/default/default16.png %{buildroot}/%{mozappdir}/browser/icons/ for i in 16 22 24 32 48 256; do %{__mkdir_p} %{buildroot}%{_iconsdir}/hicolor/"$i"x"$i"/apps %{__install} -m 644 browser/branding/official/default$i.png %{buildroot}%{_iconsdir}/hicolor/"$i"x"$i"/apps/%{name}.png ; done %{__mkdir_p} %{buildroot}{%{_liconsdir},%{_iconsdir},%{_miconsdir}} ln -sf %{mozappdir}/browser/chrome/icons/default/default48.png %{buildroot}%{_liconsdir}/%{name}.png ln -sf %{mozappdir}/browser/chrome/icons/default/default32.png %{buildroot}%{_iconsdir}/%{name}.png ln -sf %{mozappdir}/browser/chrome/icons/default/default16.png %{buildroot}%{_miconsdir}/%{name}.png %{__install} -p -D -m 644 %{SOURCE23} %{buildroot}%{_mandir}/man1/firefox.1 # exclusions rm -f %{buildroot}%{mozappdir}/README.txt rm -f %{buildroot}%{mozappdir}/removed-files rm -f %{buildroot}%{mozappdir}/precomplete # Default %{__cp} %{SOURCE12} %{buildroot}%{mozappdir}/browser/defaults/preferences # display icon for Firefox button %{__mkdir_p} %{buildroot}%{mozappdir}/browser/defaults/profile/chrome cat << EOF > %{buildroot}%{mozappdir}/browser/defaults/profile/chrome/userChrome.css #appmenu-toolbar-button { list-style-image: url("chrome://branding/content/icon16.png"); } EOF # files in this directory are read on every startup, and can change/add # preferences for existing profiles # extensions.autoDisableScopes is a new preference added in firefox 8 # it defines "scopes" where newly installed addons are disabled by default # this is an additive bit field, and the value defaults to 15 (1+2+4+8) # we need to remove system scope (8) from it so language packs and other addons # which are installed systemwide won't get marked as 3rd party and disabled # documentation: http://kb.mozillazine.org/About:config_entries#Extensions. # or in toolkit/mozapps/extensions/AddonManager.jsm # we also need to disable the "disable addon selection dialog" %{__mkdir_p} %{buildroot}%{mozappdir}/browser/defaults/preferences cat << EOF > %{buildroot}%{mozappdir}/browser/defaults/preferences/mga.js pref("general.useragent.locale", "chrome://global/locale/intl.properties"); pref("extensions.autoDisableScopes", 0); pref("extensions.shownSelectionUI", true); EOF # FIXME: Add it back in mga.js when this search engine will be used by default. # user_pref("browser.search.selectedEngine","duckduckgo.com"); # Use the system hunspell dictionaries rm -fr %{buildroot}%{mozappdir}/dictionaries ln -s %{_datadir}/hunspell %{buildroot}%{mozappdir}/dictionaries # Copy over run-mozilla.sh %{__cp} build/unix/run-mozilla.sh %{buildroot}%{mozappdir} # Add distribution.ini %{__mkdir_p} %{buildroot}%{mozappdir}/distribution %{__cp} %{SOURCE26} %{buildroot}%{mozappdir}/distribution %{__sed} -i 's/^\(version=\).*\(\.0\)$/\1%{distro_release}\2/g' %{buildroot}%{mozappdir}/distribution/distribution.ini # (lm) touch and %ghost bookmarks.html to a proper uninstall touch %{buildroot}%{mozappdir}/browser/defaults/profile/bookmarks.html # temp build fix: mkdir -p %{buildroot}%{mozappdir}/browser/searchplugins cp -f %{SOURCE8} %{buildroot}%{mozappdir}/browser/searchplugins/duckduckgo.xml %post if [ ! -r /etc/sysconfig/oem ]; then case `grep META_CLASS /etc/sysconfig/system` in *powerpack) bookmark="mozilla-powerpack.html" ;; *desktop) bookmark="mozilla-one.html";; *) bookmark="mozilla-download.html";; esac ln -s -f %{_prefix}/share/mga/bookmarks/mozilla/$bookmark %{mozappdir}/browser/defaults/profile/bookmarks.html fi %files %{_bindir}/%{name} %{_bindir}/mozilla-firefox %doc %{_mandir}/man1/* %{_iconsdir}/hicolor/*/apps/*.png %{_miconsdir}/%{name}.png %{_iconsdir}/%{name}.png %{_liconsdir}/%{name}.png %{_datadir}/applications/*.desktop %{mozappdir} %ghost %{mozappdir}/browser/defaults/profile/bookmarks.html %dir %{_libdir}/mozilla %dir %{pluginsdir} %dir %{_libdir}/mozilla/extensions/%{firefox_appid} %dir %{_datadir}/mozilla/extensions/%{firefox_appid}