Merge branch 'develop'

diff --git a/VERSION b/VERSION
index 5904f7adec1a0d8e5e10d8e72fcff747645ef796..f99416236e9fc148fb5b694705c04492d60793dd 100644 (file)
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-7.2
+7.3

diff --git a/doc/download.texi b/doc/download.texi
index a9ee391bc1a2468416c754b55e8dc7f9af4f8bbe..f12e40ea8baf78ffde4f6cf12a3c246ca1ec54e3 100644 (file)
--- a/doc/download.texi
+++ b/doc/download.texi
@@ -18,6 +18,10 @@ Tarballs include all necessary required libraries:
 @multitable {XXXXX} {XXXX KiB} {link sign} {xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}
 @headitem Version @tab Size @tab Tarball @tab SHA256 checksum
 
+@item @ref{Release 7.2, 7.2} @tab 289 KiB
+@tab @url{download/govpn-7.2.tar.xz, link} @url{download/govpn-7.2.tar.xz.sig, sign}
+@tab @code{8C787DCD 6FFB718E 850F287E 959FCB45 7880A8A1 1C417BCA 17A86346 AC9BAAEE}
+
 @item @ref{Release 7.1, 7.1} @tab 289 KiB
 @tab @url{download/govpn-7.1.tar.xz, link} @url{download/govpn-7.1.tar.xz.sig, sign}
 @tab @code{DB656A87 508D6902 B9C8964D C20937BF C95E1E78 1998311F F8F85A95 F64862BB}

diff --git a/doc/news.ru.texi b/doc/news.ru.texi
index 3c764644d062b525c66f8df7f42847bdf3a9dc02..f00c3b1b1aa36fb30f98ac7de7dd8f845af3216c 100644 (file)
--- a/doc/news.ru.texi
+++ b/doc/news.ru.texi
@@ -1,6 +1,14 @@
 @node Новости
 @section Новости
 
+@node Релиз 7.3
+@subsection Релиз 7.3
+@itemize
+@item Исправлена редкая возможная ошибка падения сервера во время
+rehandshake процедуры.
+@item Обновлены зависимые криптографические библиотеки.
+@end itemize
+
 @node Релиз 7.2
 @subsection Релиз 7.2
 @itemize

diff --git a/doc/news.texi b/doc/news.texi
index 861004dc5032d49b3803e69d8daa65cc1fdb89bc..cb119e25ab565d8bb49dc1dc3edc9d72f5fe0e78 100644 (file)
--- a/doc/news.texi
+++ b/doc/news.texi
@@ -3,6 +3,14 @@
 
 See also this page @ref{Новости, on russian}.
 
+@node Release 7.3
+@section Release 7.3
+@itemize
+@item Fixed seldom possible segmentation fault on the server during
+rehandshake.
+@item Dependant cryptographic libraries are updated.
+@end itemize
+
 @node Release 7.2
 @section Release 7.2
 @itemize

diff --git a/ports/govpn/Makefile b/ports/govpn/Makefile
new file mode 100644 (file)
index 0000000..5d78be6
--- /dev/null
+++ b/ports/govpn/Makefile
@@ -0,0 +1,27 @@
+# $FreeBSD$
+
+PORTNAME=      govpn
+PORTVERSION=   7.3
+CATEGORIES=    security
+MASTER_SITES=  http://www.govpn.info/download/ \
+               http://sourceforge.net/projects/govpn/files/
+
+MAINTAINER=    stargrave@stargrave.org
+COMMENT=       Simple secure, DPI-resistant VPN daemon
+
+LICENSE=       GPLv3+
+LICENSE_FILE=  ${WRKSRC}/COPYING
+
+BUILD_DEPENDS= go:lang/go
+
+USES=          tar:xz
+MAKEFILE=      BSDmakefile
+
+PORTDOCS=      AUTHORS INSTALL NEWS README THANKS README.RU
+INFO=          govpn
+INSTALL_TARGET=        install-strip
+
+PLIST_FILES=   bin/govpn-server bin/govpn-client bin/govpn-verifier \
+               share/govpn/newclient.sh
+
+.include <bsd.port.mk>

diff --git a/ports/govpn/pkg-descr b/ports/govpn/pkg-descr
new file mode 100644 (file)
index 0000000..0981883
--- /dev/null
+++ b/ports/govpn/pkg-descr
@@ -0,0 +1,14 @@
+GoVPN is simple secure free software virtual private network daemon,
+aimed to be reviewable, secure, DPI/censorship-resistant, written on Go.
+
+It uses fast strong passphrase authenticated key agreement protocol with
+augmented zero-knowledge mutual peers authentication (PAKE DH A-EKE).
+Encrypted, authenticated data transport that hides message's length and
+timestamps. Optional encryptionless mode, that still preserves data
+confidentiality. Perfect forward secrecy property. Resistance to:
+offline dictionary attacks, replay attacks, client's passphrases
+compromising and dictionary attacks on the server side. Built-in
+heartbeating, rehandshaking, real-time statistics. Ability to work
+through UDP, TCP and HTTP proxies. IPv4/IPv6-compatibility.
+
+WWW: http://www.govpn.info/

