# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=firefox-esr
pkgver=68.5.0
pkgrel=0
pkgdesc="Firefox web browser - Extended Support Release"
url="https://www.mozilla.org/en-US/firefox/organizations/"
arch="all !s390x !armhf" # limited by rust and cargo on s390x, fails to build on armhf
license="GPL-3.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND MPL-2.0"
makedepends="
	alsa-lib-dev
	autoconf2.13
	automake
	bsd-compat-headers
	bzip2-dev
	cargo
	cbindgen
	clang-dev
	dbus-glib-dev
	ffmpeg-dev
	gtk+2.0-dev
	gtk+3.0-dev
	hunspell-dev
	icu-dev>=64.2
	libevent-dev
	libidl-dev
	libjpeg-turbo-dev
	libnotify-dev
	libogg-dev
	libtheora-dev
	libtool
	libvorbis-dev
	libxt-dev
	libxcomposite-dev
	llvm9-dev
	mesa-dev
	nasm
	nodejs
	nspr-dev
	nss-dev>=3.45
	nss-static
	python3-dev
	sqlite-dev
	sed
	startup-notification-dev
	wireless-tools-dev
	yasm
	zip
	python2
	"

source="https://ftp.mozilla.org/pub/firefox/releases/${pkgver}esr/source/firefox-${pkgver}esr.source.tar.xz
	stab.h

	fix-fortify-system-wrappers.patch
	fix-seccomp-bpf.patch
	fix-toolkit.patch
	fix-tools.patch
	mallinfo.patch

	disable-moz-stackwalk.patch
	fix-musl.patch
	fix-rust-target.patch
	fix-webrtc-glibcisms.patch
	fix-sandbox-membarrier.patch
	fd6847c9416f9eebde636e21d794d25d1be8791d.patch

	firefox.desktop
	firefox-safe.desktop"

builddir="$srcdir/firefox-$pkgver"
_mozappdir=/usr/lib/firefox

# help our shared-object scanner to find the libs
ldpath="$_mozappdir"

# secfixes:
#   68.5.0-r0:
#     - CVE-2020-6796
#     - CVE-2020-6797
#     - CVE-2020-6798
#     - CVE-2020-6799
#     - CVE-2020-6800
#   68.4.1-r0:
#     - CVE-2019-17016
#     - CVE-2019-17022
#     - CVE-2019-17024
#     - CVE-2019-17026
#   68.3.0-r0:
#     - CVE-2019-17005
#     - CVE-2019-17008
#     - CVE-2019-17009
#     - CVE-2019-17010
#     - CVE-2019-17011
#     - CVE-2019-17012
#   68.2.0-r0:
#     - CVE-2019-11757
#     - CVE-2019-11758
#     - CVE-2019-11759
#     - CVE-2019-11760
#     - CVE-2019-11761
#     - CVE-2019-11762
#     - CVE-2019-11763
#     - CVE-2019-11764
#     - CVE-2019-15903
#   68.1.0-r0:
#     - CVE-2019-9812
#     - CVE-2019-11740
#     - CVE-2019-11742
#     - CVE-2019-11743
#     - CVE-2019-11744
#     - CVE-2019-11746
#     - CVE-2019-11752
#   68.0.2-r0:
#     - CVE-2019-11733
#   68.0-r0:
#     - CVE-2019-11709
#     - CVE-2019-11711
#     - CVE-2019-11712
#     - CVE-2019-11713
#     - CVE-2019-11715
#     - CVE-2019-11717
#     - CVE-2019-11719
#     - CVE-2019-11729
#     - CVE-2019-11730
#     - CVE-2019-9811
#   60.7.2-r0:
#     - CVE-2019-11708
#   60.7.1-r0:
#     - CVE-2019-11707
#   60.7.0-r0:
#     - CVE-2019-9815
#     - CVE-2019-9816
#     - CVE-2019-9817
#     - CVE-2019-9818
#     - CVE-2019-9819
#     - CVE-2019-9820
#     - CVE-2019-11691
#     - CVE-2019-11692
#     - CVE-2019-11693
#     - CVE-2019-7317
#     - CVE-2019-9797
#     - CVE-2018-18511
#     - CVE-2019-11694
#     - CVE-2019-11698
#     - CVE-2019-5798
#     - CVE-2019-9800
#   60.6.1-r0:
#     - CVE-2019-9810
#     - CVE-2019-9813
#     - CVE-2019-9790
#     - CVE-2019-9791
#     - CVE-2019-9792
#     - CVE-2019-9793
#     - CVE-2019-9794
#     - CVE-2019-9795
#     - CVE-2019-9796
#     - CVE-2019-9801
#     - CVE-2018-18506
#     - CVE-2019-9788
#   60.5.2-r0:
#     - CVE-2019-5785
#     - CVE-2018-18335
#     - CVE-2018-18356
#   60.5.0-r0:
#     - CVE-2018-18500
#     - CVE-2018-18505
#     - CVE-2018-18501
#   52.6.0-r0:
#     - CVE-2018-5089
#     - CVE-2018-5091
#     - CVE-2018-5095
#     - CVE-2018-5096
#     - CVE-2018-5097
#     - CVE-2018-5098
#     - CVE-2018-5099
#     - CVE-2018-5102
#     - CVE-2018-5103
#     - CVE-2018-5104
#     - CVE-2018-5117
#   52.5.2-r0:
#     - CVE-2017-7843
#     - CVE-2017-7843

