Log message:
*: revbump for icu downgrade

Log message:
*: recursive bump for icu 76.1 shlib bump

Log message:
palemoon: Update to 33.4.0

     v33.4.0 (2024-10-08)

   This is a development, bugfix and security release.

   Changes/fixes:
     * Introduced the "ghostbuster" concept; this is an automated internal
       mechanism to attempt cleanup of particularly problematic web content
       after a tab or window is closed. See implementation notes.
     * Added support for the PROT_MPROTECT security feature on targets that
       use it (notably PaX and NetBSD).
     * Implemented preferences to give the user control over the Same-Origin
       Policy (SOP) and CORS preflight. See implementation notes.
     * Improved buildability on NetBSD and Altivec architectures.
     * Fixed building issues on Apple Silicon Mac with XCode 16.
     * Added workarounds for non-standard MSE/WebM/VPx encoding on YouTube
       that could cause video buffering and halting issues.
     * Dev: Changed the default credentials mode for module scripts from
       'omit' to 'same-origin', aligning with mainstream.
     * Dev: Implemented getTransform and setTransform with DOMMatrix
       arguments.
     * Dev: Implemented ES2023 Hashbang grammar proposal.
     * Fixed an issue with JavaScript's StructuredClone.
     * Security issues addressed: CVE-2024-9396.
     * Rejected: CVE-2024-9398 (properly informing the user about attempts to
       use unhandled protocols by web pages is considered more important than
       potential determination whether a handler for such a protocol is
       installed)

Log message:
palemoon: Import the rest of our nsprpub patches

It's unclear to me if these are strictly necessary with Pale Moon.
They appear to not affect browser stability for me.  However, since
they're bugs in the nsprpub library that Mozilla doesn't want to fix
(likely due to API compatibility?), and previously triggered crashes on
NetBSD, better safe than sorry.

Log message:
Add NetBSD/powerpc ALTIVEC cpu detection support.
Update info about some changes merged upstream already.

Log message:
Make the JS interpreter use powerpc atomic ops on NetBSD/powerpc

Log message:
Make palemoon build on NetBSD/macppc.

Log message:
palemoon: mine

Log message:
palemoon: Update to 33.3.1

     v33.3.1 (2024-09-10)

   This is a minor security and bugfix update.

   Changes/fixes:
     * Backed out support for FFmpeg 7.0/libavcodec 61 (Linux) due to it
       causing a major regression in WebAudio (broken on all platforms). This
       is being worked on to re-land at a later date.
     * Restricted the NotifyPaintEvent interface to chrome code only; there
       is no reason (other than potential tracking/fingerprinting) to have
       this accessible from content.
     * Fixed a potentially exploitable issue in JavaScript (FetchName).
     * Fixed a code correctness issue in XPConnect when creating sandboxes.
       DiD
     * Added a warning for using externally handled usenet protocols.
     * Security issues addressed: CVE-2024-8383 and CVE-2024-8381.

Log message:
palemoon: update to 33.3.0

       Important notes with this version:

          * From this version forward, all 64-bit releases require a
            processor with AVX capabilities! Please keep en eye on the forum
            for announcements of 64-bit SSE builds by the community if you
            are on particularly old or otherwise limited hardware that does
            not support AVX.
          * For Linux users: Starting with this version, our binaries are
            built with gcc 11 on a still conservative but more modern build
            platform (Oracle Linux 8). As a result, there may be some lib
            incompatibilities if you are still running on a particularly old
            distro for some reason. While we try to serve as broad of a Linux
            base as possible with our binaries, our lowest common denominator
            will occasionally shift to newer distros as a result of O.S. life
            cycles, compiler capabilities and available libraries.

