diff -r e969636be188 -r 2f9f2e040647 MozillaFirefox/MozillaFirefox.spec --- a/MozillaFirefox/MozillaFirefox.spec Tue Jun 07 21:44:20 2016 +0200 +++ b/MozillaFirefox/MozillaFirefox.spec Wed Jun 08 13:45:00 2016 +0200 @@ -18,10 +18,13 @@ # changed with every update -%define major 46 -%define mainver %major.0.1 +%define major 47 +%define mainver %major.0 %define update_channel release -%define releasedate 2016050300 +%define releasedate 20160606000000 + +# PIE, full relro (x86_64 for now) +%define build_hardened 1 # general build definitions %if "%{update_channel}" != "aurora" @@ -41,12 +44,6 @@ %define __find_requires sh %{SOURCE4} %global provfind sh -c "grep -v '.so' | %__find_provides" %global __find_provides %provfind -%if 0%{?suse_version} > 1310 -%define gstreamer_ver 1.0 -%define gstreamer 1 -%else -%define gstreamer_ver 0.10 -%endif # Set up Google API keys, see http://www.chromium.org/developers/how-tos/api-keys # Note: these are for the openSUSE Firefox builds ONLY. For your own distribution, # please get your own set of keys. @@ -78,7 +75,7 @@ BuildRequires: libproxy-devel BuildRequires: makeinfo BuildRequires: mozilla-nspr-devel >= 4.12 -BuildRequires: mozilla-nss-devel >= 3.22.3 +BuildRequires: mozilla-nss-devel >= 3.23 BuildRequires: nss-shared-helper-devel BuildRequires: python-devel BuildRequires: startup-notification-devel @@ -87,9 +84,6 @@ BuildRequires: xorg-x11-libXt-devel BuildRequires: yasm BuildRequires: zip -BuildRequires: pkgconfig(gstreamer-%gstreamer_ver) -BuildRequires: pkgconfig(gstreamer-app-%gstreamer_ver) -BuildRequires: pkgconfig(gstreamer-plugins-base-%gstreamer_ver) BuildRequires: pkgconfig(libpulse) %if 0%{?firefox_use_gtk3} BuildRequires: pkgconfig(glib-2.0) @@ -97,26 +91,11 @@ BuildRequires: pkgconfig(gtk+-3.0) >= 3.4.0 BuildRequires: pkgconfig(gtk+-unix-print-3.0) %endif -# libavcodec is already used if available for H.264 but -# explicitely loaded by FF. For proper H.264 support the -# openSUSE delivered version is not sufficient but currently -# prevents even the use of the GStreamer method -# https://bugzilla.mozilla.org/show_bug.cgi?id=1234157 -# to get H.264 working correctly libavcodec from packman -# is required. As of today the following recommends will -# pull in libavcodec52 from packman since it's the only -# package providing libavcodec but it's not loaded from -# Firefox as the minimal version is 53 +# libavcodec is required for H.264 support but the +# openSUSE version is currently not able to play H.264 +# therefore the Packman version is required +# minimum version of libavcodec is 53 #Recommends: libavcodec -%if 0%{?gstreamer} == 1 -Requires: libgstreamer-1_0-0 -Recommends: gstreamer-fluendo-mp3 -Recommends: gstreamer-plugins-libav -%else -Requires: libgstreamer-0_10-0 -Recommends: gstreamer-0_10-fluendo-mp3 -Recommends: gstreamer-0_10-plugins-ffmpeg -%endif Version: %{mainver} Release: 0 %if "%{name}" == "MozillaFirefox" @@ -162,13 +141,13 @@ Patch4: mozilla-preferences.patch Patch5: mozilla-language.patch Patch6: mozilla-ntlm-full-path.patch -Patch7: mozilla-repo.patch Patch8: mozilla-openaes-decl.patch Patch10: mozilla-no-stdcxx-check.patch -Patch11: mozilla-libproxy.patch -Patch12: mozilla-reduce-files-per-UnifiedBindings.patch -Patch13: mozilla-gtk3_20.patch -Patch14: mozilla-check_return.patch +Patch11: mozilla-reduce-files-per-UnifiedBindings.patch +Patch12: mozilla-gtk3_20.patch +Patch13: mozilla-check_return.patch +Patch14: mozilla-gcc6.patch +Patch15: mozilla-exclude-nametablecpp.patch # Firefox/browser Patch101: firefox-kde.patch Patch102: firefox-no-default-ualocale.patch @@ -274,15 +253,15 @@ %patch4 -p1 %patch5 -p1 %patch6 -p1 -%patch7 -p1 %patch8 -p1 %patch10 -p1 %patch11 -p1 +%if 0%{?firefox_use_gtk3} %patch12 -p1 -%if 0%{?firefox_use_gtk3} +%endif %patch13 -p1 -%endif %patch14 -p1 +%patch15 -p1 # Firefox %patch101 -p1 %patch102 -p1 @@ -301,7 +280,7 @@ exit 1 fi source %{SOURCE5} -export MOZ_SOURCE_STAMP=$REV +export MOZ_SOURCE_CHANGESET=$REV export SOURCE_REPO=$REPO export source_repo=$REPO export MOZ_SOURCE_REPO=$REPO @@ -318,6 +297,11 @@ # Limit RAM usage during link export LDFLAGS="${LDFLAGS} -Wl,--no-keep-memory -Wl,--reduce-memory-overheads" %endif +%if 0%{?build_hardened} +%ifarch x86_64 +export LDFLAGS="${LDFLAGS} -Wl,-z,relro,-z,now" +%endif +%endif %ifarch ppc64 ppc64le export CFLAGS="$CFLAGS -mminimal-toc" %endif @@ -340,13 +324,16 @@ %else ac_add_options --enable-default-toolkit=cairo-gtk2 %endif +%if 0%{?build_hardened} +ac_add_options --enable-pie +%endif %ifarch %ix86 %arm %if 0%{?suse_version} > 1230 ac_add_options --disable-optimize %endif %endif -%ifnarch ppc ppc64 ppc64le aarch64 -ac_add_options --enable-elf-hack +%ifarch ppc ppc64 ppc64le aarch64 %arm +ac_add_options --disable-elf-hack %endif ac_add_options --with-system-nspr ac_add_options --with-system-nss @@ -356,16 +343,12 @@ #ac_add_options --with-system-jpeg # libjpeg-turbo is used internally #ac_add_options --with-system-png # doesn't work because of missing APNG support ac_add_options --with-system-zlib -ac_add_options --disable-installer ac_add_options --disable-updater ac_add_options --disable-tests ac_add_options --disable-debug ac_add_options --enable-startup-notification #ac_add_options --enable-chrome-format=jar ac_add_options --enable-update-channel=%{update_channel} -%if 0%{?gstreamer} == 1 -ac_add_options --enable-gstreamer=1.0 -%endif %if %branding ac_add_options --enable-official-branding %endif @@ -374,7 +357,6 @@ ac_add_options --disable-crashreporter %endif %ifarch %arm -ac_add_options --disable-elf-hack ac_add_options --with-fpu=vfpv3-d16 ac_add_options --with-float-abi=hard ac_add_options --with-arch=armv7-a