Log message:
Make palemoon build on NetBSD/macppc.

Log message:
palemoon: mine

Log message:
palemoon: Update to 33.3.1

     v33.3.1 (2024-09-10)

   This is a minor security and bugfix update.

   Changes/fixes:
     * Backed out support for FFmpeg 7.0/libavcodec 61 (Linux) due to it
       causing a major regression in WebAudio (broken on all platforms). This
       is being worked on to re-land at a later date.
     * Restricted the NotifyPaintEvent interface to chrome code only; there
       is no reason (other than potential tracking/fingerprinting) to have
       this accessible from content.
     * Fixed a potentially exploitable issue in JavaScript (FetchName).
     * Fixed a code correctness issue in XPConnect when creating sandboxes.
       DiD
     * Added a warning for using externally handled usenet protocols.
     * Security issues addressed: CVE-2024-8383 and CVE-2024-8381.

Log message:
palemoon: update to 33.3.0

       Important notes with this version:

          * From this version forward, all 64-bit releases require a
            processor with AVX capabilities! Please keep en eye on the forum
            for announcements of 64-bit SSE builds by the community if you
            are on particularly old or otherwise limited hardware that does
            not support AVX.
          * For Linux users: Starting with this version, our binaries are
            built with gcc 11 on a still conservative but more modern build
            platform (Oracle Linux 8). As a result, there may be some lib
            incompatibilities if you are still running on a particularly old
            distro for some reason. While we try to serve as broad of a Linux
            base as possible with our binaries, our lowest common denominator
            will occasionally shift to newer distros as a result of O.S. life
            cycles, compiler capabilities and available libraries.

       Changes/fixes:

          * Implemented the bulk of the CSS "cascade layers" spec \ 
(@layer{}).
            This implementation is not 100% complete yet, but should satisfy
            common use of CSS cascade layers on the web.
          * Implemented support for Sec-Fetch-* headers, implementing another
            mechanism to deal with site security. See this part of the spec
            for a primer on what this does.
          * Added support for FFmpeg 7.0 / libavcodec 61 (Linux).
          * Pale Moon will now look up hosts in DNS ahead of time to make
            page navigation smoother. See implementation notes.
          * Pale Moon will now block access to the reserved address 0.0.0.0
            on non-Windows operating systems. See implementation notes.
          * Dev: Aligned rounding behavior and precision ranges of toFixed
            and related functions with the spec. See implementation notes.
          * Dev: Aligned isTrusted for PostMessage and BroadcastChannel with
            expected values on the web. See implementation notes.
          * Dev: Added the navigator.webdriver attribute for web
            compatibility (always false in Pale Moon as we do not support
            browser automation APIs).
          * Re-implemented the Durstenfeld shuffle for plugin enumeration
            that was unfortunately dropped with one of our past rebases, to
            strengthen fingerprinting resistance.
          * Fixed an issue with character clusters (e.g. for text selection)
            resulting from a regression surrounding our improvements for
            emoji handling.
          * Fixed an issue with setting DOM color values. DiD
          * Slightly improved password form handling, detecting previously
            unsupported field orders.
          * Updated NSS to 3.90.4.
          * Updated our emoji font to 15.1.2 (Unicode 15.1 with some
            additional extras/updates).
          * Code cleanup:
               * Removed unused code related to the (incomplete) FoxEye
                 experiment.
               * Removed support code for LibAV and (very) old versions of
                 FFmpeg. We require libavcodec 58 or later (FFmpeg 4.0+) from
                 this version forward (Linux).
               * Removed click event dispatching code that is no longer
                 relevant.
               * Cleaned up internal macro use in CSS code (this does not
                 impact any exposed APIs or code).
               * Removed the hidden network.dns.disablePrefetchFromHTTPS
                 pref. DNS prefetching should not be treated differently for
                 http and https.
          * Security issues addressed: CVE-2024-7531.

       Implementation notes:

          * Pale Moon will now pre-emptively look up the internet addresses
            in DNS for website navigation (e.g. from links). This speeds up
            navigation as there will be no delay for DNS lookups when users
            navigate to a new host or domain from the visited page. Please
            note that this only deals with DNS (i.e.: looking up the
            addresses of websites in the domain name system) and Pale Moon
            will not pre-emptively connect to the servers in question; it
            will just have the addresses for them ready in case the user
            decides to navigate to them.
            For some people, this may still be seen as a privacy issue (e.g.
            when the DNS server operated within an organization is tightly
            monitored for "unwanted traffic") as it will regularly fire DNS
            lookups for hosts or domains the user doesn't actually visit, so
            if this is a concern for you and you wish to revert to our
            previous behavior, go to Preferences -> Advanced -> tab
            "Network", and uncheck "Prefetch DNS lookups".
          * Pale Moon will no longer allow connecting to the "this machine"
            special reserved address 0.0.0.0 (and IPv6 equivalents
            [::]/[::0.0.0.0]) on operating systems other than Windows. This
            is to mitigate potentially unrestricted access to local resources
            on UNIX-like operating systems due to the way the network stack
            operates there. If needed for your use case, you can control this
            behavior through the preference network.dns.blockQuad0 -- if set
            to true, any attempt to connect to the reserved addresses will
            result in an error.
          * We aligned behavior of number conversions with what is generally
            expected on the web by mainstream browser engines and/or updated
            specs. Specifically, toFixed no longer accepts negative precision
            ranges, and toExponential will now round up at the midpoint in
            the decimal significand.
          * Initially, the mechanisms BroadcastChannel and MessagePort
            implicitly called for dispatched events to not be trusted, but
            since browsers marked them as trusted, this was in conflict with
            the spec. Eventually, the spec for this was changed to make them
            trusted in this case. Pale Moon now follows this behavior as
            well.

Log message:
palemoon: stop using system cairo, causes segfaults

internal cairo is modified significantly

Log message:
palemoon: Don't attempt to dlopen gtk3, causes issues on NetBSD

Log message:
palemoon: handle PLIST on non-amd64

Log message:
palemoon: initial arm64 support from mrg@

Log message:
palemoon: add workaround for netbsd-9 header bugs

Log message:
palemoon: alternative workaround for TLS handshake failures