diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2016-12-11 21:49:08 +0000 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2016-12-11 21:49:08 +0000 |
commit | 4cc15ed2bb18d39b9c8dc4683dc0a544167448d2 (patch) | |
tree | 967458992aabeae83c4bfce8704f8e9103cdfd4e /mail-client/thunderbird/thunderbird-45.5.1.ebuild | |
parent | 9fb01e043b657ffc55336ebe333468ecb4dbf42a (diff) |
fix critical security issue in firefox and thunderbird (CVE-2016-9079: Use-after-free in SVG Animation) : https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/
Diffstat (limited to 'mail-client/thunderbird/thunderbird-45.5.1.ebuild')
-rw-r--r-- | mail-client/thunderbird/thunderbird-45.5.1.ebuild | 391 |
1 files changed, 391 insertions, 0 deletions
diff --git a/mail-client/thunderbird/thunderbird-45.5.1.ebuild b/mail-client/thunderbird/thunderbird-45.5.1.ebuild new file mode 100644 index 00000000..1b83cbf1 --- /dev/null +++ b/mail-client/thunderbird/thunderbird-45.5.1.ebuild @@ -0,0 +1,391 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=6 +WANT_AUTOCONF="2.1" +MOZ_ESR="" +MOZ_LIGHTNING_VER="4.7.5.1" +MOZ_LIGHTNING_GDATA_VER="2.6" + +# This list can be updated using scripts/get_langs.sh from the mozilla overlay +MOZ_LANGS=(ar ast be bg bn-BD br ca cs cy da de el en en-GB en-US es-AR +es-ES et eu fi fr fy-NL ga-IE gd gl he hr hsb hu hy-AM id is it ja ko lt +nb-NO nl nn-NO pa-IN pl pt-BR pt-PT rm ro ru si sk sl sq sr sv-SE ta-LK tr +uk vi zh-CN zh-TW ) + +# Convert the ebuild version to the upstream mozilla version, used by mozlinguas +MOZ_PV="${PV/_beta/b}" + +# Enigmail version +EMVER="1.9.1" + +# Patches +PATCH="thunderbird-38.0-patches-0.1" +PATCHFF="firefox-45.0-patches-07" + +MOZ_HTTP_URI="https://archive.mozilla.org/pub/${PN}/releases" + +# ESR releases have slightly version numbers +if [[ ${MOZ_ESR} == 1 ]]; then + MOZ_PV="${MOZ_PV}esr" +fi +MOZ_P="${PN}-${MOZ_PV}" + +MOZCONFIG_OPTIONAL_JIT="enabled" +inherit flag-o-matic toolchain-funcs mozconfig-v6.45 makeedit autotools pax-utils check-reqs nsplugins mozlinguas-v2 fdo-mime gnome2-utils + +DESCRIPTION="Thunderbird Mail Client" +HOMEPAGE="http://www.mozilla.com/en-US/thunderbird/" + +KEYWORDS="~alpha amd64 ~arm ~ppc ~ppc64 x86 ~x86-fbsd ~amd64-linux ~x86-linux" +SLOT="0" +LICENSE="MPL-2.0 GPL-2 LGPL-2.1" +IUSE="bindist crypt hardened ldap lightning +minimal mozdom selinux" +RESTRICT="!bindist? ( bindist )" + +PATCH_URIS=( https://dev.gentoo.org/~{anarchy,axs,polynomial-c}/mozilla/patchsets/{${PATCH},${PATCHFF}}.tar.xz ) +SRC_URI="${SRC_URI} + ${MOZ_HTTP_URI}/${MOZ_PV}/source/${MOZ_P}.source.tar.xz + https://dev.gentoo.org/~axs/distfiles/lightning-${MOZ_LIGHTNING_VER}.tar.xz + lightning? ( https://dev.gentoo.org/~axs/distfiles/gdata-provider-${MOZ_LIGHTNING_GDATA_VER}-r1.tar.xz ) + crypt? ( http://www.enigmail.net/download/source/enigmail-${EMVER}.tar.gz ) + ${PATCH_URIS[@]}" + +ASM_DEPEND=">=dev-lang/yasm-1.1" + +CDEPEND=" + >=dev-libs/nss-3.21.1 + >=dev-libs/nspr-4.12 + !x11-plugins/enigmail + crypt? ( || ( + ( >=app-crypt/gnupg-2.0 + || ( + app-crypt/pinentry[gtk(-)] + app-crypt/pinentry[qt4(-)] + app-crypt/pinentry[qt5(-)] + ) + ) + =app-crypt/gnupg-1.4* + ) )" + +DEPEND="${CDEPEND} + amd64? ( ${ASM_DEPEND} + virtual/opengl ) + x86? ( ${ASM_DEPEND} + virtual/opengl )" + +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-thunderbird ) +" + +S="${WORKDIR}/${MOZ_P}" + +BUILD_OBJ_DIR="${S}/tbird" + +pkg_setup() { + moz_pkgsetup + + export MOZILLA_DIR="${S}/mozilla" + + if ! use bindist ; then + elog "You are enabling official branding. You may not redistribute this build" + elog "to any users on your network or the internet. Doing so puts yourself into" + elog "a legal problem with Mozilla Foundation" + elog "You can disable it by emerging ${PN} _with_ the bindist USE-flag" + elog + fi +} + +pkg_pretend() { + # Ensure we have enough disk space to compile + CHECKREQS_DISK_BUILD="4G" + check-reqs_pkg_setup + + if use jit && [[ -n ${PROFILE_IS_HARDENED} ]]; then + ewarn "You are emerging this package on a hardened profile with USE=jit enabled." + ewarn "This is horribly insecure as it disables all PAGEEXEC restrictions." + ewarn "Please ensure you know what you are doing. If you don't, please consider" + ewarn "emerging the package with USE=-jit" + fi +} + +src_unpack() { + unpack ${A} + + # Unpack language packs + mozlinguas_src_unpack + + # this version of lightning is a .tar.xz, no xpi needed + #xpi_unpack lightning-${MOZ_LIGHTNING_VER}.xpi + + # this version of gdata-provider is a .tar.xz , no xpi needed + #use lightning && xpi_unpack gdata-provider-${MOZ_LIGHTNING_GDATA_VER}.xpi +} + +src_prepare() { + # Apply our Thunderbird patchset + rm -f "${WORKDIR}"/thunderbird/2001_ldap_respect_cflags.patch + eapply "${WORKDIR}/thunderbird" + + # Apply our patchset from firefox to thunderbird as well + pushd "${S}"/mozilla &>/dev/null || die + eapply "${WORKDIR}/firefox" + popd &>/dev/null || die + + # Ensure that are plugins dir is enabled as default + sed -i -e "s:/usr/lib/mozilla/plugins:/usr/lib/nsbrowser/plugins:" \ + "${S}"/mozilla/xpcom/io/nsAppFileLocationProvider.cpp || die "sed failed to replace plugin path for 32bit!" + sed -i -e "s:/usr/lib64/mozilla/plugins:/usr/lib64/nsbrowser/plugins:" \ + "${S}"/mozilla/xpcom/io/nsAppFileLocationProvider.cpp || die "sed failed to replace plugin path for 64bit!" + + # Don't exit with error when some libs are missing which we have in + # system. + sed '/^MOZ_PKG_FATAL_WARNINGS/s@= 1@= 0@' \ + -i "${S}"/mail/installer/Makefile.in || die + + # Don't error out when there's no files to be removed: + sed 's@\(xargs rm\)$@\1 -f@' \ + -i "${S}"/mozilla/toolkit/mozapps/installer/packager.mk || die + + # Shell scripts sometimes contain DOS line endings; bug 391889 + grep -rlZ --include="*.sh" $'\r$' . | + while read -r -d $'\0' file ; do + einfo edos2unix "${file}" + edos2unix "${file}" + done + + # Allow user to apply any additional patches without modifing ebuild + eapply_user + + # Confirm the version of lightning being grabbed for langpacks is the same + # as that used in thunderbird + local THIS_MOZ_LIGHTNING_VER=$(python "${S}"/calendar/lightning/build/makeversion.py ${PV}) + if [[ ${MOZ_LIGHTNING_VER} != ${THIS_MOZ_LIGHTNING_VER} ]]; then + eqawarn "The version of lightning used for localization differs from the version" + eqawarn "in thunderbird. Please update MOZ_LIGHTNING_VER in the ebuild from ${MOZ_LIGHTNING_VER}" + eqawarn "to ${THIS_MOZ_LIGHTNING_VER}" + fi + + eautoreconf + # Ensure we run eautoreconf in mozilla to regenerate configure + cd "${S}"/mozilla || die + eautoconf + cd "${S}"/mozilla/js/src || die + eautoconf +} + +src_configure() { + MEXTENSIONS="default" + + #################################### + # + # mozconfig, CFLAGS and CXXFLAGS setup + # + #################################### + + mozconfig_init + mozconfig_config + + # It doesn't compile on alpha without this LDFLAGS + use alpha && append-ldflags "-Wl,--no-relax" + + # Add full relro support for hardened + use hardened && append-ldflags "-Wl,-z,relro,-z,now" + + mozconfig_annotate '' --enable-extensions="${MEXTENSIONS}" + mozconfig_annotate '' --disable-mailnews + mozconfig_annotate '' --enable-calendar + + # Other tb-specific settings + mozconfig_annotate '' --with-user-appdir=.thunderbird + + mozconfig_use_enable ldap + + mozlinguas_mozconfig + + # Bug #72667 + if use mozdom; then + MEXTENSIONS="${MEXTENSIONS},inspector" + fi + + # Use an objdir to keep things organized. + echo "mk_add_options MOZ_OBJDIR=${BUILD_OBJ_DIR}" >> "${S}"/.mozconfig + + # Finalize and report settings + mozconfig_final + + #################################### + # + # Configure and build + # + #################################### + + # Disable no-print-directory + MAKEOPTS=${MAKEOPTS/--no-print-directory/} + + if [[ $(gcc-major-version) -lt 4 ]]; then + append-cxxflags -fno-stack-protector + fi + + if use crypt; then + pushd "${WORKDIR}"/enigmail &>/dev/null ||die + econf + popd &>/dev/null ||die + fi +} + +src_compile() { + mkdir -p "${BUILD_OBJ_DIR}" && cd "${BUILD_OBJ_DIR}" || die + + CC="$(tc-getCC)" CXX="$(tc-getCXX)" LD="$(tc-getLD)" \ + MOZ_MAKE_FLAGS="${MAKEOPTS}" SHELL="${SHELL:-${EPREFIX%/}/bin/bash}" \ + emake -f "${S}"/client.mk + + # Only build enigmail extension if crypt enabled. + if use crypt ; then + einfo "Building enigmail" + pushd "${WORKDIR}"/enigmail &>/dev/null || die + emake -j1 + emake -j1 xpi + popd &>/dev/null || die + fi +} + +src_install() { + declare emid + cd "${BUILD_OBJ_DIR}" || die + + # Copy our preference before omnijar is created. + cp "${FILESDIR}"/thunderbird-gentoo-default-prefs-1.js-1 \ + "${BUILD_OBJ_DIR}/dist/bin/defaults/pref/all-gentoo.js" \ + || die + + mozconfig_install_prefs \ + "${BUILD_OBJ_DIR}/dist/bin/defaults/pref/all-gentoo.js" + + # dev-db/sqlite does not have FTS3_TOKENIZER support. + # gloda needs it to function, and bad crashes happen when its enabled and doesn't work + if in_iuse system-sqlite && use system-sqlite ; then + echo "lockPref(\"mailnews.database.global.indexer.enabled\", false);" \ + >>"${BUILD_OBJ_DIR}/dist/bin/defaults/pref/all-gentoo.js" || die + fi + + # Pax mark xpcshell for hardened support, only used for startupcache creation. + pax-mark m "${BUILD_OBJ_DIR}"/dist/bin/xpcshell + + MOZ_MAKE_FLAGS="${MAKEOPTS}" \ + emake DESTDIR="${D}" install + + # Install language packs + mozlinguas_src_install + + local size sizes icon_path icon + if ! use bindist; then + icon_path="${S}/other-licenses/branding/thunderbird" + icon="${PN}-icon" + + domenu "${FILESDIR}"/icon/${PN}.desktop + else + icon_path="${S}/mail/branding/aurora" + icon="${PN}-icon-unbranded" + + newmenu "${FILESDIR}"/icon/${PN}-unbranded.desktop \ + ${PN}.desktop + + sed -i -e "s:Mozilla\ Thunderbird:EarlyBird:g" \ + "${ED}"/usr/share/applications/${PN}.desktop + fi + + # Install a 48x48 icon into /usr/share/pixmaps for legacy DEs + newicon "${icon_path}"/mailicon48.png "${icon}".png + # Install icons for menu entry + sizes="16 22 24 32 48 256" + for size in ${sizes}; do + newicon -s ${size} "${icon_path}/mailicon${size}.png" "${icon}.png" + done + + local emid + # stage extra locales for lightning and install over existing + mozlinguas_xpistage_langpacks "${BUILD_OBJ_DIR}"/dist/xpi-stage/lightning \ + "${WORKDIR}"/lightning-${MOZ_LIGHTNING_VER} lightning calendar + + emid='{e2fda1a4-762b-4020-b5ad-a41df1933103}' + mkdir -p "${T}/${emid}" || die + cp -RLp -t "${T}/${emid}" "${BUILD_OBJ_DIR}"/dist/xpi-stage/lightning/* || die + insinto ${MOZILLA_FIVE_HOME}/distribution/extensions + doins -r "${T}/${emid}" + + if use lightning; then + # move lightning out of distribution/extensions and into extensions for app-global install + mv "${ED}"/${MOZILLA_FIVE_HOME}/{distribution,}/extensions/${emid} || die + + # stage extra locales for gdata-provider and install app-global + mozlinguas_xpistage_langpacks "${BUILD_OBJ_DIR}"/dist/xpi-stage/gdata-provider \ + "${WORKDIR}"/gdata-provider-${MOZ_LIGHTNING_GDATA_VER} + emid='{a62ef8ec-5fdc-40c2-873c-223b8a6925cc}' + mkdir -p "${T}/${emid}" || die + cp -RLp -t "${T}/${emid}" "${BUILD_OBJ_DIR}"/dist/xpi-stage/gdata-provider/* || die + insinto ${MOZILLA_FIVE_HOME}/extensions + doins -r "${T}/${emid}" + fi + + if use crypt ; then + local enigmail_xpipath="${WORKDIR}/enigmail/build" + cd "${T}" || die + unzip "${enigmail_xpipath}"/enigmail*.xpi install.rdf || die + emid=$(sed -n '/<em:id>/!d; s/.*\({.*}\).*/\1/; p; q' install.rdf) + + dodir ${MOZILLA_FIVE_HOME}/extensions/${emid} || die + cd "${ED}"${MOZILLA_FIVE_HOME}/extensions/${emid} || die + unzip "${enigmail_xpipath}"/enigmail*.xpi || die + fi + + # Required in order for jit to work on hardened, for mozilla-31 and above + use jit && pax-mark pm "${ED}"${MOZILLA_FIVE_HOME}/{thunderbird,thunderbird-bin} + + # Plugin-container needs to be pax-marked for hardened to ensure plugins such as flash + # continue to work as expected. + pax-mark m "${ED}"${MOZILLA_FIVE_HOME}/plugin-container + + if use minimal; then + rm -r "${ED}"/usr/include "${ED}"${MOZILLA_FIVE_HOME}/{idl,include,lib,sdk} || \ + die "Failed to remove sdk and headers" + fi +} + +pkg_preinst() { + gnome2_icon_savelist +} + +pkg_postinst() { + fdo-mime_desktop_database_update + gnome2_icon_cache_update + + if use crypt; then + local peimpl=$(eselect --brief --colour=no pinentry show) + case "${peimpl}" in + *gtk*|*qt*) ;; + *) ewarn "The pinentry front-end currently selected is not one supported by thunderbird." + ewarn "You may be prompted for your password in an inaccessible shell!!" + ewarn "Please use 'eselect pinentry' to select either the gtk or qt front-end" + ;; + esac + fi + elog + elog "If you experience problems with plugins please issue the" + elog "following command : rm \${HOME}/.thunderbird/*/extensions.sqlite ," + elog "then restart thunderbird" + if ! use lightning; then + elog + elog "If calendar fails to show up in extensions please open config editor" + elog "and set extensions.lastAppVersion to 38.0.0 to force a reload. If this" + elog "fails to show the calendar extension after restarting with above change" + elog "please file a bug report." + fi +} + +pkg_postrm() { + fdo-mime_desktop_database_update + gnome2_icon_cache_update +} |