pm 28.11.0-1 rc1, dpkg and rpm

   bring in 32-bit memory mod for rpm, to match dpkg, from
   https://forum.palemoon.org/viewtopic.php?f=37&t=24737&p=193746

8 files changed, 157 insertions, 23 deletions

diff --git a/palemoon/debian/changelog b/palemoon/debian/changelog
index 192aad6..0d57595 100644
--- a/palemoon/debian/changelog
+++ b/palemoon/debian/changelog
@@ -1,3 +1,58 @@
+palemoon (28.11.0-1+devuan) obs; urgency=medium
+
+  * This is a development, bugfix and security update.
+    - Changed storage format for certificates and passwords to SQLite.
+    - Added a preference (browser.tabs.insertAllAfterCurrent) to enable
+      always adding new tabs after the current tab, whether related or not.
+    - Changed the way Firefox extensions are displayed in the add-on
+      manager (provide a clear warning).
+    - Denied other types of add-ons that aren't explicitly targeting
+      Pale Moon's ID.
+    - Improved the browser's DPI-awareness to be per-monitor instead of
+      system-wide, on supported Windows operating systems.
+    - Updated bookmark backups code with the other half of what should
+      have been done way back when, so they work fully as-intended.
+    - Added a preference
+      (browser.bookmarks.editDialog.showForNewBookmarks) to enable
+      immediately showing the edit dialog for new bookmarks.
+    - If set to true, clicking the star in the address bar will pop
+      open the edit dialog immediately for changing details/sorting.
+    - Fixed the useragent string in native mode, and updated UA code to
+      properly respond to live changes to some preferences.
+    - Tidied up front-end browser JavaScript.
+    - Changed the way sources are compiled (on-going de-unification).
+    - Improved compatibility with gcc v10
+    - Removed support for the obsolete and unmaintained NVidia 3DVision
+      stereoscopic interface.
+    - Fixed some build issues in non-standard configurations.
+    - Fixed wrong positions when calculating the position for
+      position:absolute child inside a table.
+    - Aligned file name extension of saved url files with other
+      applications (lower case)
+    - Fixed building with --disable-webspeech (to disable speech
+      synthesis)
+    - Added global menubar support for GTK.
+    - Implemented node.getRootNode
+    - Implemented AbortController (Abort API)
+    - Improved the uninstaller to use elevation when prudent and
+      actually remove program files.
+    - Fixed a rare issue with editable page content.
+    - Fixed a crash related to ES module scripts.
+    - Aligned ES module scripting better with the current spec and
+      removed eager instantiation.
+    - Fixed a potential issue with the JPEG encoder. (CVE-2020-12422)
+      DiD
+    - Fixed a potential issue with AppCache manifests. DiD
+    - Fixed a potential crash in JavaScript date parsing.
+    - Fixed a problem with RSA key generation that would make it
+      potentially vulnerable to side-channel attacks. (CVE-2020-12402)
+    - Fixed a potential crash due to multithread race condition. DiD
+    - Fixed a correctness issue in URL handling. (CVE-2020-12418) DiD
+    - Unified XUL Platform Mozilla Security Patch Summary: 2 fixed, 4
+      defense-in-depth, 10 not applicable.
+
+ -- Ben Stack <bgstack15@gmail.com>  Tue, 14 Jul 2020 14:28:53 -0400
+
 palemoon (28.10.0-1+devuan) obs; urgency=medium
 
   * This is a development, bugfix and security update.
@@ -755,7 +810,7 @@ palemoon (28.1.0~repack-1) obs; urgency=medium
     - Fixed toolbar styling in toolkit themes.
     - Fixed viewing the source of a selection.
 
-  * Now has full support for gcc-8, so stop forcing gcc-7 build on Buster and 
+  * Now has full support for gcc-8, so stop forcing gcc-7 build on Buster and
     recent Ubuntus where gcc-8 is default.
 
  -- Steven Pusser <stevep@mxlinux.org>  Mon, 17 Sep 2018 19:05:20 -0700
@@ -834,8 +889,8 @@ palemoon (27.9.4~repack-1~mx17+1) mx; urgency=medium
     - Prevented various location-based threats. DiD
     - Fixed a potential vulnerability with plugins being redirected to different
       origins (CVE-2018-12364).
-    - Improved the security check for launching executable files 
-      (by association) on Windows from the browser. For users who have (most 
+    - Improved the security check for launching executable files
+      (by association) on Windows from the browser. For users who have (most
       likely accidentally) granted a system-wide waiver for opening these kinds
       of files without being prompted, this permission has been reset.
     - Fixed an issue with invalid qcms transforms (CVE-2018-12366).
@@ -852,13 +907,13 @@ palemoon (27.9.4~repack-1~mx17+1) mx; urgency=medium
 palemoon (27.9.3~repack-1~mx17+1) mx; urgency=medium
 