diff --git a/src/cypherpunks.ru/govpn/cmd/govpn-server/main.go b/src/cypherpunks.ru/govpn/cmd/govpn-server/main.go
index 2beb396f6958409a2cf0f27f9e938e6a76558d47..3e80975587fbe6df3abd8572d9ae23d7ddea9aa1 100644 (file)
--- a/src/cypherpunks.ru/govpn/cmd/govpn-server/main.go
+++ b/src/cypherpunks.ru/govpn/cmd/govpn-server/main.go
@@ -132,7 +132,11 @@ MainCycle:
                                needsDeletion = ps.peer.LastPing.Add(timeout).Before(now)
                                ps.peer.BusyR.Unlock()
                                if needsDeletion {
-                                       govpn.Printf(`[peer-delete bind="%s" peer="%s"]`, *bindAddr, ps.peer)
+                                       govpn.Printf(
+                                               `[peer-delete bind="%s" peer="%s"]`,
+                                               *bindAddr,
+                                               ps.peer.ID.String(),
+                                       )
                                        delete(peers, addr)
                                        delete(knownPeers, addr)
                                        delete(peersByID, *ps.peer.ID)

diff --git a/src/cypherpunks.ru/govpn/cmd/govpn-server/tcp.go b/src/cypherpunks.ru/govpn/cmd/govpn-server/tcp.go
index c36da3fed3ca02f8610a7ff9040b679f3e4b3981..61eb1e07395fcc8b10ddf690d43b706b0f28300b 100644 (file)
--- a/src/cypherpunks.ru/govpn/cmd/govpn-server/tcp.go
+++ b/src/cypherpunks.ru/govpn/cmd/govpn-server/tcp.go
@@ -99,10 +99,18 @@ func handleTCP(conn net.Conn) {
                peersByIDLock.RLock()
                addrPrev, exists := peersByID[*peer.ID]
                peersByIDLock.RUnlock()
+               var peerPrev *PeerState
                if exists {
                        peersLock.Lock()
-                       peers[addrPrev].terminator <- struct{}{}
-                       tap = peers[addrPrev].tap
+                       peerPrev = peers[addrPrev]
+                       if peerPrev == nil {
+                               exists = false
+                               peersLock.Unlock()
+                       }
+               }
+               if exists {
+                       peerPrev.terminator <- struct{}{}
+                       tap = peerPrev.tap
                        ps = &PeerState{
                                peer:       peer,
                                tap:        tap,

diff --git a/src/cypherpunks.ru/govpn/cmd/govpn-server/udp.go b/src/cypherpunks.ru/govpn/cmd/govpn-server/udp.go
index cdcfb56996cc8492106f3f20797f315d8caa70df..037351778f566605fcc28733350ac60d663cc978 100644 (file)
--- a/src/cypherpunks.ru/govpn/cmd/govpn-server/udp.go
+++ b/src/cypherpunks.ru/govpn/cmd/govpn-server/udp.go
@@ -136,12 +136,20 @@ func startUDP() {
                        peersByIDLock.RLock()
                        addrPrev, exists = peersByID[*peer.ID]
                        peersByIDLock.RUnlock()
+                       var peerPrev *PeerState
                        if exists {
                                peersLock.Lock()
-                               peers[addrPrev].terminator <- struct{}{}
+                               peerPrev = peers[addrPrev]
+                               if peerPrev == nil {
+                                       exists = false
+                                       peersLock.Unlock()
+                               }
+                       }
+                       if exists {
+                               peerPrev.terminator <- struct{}{}
                                psNew := &PeerState{
                                        peer:       peer,
-                                       tap:        peers[addrPrev].tap,
+                                       tap:        peerPrev.tap,
                                        terminator: make(chan struct{}),
                                }
                                go func(peer *govpn.Peer, tap *govpn.TAP, terminator chan struct{}) {
@@ -196,7 +204,11 @@ func startUDP() {
                                        peersLock.Unlock()
                                        peersByIDLock.Unlock()
                                        kpLock.Unlock()
-                                       govpn.Printf(`[peer-created bind="%s" peer="%s"]`, *bindAddr, peer.ID.String())
+                                       govpn.Printf(
+                                               `[peer-created bind="%s" peer="%s"]`,
+                                               *bindAddr,
+                                               peer.ID.String(),
+                                       )
                                }(addr, peer)
                        }
                        udpBufs <- buf

diff --git a/src/golang.org/x/crypto b/src/golang.org/x/crypto
index 41d678d1df78cd0410143162dff954e6dc09300f..573951cbe80bb6352881271bb276f48749eab6f4 160000 (submodule)
--- a/src/golang.org/x/crypto
+++ b/src/golang.org/x/crypto
@@ -1 +1 @@
-Subproject commit 41d678d1df78cd0410143162dff954e6dc09300f
+Subproject commit 573951cbe80bb6352881271bb276f48749eab6f4

diff --git a/utils/makedist.sh b/utils/makedist.sh
index deff7783b9c02017ea73e84547bfacc5002d987d..3deab39ef1f53b5038561736b142ecd4b34a0733 100755 (executable)
--- a/utils/makedist.sh
+++ b/utils/makedist.sh
@@ -44,13 +44,14 @@ You can obtain releases source code prepared tarballs on
 @url{http://www.govpn.info/}.
 EOF
 make -C doc
-./utils/news.sh
+/bin/sh utils/news.sh
 rm -r doc/.well-known doc/govpn.html/.well-known utils/news.sh
 
 rm utils/makedist.sh
 find . -name .git -type d | xargs rm -fr
 find . -name .gitignore -delete
 rm .gitmodules
+rm -r ports
 
 cd ..
 tar cvf govpn-"$release".tar govpn-"$release"