merge 3.0.5 branch

4 files changed, 51 insertions, 33 deletions

diff --git a/ChangeLog b/ChangeLog
index 76f4cb67..007a724f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -23,6 +23,23 @@ dillo-3.1 [not released yet]
  - Work on collapsing spaces: more cases supported.
  - Fix crash that's possible searching for text while page still being built.
    Patches: Sebastian Geerken
++- HTML5 character references.
+ - Give images lower priority when requesting resources (responsiveness).
+ - Reuse of connections for HTTP (enable w/ http_persistent_conns in dillorc).
+ - Abort failed queries.
+   Patches: corvid
++- Doxygen fixes.
+   Patch: Jeremy Henty
++- Move HTTPS from dpi into the browser, enable SNI, add certificate hostname
+   checking from wget, check more locations for CA bundles and add
+   --with-ca-certs-file and --with-ca-certs-dir to configure, some improvement
+   to security warning popups, etc.
+   Patch: corvid, Benjamin Johnson
+
+-----------------------------------------------------------------------------
+
+dillo-3.0.5 [June 30, 2015]
+
 +- Image buffer/cache improvements.
  - Fix for segfault when there's no dpid and view source is requested.
  - Fix view-source dpi to handle null characters correctly.
@@ -30,30 +47,19 @@ dillo-3.1 [not released yet]
    Patches: Jorge Arellano Cid
 +- Crosscompile/buildroot-friendly fltk-config test.
    Patch: Peter Seiderer
-+- HTML5 character references.
- - Give images lower priority when requesting resources (responsiveness).
- - Reuse of connections for HTTP (enable w/ http_persistent_conns in dillorc).
- - Fix X11 icon name.
- - Abort failed queries.
++- Fix X11 icon name.
  - In location bar, tend toward showing beginning of URL instead of end.
  - Handle irix's version of vsnprintf().
  - INPUT, TEXTAREA placeholder attribute.
  - Better notification when user's domainrc settings block page redirection.
  - Fix bug with font_factor preference and CSS font-size:(larger|smaller).
  - Recognize Menu key in keysrc.
+ - HTTPS: change cipher list to "ALL:!aNULL:!eNULL:!LOW:!EXPORT40:!RC4",
+   disable SSL3, disable TLS compression.
    Patches: corvid
 +- Avoid requesting background images if an ancestor has display:none.
  - Ignore built-in search url if any are specified in dillorc.
    Patches: Johannes Hofmann
-+- Doxygen fixes.
-   Patch: Jeremy Henty
-+- Move HTTPS from dpi into the browser, enable SNI, add certificate hostname
-   checking from wget, check more locations for CA bundles and add
-   --with-ca-certs-file and --with-ca-certs-dir to configure, some improvement
-   to security warning popups, change cipher list from "ALL" to
-   "ALL:!aNULL:!eNULL:!LOW:!EXPORT40:!RC4", disable SSL3, disable TLS
-   compression, etc.
-   Patch: corvid, Benjamin Johnson
 
 -----------------------------------------------------------------------------
 
diff --git a/README b/README
index be71ecf1..ea6dd41d 100644
--- a/README
+++ b/README
@@ -53,8 +53,8 @@ FLTK-1.3
 Dillo3
 ------
 
-     tar jxvf dillo-3.0.4.1.tar.bz2
-     cd dillo-3.0.4.1
+     tar jxvf dillo-3.0.5.tar.bz2
+     cd dillo-3.0.5
      ./configure; make
      sudo make install-strip
 
diff --git a/dpi/https.c b/dpi/https.c
index da75b9e8..766b3afb 100644
--- a/dpi/https.c
+++ b/dpi/https.c
@@ -22,11 +22,12 @@
  * (at your option) any later version.
  *
  * As a special exception permission is granted to link the code of
- * the https dillo plugin with the OpenSSL project's "OpenSSL"
- * library, and distribute the linked executables, without including
- * the source code for OpenSSL in the source distribution. You must
- * obey the GNU General Public License, version 3, in all respects
- * for all of the code used other than "OpenSSL".
+ * the https dillo plugin with the OpenSSL project's OpenSSL library
+ * (or a modified version of that library), and distribute the linked
+ * executables, without including the source code for the SSL library
+ * in the source distribution. You must obey the GNU General Public
+ * License, version 3, in all respects for all of the code used other
+ * than the SSL library.
  *
  */
 