   * New upstream security update:
-  
+
     - Changes/fixes:
-      - (CVE-2017-0381) Ported a patch from libopus upstream. Note, contrary to 
-        that report, the libopus maintainers state they don't believe remote 
+      - (CVE-2017-0381) Ported a patch from libopus upstream. Note, contrary to
+        that report, the libopus maintainers state they don't believe remote
         code execution was possible, so this was not a critical patch.
       - Fixed an issue with task counting in JS GC.
-      - Fixed a use-after-free in DOMProxyHandler::EnsureExpandoObject (thanks 
+      - Fixed a use-after-free in DOMProxyHandler::EnsureExpandoObject (thanks
         to Berk Cem Göksel for reporting).
 
  -- Steven Pusser <stevep@mxlinux.org>  Tue, 12 Jun 2018 11:12:06 -0700
@@ -871,18 +926,18 @@ palemoon (27.9.2~repack-1~mx17+1) mx; urgency=medium
       - We changed the language strings for softblocked items so people will cry
         less when we do our job.
       - (CVE-2018-5174) Prevent potential SmartScreen bypass on Windows 10.
-      - (CVE-2018-5173) Fixed an issue in the Downloads panel improperly 
-        rendering some Unicode characters, allowing for the file name to be 
-        spoofed. This could be used to obscure the file extension of potentially 
+      - (CVE-2018-5173) Fixed an issue in the Downloads panel improperly
+        rendering some Unicode characters, allowing for the file name to be
+        spoofed. This could be used to obscure the file extension of potentially
         executable files from user view in the panel.
       - (CVE-2018-5177) Fixed a vulnerability in the XSLT component leading to a
         buffer overflow and crash if it occurs.
-      - (CVE-2018-5159) Fixed an integer overflow vulnerability in the Skia 
+      - (CVE-2018-5159) Fixed an integer overflow vulnerability in the Skia
         library resulting in possible out-of-bounds writes.
       - (CVE-2018-5154) Fixed a use-after-free vulnerability while enumerating
         attributes during SVG animations with clip paths.
-      - (CVE-2018-5178) Fixed a buffer overflow during UTF8 to Unicode string 
-        conversion within JavaScript with extremely large amounts of data. This 
+      - (CVE-2018-5178) Fixed a buffer overflow during UTF8 to Unicode string
+        conversion within JavaScript with extremely large amounts of data. This
         vulnerability requires the use of a malicious or vulnerable extension in
         order to occur.
       - Fixed several stability issues (crashes) and memory safety hazards.
diff --git a/palemoon/debian/control b/palemoon/debian/control
index e9fa32b..e532400 100644
--- a/palemoon/debian/control
+++ b/palemoon/debian/control
@@ -8,21 +8,17 @@ Build-Depends: debhelper (>= 12),
    autoconf2.13,
    libasound2-dev,
    libdbus-glib-1-dev (>= 0.60),
-   libfontconfig-dev,
    libgconf2-dev (>= 1.2.1),
    libgtk2.0-dev (>= 2.14),
    libssl-dev,
    libx11-xcb-dev,
    libxt-dev,
-   lsb-release,
    mesa-common-dev,
    pkg-config,
    python (>= 2.7),
    unzip,
    yasm (>= 1.1),
    zip,
-   zlib1g-dev,
-# libfontconfig-dev only added for Debian OBS which is choking as of 2020-04 on libfontconfig-dev | libfontconfig1-dev for deps: libgtk-3-dev, libpango1.0-dev, libcairo2-dev, libxft-dev
 Standards-Version: 3.9.6
 Homepage: http://www.palemoon.org/
 
