Commit e0b42456 authored by J0WI's avatar J0WI Committed by Leo
Browse files

community/firefox: security upgrade to 80.0

parent ee8ebcc4
Pipeline #43330 skipped
......@@ -2,10 +2,10 @@
# Contributor: Sören Tempel <>
# Maintainer: Rasmus Thomsen <>
# Date of release, YY-MM-DD for metainfo file (see package())
pkgdesc="Firefox web browser"
# Limited on:
......@@ -80,7 +80,6 @@ source="$pkgver/source/firefox-$pkg
......@@ -332,7 +331,7 @@ npapi() {
amove usr/lib/firefox/gtk2
sha512sums="19b068446757fca1247efe4135635c48c01f445a724ffb2a34c20b8b63f9bd920e9a78849f268997434d1863ba091eab8a99a02b2073f08d2891d2678d1ff73e firefox-79.0.source.tar.xz
sha512sums="6cfba55615d032e77f973ffdb1d4bb27c3c00d1ef642521284afa3e01a1bd29c6db963181e9ebefb0a44e49b96c3f93e57ce49541eae7e5a54d3360ffa81c1f3 firefox-80.0.source.tar.xz
0b3f1e4b9fdc868e4738b5c81fd6c6128ce8885b260affcb9a65ff9d164d7232626ce1291aaea70132b3e3124f5e13fef4d39326b8e7173e362a823722a85127 stab.h
2f4f15974d52de4bb273b62a332d13620945d284bbc6fe6bd0a1f58ff7388443bc1d3bf9c82cc31a8527aad92b0cd3a1bc41d0af5e1800e0dcbd7033e58ffd71 fix-fortify-system-wrappers.patch
4510fb92653d0fdcfbc6d30e18087c0d22d4acd5eb53be7d0a333abe087a9e0bf9e58e56bafe96e1e1b28ebd1fd33b8926dbb70c221007e335b33d1468755c66 fix-tools.patch
......@@ -349,5 +348,4 @@ f963fcdba7307a0b1712dfb95ceba4ab49f449f60e550bb69d15d50272e6df9add90862251ee561e
4911ddb41bef8d9f6d6200159cde465627e940fe1c09099be55769d21a5a52a3f737e1bf803daa96126c035b091aea880fbc5d2e6cf5da96ddd17322461a72d6 sandbox-fork.patch
db26757b2ebf9f567962e32294b4ae48b3a5d0378a7589dfe650fe3a179ff58befbab5082981c68e1c25fb9e56b2db1e4e510d4bca17c3e3aedbf9a2f21806eb sandbox-sched_setscheduler.patch
5927f4f6fa9e6a208bed1f37e2c2f2e9633d280a7cb2baa0c74567107ba30524b7ccbbea5961a34eb7a3c39ec07c5a11ef5e2bb5dd5ca884441f9e868c056503 firefox-pipewire-0-3.patch
360c687f45bfc13812f0dc4e42afafe410c801d8df7a73ec947cb110677ea51087ed123d36b3d1e959eb438f77c44d9a90b503dd611a962453a55d93938f7016 avoid-redefinition.patch
b8437c0d8c48b99f5a528d782340c6bb61509c444da8b3414acc3cb3359e547bf20f1cc3086881fb03c9db5bb3fb604bb900b3f9938bbc9bc3ddde9a679eaae2 fix-rustc-1.45-build.patch"
360c687f45bfc13812f0dc4e42afafe410c801d8df7a73ec947cb110677ea51087ed123d36b3d1e959eb438f77c44d9a90b503dd611a962453a55d93938f7016 avoid-redefinition.patch"
Upstream: Yes, combination of and
Reason: Fixes build w/ Rust 1.45
# HG changeset patch
# User Mike Hommey <>
# Date 1595885037 0
# Node ID 9181214a2308b5b614e7a60c6e99bd3130a9ed2b
# Parent 212d37ac070125486a182c2095f3a87e7581b9dd
Bug 1654465 - Set -Cembed-bitcode=yes instead of CARGO_PROFILE_RELEASE_LTO. r=firefox-build-system-reviewers,rstewart, a=RyanVM
It turns out setting CARGO_PROFILE_RELEASE_LTO has unwanted side
First it's not actually strictly equivalent to using `cargo rustc --
-Clto`. For instance, it apparently also enables cross-language LTO in
newer versions of cargo.