@@ -193,9 +194,11 @@ static void yes_ssl_support(void)
    if (exit_error == 0){
       /* Don't want: eNULL, which has no encryption; aNULL, which has no
        * authentication; LOW, which as of 2014 use 64 or 56-bit encryption;
-       * EXPORT40, which uses 40-bit encryption.
+       * EXPORT40, which uses 40-bit encryption; RC4, for which methods were
+       * found in 2013 to defeat it somewhat too easily.
        */
-      SSL_CTX_set_cipher_list(ssl_context, "ALL:!aNULL:!eNULL:!LOW:!EXPORT40");
+      SSL_CTX_set_cipher_list(ssl_context,
+                              "ALL:!aNULL:!eNULL:!LOW:!EXPORT40:!RC4");
 
       /* Need to do this if we want to have the option of dealing
        * with self-signed certs
diff --git a/src/IO/about.c b/src/IO/about.c
index 1fe6485b..07dbbb01 100644
--- a/src/IO/about.c
+++ b/src/IO/about.c
@@ -270,23 +270,32 @@ const char *const AboutSplash=
 "<tr>\n"
 " <td bgcolor='#CCCCCC'>\n"
 "  <h4>Release overview</h4>\n"
-"  December 24, 2014\n"
+"  June 30, 2015\n"
 "<tr>\n"
 " <td bgcolor='#FFFFFF'>\n"
 "  <table border='0' cellspacing='0' cellpadding='5'>\n"
 "  <tr>\n"
 "   <td>\n"
 "<p>\n"
-"The dillo-3.0.4.1 release brings you fixes:\n"
+"Among the changes in dillo-3.0.5 are:\n"
 "<ul>\n"
-"<li> for linking with the recently-released fltk-1.3.3\n"
-" (we don't use <tt>fl_oldfocus</tt> anymore).\n"
-"<li> to make sure that windows are resizable with fltk-1.3.3.\n"
-"<li> not to load background images, or follow redirections or meta refresh,\n"
-"     in <tt>--local</tt> mode (security).\n"
-"<li> to permit linking on OS X (remove our <tt>Fl_Printer</tt> stub).\n"
-"<li> for a crash when searching from the address bar and no search urls are\n"
-"     found in dillorc.\n"
+"<li>Image buffer/cache improvements.\n"
+"<li>Fix for segfault when there's no dpid and view source is requested.\n"
+"<li>Fix view-source dpi to handle null characters correctly.\n"
+"<li>Made view-source dpi use CSS formatting (it's shorter and cleaner).\n"
+"<li>Crosscompile/buildroot-friendly fltk-config test.\n"
+"<li>Fix X11 icon name.\n"
+"<li>In location bar, tend toward showing beginning of URL instead of end.\n"
+"<li>Handle irix's version of vsnprintf().\n"
+"<li>INPUT, TEXTAREA placeholder attribute.\n"
+"<li>Better notification when user's domainrc settings block page\n"
+"    redirection.\n"
+"<li>Fix bug with font_factor preference and CSS font-size:(larger|smaller).\n"
+"<li>Recognize Menu key in keysrc.\n"
+"<li>HTTPS: change cipher list to \"ALL:!aNULL:!eNULL:!LOW:!EXPORT40:!RC4\",\n"
+"    disable SSL3, disable TLS compression.\n"
+"<li>Avoid requesting background images if an ancestor has display:none.\n"
+"<li>Ignore built-in search url if any are specified in dillorc.\n"
 "</ul>\n"
 "<p>\n"
 "...that shouldn't have to wait until dillo-3.1 is ready with its floating\n"