@@ -30,7 +26,7 @@ Package: palemoon
 Architecture: any
 Depends: ${shlibs:Depends}, ${misc:Depends},
          libavcodec54 | libavcodec-extra54 |libavcodec55 | libavcodec-extra55 | libavcodec56 | libavcodec-extra56 | libavcodec57 | libavcodec-extra57 | libavcodec58 | libavcodec-extra58 | libavcodec-ffmpeg56 | libavcodec-ffmpeg-extra56
-Provides: x-www-browser
+Provides: gnome-www-browser, www-browser, x-www-browser
 Conflicts: palemoon-nonsse2
 Replaces: palemoon-nonsse2
 Description: Firefox-based, efficient and easy to use web browser
diff --git a/palemoon/debian/palemoon_devuan.dsc b/palemoon/debian/palemoon_devuan.dsc
index 3e314ec..e373faf 100644
--- a/palemoon/debian/palemoon_devuan.dsc
+++ b/palemoon/debian/palemoon_devuan.dsc
@@ -2,11 +2,11 @@ Format: 3.0 (quilt)
 Source: palemoon
 Binary: palemoon
 Architecture: any
-Version: 28.10.0-1+devuan
+Version: 28.11.0-1+devuan
 Maintainer: B Stack <bgstack15@gmail.com>
 Homepage: http://www.palemoon.org/
 Standards-Version: 4.1.4
-Build-Depends: debhelper (>= 12), autoconf2.13, libasound2-dev, libdbus-glib-1-dev (>= 0.60), libgconf2-dev (>= 1.2.1), libgtk2.0-dev (>= 2.14), libssl-dev, libx11-xcb-dev, libxt-dev, lsb-release, mesa-common-dev, pkg-config, python (>= 2.7), unzip, yasm (>= 1.1), zip, zlib1g-dev, libfontconfig-dev
+Build-Depends: debhelper (>= 12), autoconf2.13, libasound2-dev, libdbus-glib-1-dev (>= 0.60), libgconf2-dev (>= 1.2.1), libgtk2.0-dev (>= 2.14), libssl-dev, libx11-xcb-dev, libxt-dev, mesa-common-dev, pkg-config, python (>= 2.7), unzip, yasm (>= 1.1), zip
 Package-List:
  palemoon deb web optional arch=any
 Files:
diff --git a/palemoon/debian/patches/fix_arm_FTBFS.patch b/palemoon/debian/patches/fix_arm_FTBFS.patch
new file mode 100644
index 0000000..a8b1582
--- /dev/null
+++ b/palemoon/debian/patches/fix_arm_FTBFS.patch
@@ -0,0 +1,78 @@
+Description: Fix build failure on armhf arch
+Author: Steven Pusser <stevep@mxlinux.org>
+Last-Update: 2020-06-09
+
+--- palemoon-28.10.0.orig/platform/js/src/wasm/WasmBaselineCompile.cpp
++++ palemoon-28.10.0/platform/js/src/wasm/WasmBaselineCompile.cpp
+@@ -3391,7 +3391,7 @@ class BaseCompiler
+ #ifdef JS_CODEGEN_ARM
+     void
+     loadI32(MemoryAccessDesc access, bool isSigned, RegI32 ptr, Register rt) {
+-        if (access.byteSize() > 1 && IsUnaligned(ins->access())) {
++        if (access.byteSize() > 1 && IsUnaligned(access)) {
+             masm.add32(HeapReg, ptr.reg);
+             SecondScratchRegisterScope scratch(*this);
+             masm.emitUnalignedLoad(isSigned, access.byteSize(), ptr.reg, scratch, rt, 0);
+@@ -3405,7 +3405,7 @@ class BaseCompiler
+ 
+     void
+     storeI32(MemoryAccessDesc access, RegI32 ptr, Register rt) {
+-        if (access.byteSize() > 1 && IsUnaligned(ins->access())) {
++        if (access.byteSize() > 1 && IsUnaligned(access)) {
+             masm.add32(HeapReg, ptr.reg);
+             masm.emitUnalignedStore(access.byteSize(), ptr.reg, rt, 0);
+         } else {
+@@ -3419,7 +3419,7 @@ class BaseCompiler
+ 
+     void
+     loadI64(MemoryAccessDesc access, RegI32 ptr, RegI64 dest) {
+-        if (IsUnaligned(ins->access())) {
++        if (IsUnaligned(access)) {
+             masm.add32(HeapReg, ptr.reg);
+             SecondScratchRegisterScope scratch(*this);
+             masm.emitUnalignedLoad(IsSigned(false), ByteSize(4), ptr.reg, scratch, dest.reg.low,
+@@ -3440,7 +3440,7 @@ class BaseCompiler
+ 
+     void
+     storeI64(MemoryAccessDesc access, RegI32 ptr, RegI64 src) {
+-        if (IsUnaligned(ins->access())) {
++        if (IsUnaligned(access)) {
+             masm.add32(HeapReg, ptr.reg);
+             masm.emitUnalignedStore(ByteSize(4), ptr.reg, src.reg.low, 0);
+             masm.emitUnalignedStore(ByteSize(4), ptr.reg, src.reg.high, 4);
+@@ -3459,7 +3459,7 @@ class BaseCompiler
+     void
+     loadF32(MemoryAccessDesc access, RegI32 ptr, RegF32 dest, RegI32 tmp1) {
+         masm.add32(HeapReg, ptr.reg);
+-        if (IsUnaligned(ins->access())) {
++        if (IsUnaligned(access)) {
+             SecondScratchRegisterScope scratch(*this);
+             masm.emitUnalignedLoad(IsSigned(false), ByteSize(4), ptr.reg, scratch, tmp1.reg, 0);
+             masm.ma_vxfer(tmp1.reg, dest.reg);
+@@ -3473,7 +3473,7 @@ class BaseCompiler
+     void
+     storeF32(MemoryAccessDesc access, RegI32 ptr, RegF32 src, RegI32 tmp1) {
+         masm.add32(HeapReg, ptr.reg);
+-        if (IsUnaligned(ins->access())) {
++        if (IsUnaligned(access)) {
+             masm.ma_vxfer(src.reg, tmp1.reg);
+             masm.emitUnalignedStore(ByteSize(4), ptr.reg, tmp1.reg, 0);
+         } else {
+@@ -3486,7 +3486,7 @@ class BaseCompiler
+     void
+     loadF64(MemoryAccessDesc access, RegI32 ptr, RegF64 dest, RegI32 tmp1, RegI32 tmp2) {
+         masm.add32(HeapReg, ptr.reg);
+-        if (IsUnaligned(ins->access())) {
++        if (IsUnaligned(access)) {
+             SecondScratchRegisterScope scratch(*this);
+             masm.emitUnalignedLoad(IsSigned(false), ByteSize(4), ptr.reg, scratch, tmp1.reg, 0);
+             masm.emitUnalignedLoad(IsSigned(false), ByteSize(4), ptr.reg, scratch, tmp2.reg, 4);
+@@ -3501,7 +3501,7 @@ class BaseCompiler
+     void
+     storeF64(MemoryAccessDesc access, RegI32 ptr, RegF64 src, RegI32 tmp1, RegI32 tmp2) {
+         masm.add32(HeapReg, ptr.reg);
+-        if (IsUnaligned(ins->access())) {
++        if (IsUnaligned(access)) {
+             masm.ma_vxfer(src.reg, tmp1.reg, tmp2.reg);
+             masm.emitUnalignedStore(ByteSize(4), ptr.reg, tmp1.reg, 0);
+             masm.emitUnalignedStore(ByteSize(4), ptr.reg, tmp2.reg, 4);
diff --git a/palemoon/debian/patches/series b/palemoon/debian/patches/series
index 054d3bf..0a417be 100644
--- a/palemoon/debian/patches/series
+++ b/palemoon/debian/patches/series
@@ -1,3 +1,4 @@
 small-icons.patch
 bgstack15-palemoon.patch
 pm-devuan.patch
+fix_arm_FTBFS.patch
diff --git a/palemoon/debian/rules b/palemoon/debian/rules
index 5705c90..d970f5e 100755
--- a/palemoon/debian/rules
+++ b/palemoon/debian/rules
@@ -4,6 +4,7 @@ export SHELL=/bin/bash
 
 ## borrowed from stevepusser's logic
 ## Build with gcc-8 on Buster (beowulf/ceres)
+## If you enable this, then d/control needs lsb-release as a build dependency.
 #distrelease := $(shell lsb_release -cs)
 #ifeq ($(distrelease),$(filter $(distrelease),buster beowulf/ceres))
 #export CC=gcc-8
diff --git a/palemoon/palemoon-mozconfig b/palemoon/palemoon-mozconfig
index 3a3c1de..e377731 100644
--- a/palemoon/palemoon-mozconfig
+++ b/palemoon/palemoon-mozconfig
@@ -2,7 +2,7 @@ mk_add_options AUTOCLOBBER=1
 mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/pmbuild
 ac_add_options --enable-application=palemoon
 
-ac_add_options --enable-optimize="-O2"
+ac_add_options --enable-optimize="-O2 -Wl,--no-keep-memory -Wl,--reduce-memory-overhead"
 
 ac_add_options --enable-official-branding
 ac_add_options --enable-official-vendor
diff --git a/palemoon/palemoon.spec b/palemoon/palemoon.spec
index b130f4c..b9c7454 100644
--- a/palemoon/palemoon.spec
+++ b/palemoon/palemoon.spec
@@ -5,7 +5,7 @@
 %global stackrpms_custom 1
 # derive from inside the full source tree or from notes at https://github.com/MoonchildProductions/Pale-Moon/releases
 # git submodule | awk -v "name=platform" '$2 == name {gsub("-","",$1); print $1}'
-%global submodule_platform_tag RELBASE_20200603
+%global submodule_platform_tag RELBASE_20200712
 
 # additional repos to get python27 and devtoolset-7
 # for el6 and el7: Software Collection;, for x86_64 only
@@ -42,7 +42,7 @@ Name:		palemoon-stackrpms
 Name:    palemoon
 %endif
 Summary:	Pale Moon web browser
-Version:	28.10.0
+Version:	28.11.0
 Release:	1
 
 Group:	Networking/Web
@@ -285,6 +285,9 @@ update-mime-database -n ${_datadir}/mime 1>/dev/null 2>&1 & :
 %doc AUTHORS LICENSE
 
 %changelog
+* Tue Jul 14 2020 B Stack <bgstack15@gmail.com> - 28.11.0-1
+- update version
+
 * Fri Jun 05 2020 B Stack <bgstack15@gmail.com> - 28.10.0-1
 - update version