prepare() {
	default_prepare
	cp "$srcdir"/stab.h toolkit/crashreporter/google-breakpad/src/
}

build() {
	mkdir -p "$builddir"/objdir
	cd "$builddir"/objdir

	export SHELL=/bin/sh
	export BUILD_OFFICIAL=1
	export MOZILLA_OFFICIAL=1
	export USE_SHORT_LIBNAME=1
	# gcc 6
	export CXXFLAGS="-fno-delete-null-pointer-checks -fno-schedule-insns2"

	# set rpath so linker finds the libs
	export LDFLAGS="$LDFLAGS -Wl,-rpath,$_mozappdir"

	case "$CARCH" in
		x86)
			# disable-elf-hack: exists only on arm, x86, x86_64
			_arch_config="--disable-elf-hack"
			export RUST_TARGET="i686-unknown-linux-musl"
			;;
		x86_64)
			# disable-elf-hack: exists only on arm, x86, x86_64
			_arch_config="--disable-elf-hack"
			export RUST_TARGET="$CTARGET"
			;;
		aarch64)
			export RUST_TARGET="aarch64-unknown-linux-musl"
			;;
		armv7)
			# disable-elf-hack: exists only on arm, x86, x86_64
			_arch_config="--disable-elf-hack"
			export RUST_TARGET="armv7-unknown-linux-musleabihf"
			;;
		armhf)
			# disable-elf-hack: exists only on arm, x86, x86_64
			_arch_config="--disable-elf-hack"
			export RUST_TARGET="arm-unknown-linux-musleabihf"
			;;
		ppc64le)
			export RUST_TARGET="powerpc64le-unknown-linux-musl"
			;;
	esac

	# FF doesn't have SIMD available on these arches.
	case "$CARCH" in
		armhf|armv7)
			_rust_simd="--disable-rust-simd"
			_low_mem_flags="--disable-debug-symbols --disable-debug"
			export RUSTFLAGS="$RUSTFLAGS -C debuginfo=0"
			;;
		x86)
			_low_mem_flags="--disable-debug-symbols --disable-debug"
			export RUSTFLAGS="$RUSTFLAGS -C debuginfo=0"
			;;
		*) _rust_simd="--enable-rust-simd" ;;
	esac

	../configure \
		--prefix=/usr \
		$_arch_config \
		\
		--disable-crashreporter \
		--disable-gold \
		--disable-install-strip \
		--disable-jemalloc \
		--disable-profiling \
		--disable-pulseaudio \
		--disable-strip \
		--disable-tests \
		--disable-updater \
		\
		--enable-alsa \
		--enable-default-toolkit=cairo-gtk3 \
		--enable-official-branding \
		--enable-optimize="$CFLAGS -O2" \
		--enable-startup-notification \
		--enable-system-ffi \
		--enable-system-sqlite \
		--enable-ffmpeg \
		$_rust_simd \
		$_low_mem_flags \
		--enable-hardening \
		\
		--with-system-bz2 \
		--with-system-icu \
		--with-system-libevent \
		--with-system-nspr \
		--with-system-nss \
		--with-system-pixman \
		--with-system-png \
		--with-system-zlib \
		--with-clang-path=/usr/bin/clang \
		--with-libclang-path=/usr/lib
		# FIXME: fix build with --with-system-libvpx and libvpx 1.8.0
		# https://bugzilla.mozilla.org/show_bug.cgi?id=1525393
	make
}

package() {
	cd "$builddir"/objdir

	make install \
		DESTDIR="$pkgdir" \
		MOZ_MAKE_FLAGS="$MAKEOPTS"

	install -m755 -d "$pkgdir"/usr/share/applications
	install -m755 -d "$pkgdir"/usr/share/pixmaps

	local _png
	for _png in ../browser/branding/official/default*.png; do
		local i=${_png%.png}
		i=${i##*/default}
		install -D -m644 "$_png" "$pkgdir"/usr/share/icons/hicolor/"$i"x"$i"/apps/firefox.png
	done

	install -m644 "$builddir"/browser/branding/official/default48.png \
		"$pkgdir"/usr/share/pixmaps/firefox.png
	install -m644 "$srcdir"/firefox.desktop "$pkgdir"/usr/share/applications/firefox.desktop
	install -m644 "$srcdir"/firefox-safe.desktop "$pkgdir"/usr/share/applications/firefox-safe.desktop