       Changes/fixes:

          * Implemented the bulk of the CSS "cascade layers" spec \ 
(@layer{}).
            This implementation is not 100% complete yet, but should satisfy
            common use of CSS cascade layers on the web.
          * Implemented support for Sec-Fetch-* headers, implementing another
            mechanism to deal with site security. See this part of the spec
            for a primer on what this does.
          * Added support for FFmpeg 7.0 / libavcodec 61 (Linux).
          * Pale Moon will now look up hosts in DNS ahead of time to make
            page navigation smoother. See implementation notes.
          * Pale Moon will now block access to the reserved address 0.0.0.0
            on non-Windows operating systems. See implementation notes.
          * Dev: Aligned rounding behavior and precision ranges of toFixed
            and related functions with the spec. See implementation notes.
          * Dev: Aligned isTrusted for PostMessage and BroadcastChannel with
            expected values on the web. See implementation notes.
          * Dev: Added the navigator.webdriver attribute for web
            compatibility (always false in Pale Moon as we do not support
            browser automation APIs).
          * Re-implemented the Durstenfeld shuffle for plugin enumeration
            that was unfortunately dropped with one of our past rebases, to
            strengthen fingerprinting resistance.
          * Fixed an issue with character clusters (e.g. for text selection)
            resulting from a regression surrounding our improvements for
            emoji handling.
          * Fixed an issue with setting DOM color values. DiD
          * Slightly improved password form handling, detecting previously
            unsupported field orders.
          * Updated NSS to 3.90.4.
          * Updated our emoji font to 15.1.2 (Unicode 15.1 with some
            additional extras/updates).
          * Code cleanup:
               * Removed unused code related to the (incomplete) FoxEye
                 experiment.
               * Removed support code for LibAV and (very) old versions of
                 FFmpeg. We require libavcodec 58 or later (FFmpeg 4.0+) from
                 this version forward (Linux).
               * Removed click event dispatching code that is no longer
                 relevant.
               * Cleaned up internal macro use in CSS code (this does not
                 impact any exposed APIs or code).
               * Removed the hidden network.dns.disablePrefetchFromHTTPS
                 pref. DNS prefetching should not be treated differently for
                 http and https.
          * Security issues addressed: CVE-2024-7531.

       Implementation notes:

          * Pale Moon will now pre-emptively look up the internet addresses
            in DNS for website navigation (e.g. from links). This speeds up
            navigation as there will be no delay for DNS lookups when users
            navigate to a new host or domain from the visited page. Please
            note that this only deals with DNS (i.e.: looking up the
            addresses of websites in the domain name system) and Pale Moon
            will not pre-emptively connect to the servers in question; it
            will just have the addresses for them ready in case the user
            decides to navigate to them.
            For some people, this may still be seen as a privacy issue (e.g.
            when the DNS server operated within an organization is tightly
            monitored for "unwanted traffic") as it will regularly fire DNS
            lookups for hosts or domains the user doesn't actually visit, so
            if this is a concern for you and you wish to revert to our
            previous behavior, go to Preferences -> Advanced -> tab
            "Network", and uncheck "Prefetch DNS lookups".
          * Pale Moon will no longer allow connecting to the "this machine"
            special reserved address 0.0.0.0 (and IPv6 equivalents
            [::]/[::0.0.0.0]) on operating systems other than Windows. This
            is to mitigate potentially unrestricted access to local resources
            on UNIX-like operating systems due to the way the network stack
            operates there. If needed for your use case, you can control this
            behavior through the preference network.dns.blockQuad0 -- if set
            to true, any attempt to connect to the reserved addresses will
            result in an error.
          * We aligned behavior of number conversions with what is generally
            expected on the web by mainstream browser engines and/or updated
            specs. Specifically, toFixed no longer accepts negative precision
            ranges, and toExponential will now round up at the midpoint in
            the decimal significand.
          * Initially, the mechanisms BroadcastChannel and MessagePort
            implicitly called for dispatched events to not be trusted, but
            since browsers marked them as trusted, this was in conflict with
            the spec. Eventually, the spec for this was changed to make them
            trusted in this case. Pale Moon now follows this behavior as
            well.