Skip to content

Bug 41155: Update toolchains for 128

Pier Angelo Vendrame requested to merge pierov/tor-browser-build:bug_41155 into main

Merge Info

Related Issues



  • Immediate: patchset needed as soon as possible
  • Next Minor Stable Release: patchset that needs to be verified in nightly before backport
  • Eventually: patchset that needs to be verified in alpha before backport
  • No Backport (preferred): patchset for the next major stable

(Optional) Justification

  • Emergency security update: patchset fixes CVEs, 0-days, etc
  • Censorship event: patchset enables censorship circumvention
  • Critical bug-fix: patchset fixes a bug in core-functionality
  • Consistency: patchset which would make development easier if it were in both the alpha and release branches; developer tools, build system changes, etc
  • Sponsor required: patchset required for sponsor
  • Other: please explain

Issue Tracking


Request Reviewer

  • Request review from an applications developer depending on modified system:
    • NOTE: if the MR modifies multiple areas, please /cc all the relevant reviewers (since gitlab only allows 1 reviewer)
    • accessibility : henry
    • android : clairehurst, dan
    • build system : boklm
    • extensions : ma1
    • firefox internals (XUL/JS/XPCOM) : jwilde, ma1
    • fonts : pierov
    • frontend (implementation) : henry
    • frontend (review) : donuts, richard
    • localization : henry, pierov
    • macOS : clairehurst, dan
    • nightly builds : boklm
    • rebases/release-prep : boklm, dan, ma1, pierov, richard
    • security : jwilde, ma1
    • signing : boklm, richard
    • updater : pierov
    • windows : jwilde, richard
    • misc/other : pierov, richard

Change Description

This is the yearly update for toolchains.

Before doing anything, I tried to remove some redundancy in the Rust configuration file, which had very long lines.

Then I updated the path of Mozilla's YAML files to get the new versions of the toolchains they use. I also updated some loops used to get the toolchain version.

It should be possible to run the various make list_toolchain_updates-firefox-* (except for Android, which I haven't tested).

Then I updated the files we use to extract the macOS SDK package (I already uploaded the new one to

At that point, I started actually updating the various toolchain versions.

I updated:

  • Clang (18.1.5)
    • I updated the various flags we use to match upstream
    • I removed a couple of backported patches
    • I had to take a new patch for the WASI SDK from Firefox
  • Rust (1.78.0)
    • I removed the patch we had to backport to use external LLVM tools
  • Node (18.19.0)
  • Cbindgen 0.26.0
  • Windows specific updates:
    • Mingw
    • Fxc2
    • I had to restore the windres wrapper to fix a build time error with string defined (e.g., -D FIREFOX_ICON=/var/tmp/...). However I took the last available versions, because the version Mozilla has a bug and doesn't work with OpenSSL 32-bit. I don't know why Firefox doesn't have the same problem, and I don't know why 115 worked without the wrapper
    • I had to add a project to download a Windows-specific crate because Firefox doesn't vendor it for some reason I haven't understood. I think there's no way to avoid using the network to do so, but I'll accept any suggestion on how to improve that project.
    • The patch we had for 115 are still there, I didn't have to remove any, nor to add any
  • macOS specific issues
    • I had to bump macosx_deployment_target because otherwise I had a build-time error.

This was enough to get the builds, but Windows wasn't reproducible because of Rust (especially its standard library). And I think Rust wasn't reproducible because of the GCC mingw (the output of mingw-w64-clang is the same, the one of mingw-w64 is very different, both for host binaries and for target libraries).

I took a shortcut, and migrated to the {x86_64,i686}-pc-windows-gnullvm targets. It wasn't trivial to build them, especially because of a patch not included in the vendored sources of the tarball. And patching vendored sources requires to update their hashes 😒.

Also, Firefox can't associate the gnullvm target. I have a simple patch to do so, but it makes Firefox incompatible with the windows-gnu targets, which are the ones for which you can download pre-built binaries.

So, I'm not sure we want to proceed in this direction, but I'm including the commits in the branch for now. I've also opened a MozBug, to see what upstream think of my proposal.

How Tested

I applied this patch for testing and build Tor Browser alpha for desktop.

Mullvad Browser can be built only for Linux and macOS, because we have some problems with mingw we might have to solve first.

I built both on my machine and on tb-build-03 to verify reproduicibility.

Edited by Pier Angelo Vendrame

Merge request reports