	# install our vendor prefs
	install -d "$pkgdir"/$_mozappdir/browser/defaults/preferences

	cat >> "$pkgdir"/$_mozappdir/browser/defaults/preferences/firefox-branding.js <<- EOF
	// Use LANG environment variable to choose locale
	pref("intl.locale.requested", "");

	// Disable default browser checking.
	pref("browser.shell.checkDefaultBrowser", false);

	// Don't disable our bundled extensions in the application directory
	pref("extensions.autoDisableScopes", 11);
	pref("extensions.shownSelectionUI", true);
	EOF
}

sha512sums="0acf4ecd47bccf062ab330231e36355f5d84e66ab411f653ae3160583613840925bb473c0f7dfa4b15311a543940293c4633516851c9466c4b0133c9271710d3  firefox-68.5.0esr.source.tar.xz
0b3f1e4b9fdc868e4738b5c81fd6c6128ce8885b260affcb9a65ff9d164d7232626ce1291aaea70132b3e3124f5e13fef4d39326b8e7173e362a823722a85127  stab.h
2f4f15974d52de4bb273b62a332d13620945d284bbc6fe6bd0a1f58ff7388443bc1d3bf9c82cc31a8527aad92b0cd3a1bc41d0af5e1800e0dcbd7033e58ffd71  fix-fortify-system-wrappers.patch
84b84d2d7dbc16002510bf856796ad345ac38ef6d3254670230189bba7c2d4781714d231236d5a3d70129a4597b430c3171644b01ad0f5a5bb13b55d407337a4  fix-seccomp-bpf.patch
2c65ea7280e6e89826ebad563ee25203a99ff0b4ba8fc60ec261ada6c69874d649c6ac92fcecc6307a6e5a00de27d7956acf944d556ddfadec0411be16f4e0b8  fix-toolkit.patch
4d55f41d15be7457ad630f8f07e4fc0314c2f75720010b4bbe6a2a7f3228210a1e069949e11795efbe2e784b0762e79fdfe5b8ec38e8a64cb8d9cf3b57dd5af1  fix-tools.patch
a4a3e062661bda64d502d426c480ac9645345860118de9df9ffe6e0597738c70c11e5cdef2d4fd12c5e2ee30a09310159230524655a419a4f7e4eeeb0f3c06b0  mallinfo.patch
454ea3263cabce099accbdc47aaf83be26a19f8b5a4568c01a7ef0384601cf8315efd86cd917f9c8bf419c2c845db89a905f3ff9a8eb0c8e41042e93aa96a85c  disable-moz-stackwalk.patch
e0df4fc649012f023443ce9165da29d36459dbca5df64a31008b28d96264fba909858de36d0cf1b1cb1aab898342413f0cd77c90ebe21d1f9a0504631d6d1d0e  fix-musl.patch
1bf1f579ced0ca47d156eb45962114f9867cf224c2ba34dfc106227648322ecf729243d2a6e84b72cb011abadc36ed84990960bded764fd4243fc9cb22084ce5  fix-rust-target.patch
d35cacb9ede80e6bfbef0709823e536dddfb1c02d776275b0b7adb5969e9927d8c6117df96873569c3f3db0a18ee5db24f8086a9311a05077892be43a3dd8d79  fix-webrtc-glibcisms.patch
f85f2c19c3dafab915bcb40e580fc442fd9eab5916696849edf0b105c758dd807dfe23a6479935613c81496711eb377c73227c03eb8582204c3442a4d0e397a2  fix-sandbox-membarrier.patch
60845dcb034b2c4459c30f7d5f25c8176cf42df794e2cc0e86c3e2abb6541c24b962f3a16ca70a288d4d6f377b68d00b2904b22463108559612053d835d9bff1  fd6847c9416f9eebde636e21d794d25d1be8791d.patch
f3b7c3e804ce04731012a46cb9e9a6b0769e3772aef9c0a4a8c7520b030fdf6cd703d5e9ff49275f14b7d738fe82a0a4fde3bc3219dff7225d5db0e274987454  firefox.desktop
5dcb6288d0444a8a471d669bbaf61cdb1433663eff38b72ee5e980843f5fc07d0d60c91627a2c1159215d0ad77ae3f115dcc5fdfe87e64ca704b641aceaa44ed  firefox-safe.desktop"