Second, it changes the rust computed hash for all the dependencies of
the crate being built with the variable set, which makes them diverge
from when the same dependencies are built through another crate in the
tree that is not LTOed. This effectively makes us build a _lot_ of
crates twice, many of which are not cacheable.
Since the original problem is that cargo >= 1.45 passes extra flags (`-C
embed-bitcode=no`) to rustc that are incompatible with `-Clto`, and while
it knows to adjust based on the `lto` setting in the build profile
(which CARGO_PROFILE_RELEASE_LTO overrides the default of), cargo
ignores flags passed via `cargo rustc -- ...` when making those
So, we need to override with `-C embed-bitcode=yes` on our own at the
same time we pass `-Clto`. But doing that through `cargo rustc -- ...`
is not enough because all the dependencies of the crate built with
`-Clto` need to be built with `-C embed-bitcode=yes`. So we need to
override with `RUSTFLAGS`, which will affect all the dependencies.
But we also need to do this consistently across all crates, not only the
dependencies of crates built with `-Clto`, otherwise we'd still end up
building crates twice (once with and once without the override).
Unfortunately, the `-C embed-bitcode=*` flag is also not supported in
versions older than 1.45, so we have to avoid adding it on older
We unfortunately support a large range of versions of rustc (albeit only
for tools/crashreporter), but we actually need to upgrade the smaller
supported version because rustc < 1.38 doesn't support our top-level
Cargo.lock. This makes the version check slightly less awful.
Differential Revision:
diff --git a/config/makefiles/ b/config/makefiles/
index a9abcc9af4..b5c7973104 100644
--- a/config/makefiles/
+++ b/config/makefiles/
@@ -63,6 +63,11 @@ ifndef MOZ_DEBUG_RUST
ifeq (,$(findstring gkrust_gtest,$(RUST_LIBRARY_FILE)))
cargo_rustc_flags += -Clto
+# Versions of rust >= 1.45 need -Cembed-bitcode=yes for all crates when
+# using -Clto.
+ifeq (,$(filter 1.38.% 1.39.% 1.40.% 1.41.% 1.42.% 1.43.% 1.44.%,$(RUSTC_VERSION)))
+RUSTFLAGS += -Cembed-bitcode=yes
diff --git a/python/mozbuild/mozbuild/test/configure/ b/python/mozbuild/mozbuild/test/configure/
index e1921ece68..759d4d98cc 100755
--- a/python/mozbuild/mozbuild/test/configure/
+++ b/python/mozbuild/mozbuild/test/configure/
@@ -1796,13 +1796,6 @@ class RustTest(BaseConfigureTest):
arm_arch=7, fpu='neon', thumb2=True, float_abi='softfp')),
- self.assertEqual(
- self.get_rust_target('arm-unknown-linux-androideabi',
- version='1.32.0',
- arm_target=ReadOnlyNamespace(
- arm_arch=7, fpu='neon', thumb2=True, float_abi='softfp')),
- 'armv7-linux-androideabi')
@@ -1821,13 +1814,6 @@ class RustTest(BaseConfigureTest):
arm_arch=7, fpu='neon', thumb2=True, float_abi='hard')),
- self.assertEqual(
- self.get_rust_target('armv7-unknown-linux-gnueabihf',
- version='1.32.0',
- arm_target=ReadOnlyNamespace(
- arm_arch=7, fpu='neon', thumb2=True, float_abi='hard')),
- 'armv7-unknown-linux-gnueabihf')
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment