NEWS        | 11 +++++++++++
 README      |  1 +
 makedist.sh | 22 ++++++++++------------
 news.texi   | 14 ++++++++++++++
 www.texi    |  1 +

diff --git a/NEWS b/NEWS
index d7854f6be35d919c79b3926a37c40eb74cf929e16c1de166f993f80de70e77c4..0d3b5fcba5440fdc140aafc3f1b571a2e1296de74282fa9f2a9a84ee7d1b1ad7 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,14 @@
+4.0:
+    * Backward incompatible change: all keys passing to encryption
+      functions are slices now, not the fixed arrays. That heavily
+      simplifies the library usage
+    * Fix bug with overwriting IVs memory in gost28147.CFB*crypter
+    * TLSTREE, used in TLS 1.[23], implementation
+    * gost3410.KEK2012* can be used with any curves, not only 512-bit ones
+    * gost3410.PrivateKey satisfies crypto.Signer interface
+    * gost34112012* hashes satisfy encoding.Binary(Un)Marshaler
+    * Streebog256 HKDF test vectors
+
 3.0:
     * Multilinear Galois Mode (MGM) block cipher mode for
       64 and 128 bit ciphers
diff --git a/README b/README
index 80fbbb68271a2017dc4cce4d6ef631115a5cba2866aa855de11ed1103c7682c1..e30873ea6196ed343d2cb5f83ceaa5b551ae5d234eeb2f1e7741c6344e431c8f 100644
--- a/README
+++ b/README
@@ -19,6 +19,7 @@ * GOST R 34.12-2015 128-bit block cipher Кузнечик (Kuznechik) (RFC 7801)
 * GOST R 34.12-2015 64-bit block cipher Магма (Magma)
 * GOST R 34.13-2015 padding methods
 * MGM AEAD mode for 64 and 128 bit ciphers
+* TLSTREE keyscheduling function
 
 Known problems:
 
diff --git a/makedist.sh b/makedist.sh
index 0d00379ca8125b2bc9c14d3019c7e3555c523a5c768428c60cdea30391c2739b..1a6ea480b427b564dd5f1631e3ecaa8e4f35e7436f3b6771ea1ac16aa59b1e8e 100755
--- a/makedist.sh
+++ b/makedist.sh
@@ -8,20 +8,18 @@
 git clone . $tmp/gogost-$release
 cd $tmp/gogost-$release
 git checkout $release
-git submodule update --init
 
-mkdir -p src/cypherpunks.ru/gogost/vendor
-cat > $tmp/includes <<EOF
-golang.org/x/crypto/AUTHORS
-golang.org/x/crypto/CONTRIBUTORS
-golang.org/x/crypto/LICENSE
-golang.org/x/crypto/PATENTS
-golang.org/x/crypto/README
-golang.org/x/crypto/pbkdf2
-EOF
-tar cfCI - src $tmp/includes | tar xfC - src/cypherpunks.ru/gogost/vendor
+crypto_path=src/cypherpunks.ru/gogost/vendor/golang.org/x/crypto
+mkdir -p $crypto_path
+( cd $cur/gopath/pkg/mod/golang.org/x/crypto@v0.0.0-20190701094942-4def268fd1a4 ; \
+    tar cf - AUTHORS CONTRIBUTORS LICENSE PATENTS README.md pbkdf2 hkdf ) |
+    tar xfC - $crypto_path
+
 find . -name .git -type d | xargs rm -fr
-rm -fr www* makedist* TODO src/golang.org $tmp/includes
+rm -f www* makedist* TODO
+
+find . -type d -exec chmod 700 {} \;
+find . -type f -exec chmod 600 {} \;
 
 cd ..
 tar cvf gogost-"$release".tar --uid=0 --gid=0 --numeric-owner gogost-"$release"
diff --git a/news.texi b/news.texi
index 04441c8c919831067c7bda3192cdd5d3147a6169c2ed825b4715a79892d6cdff..353f287406a782ff40cd29ff91ca4ec234fae1ec9f1a7275d8a228c9fed8081b 100644
--- a/news.texi
+++ b/news.texi
@@ -3,6 +3,20 @@ @unnumbered News
 
 @table @strong
 
+@anchor{Release 4.0}
+@item 4.0
+    @itemize
+    @item Backward incompatible change: all keys passing to encryption
+        functions are slices now, not the fixed arrays. That heavily
+        simplifies the library usage
+    @item Fix bug with overwriting IVs memory in @code{gost28147.CFB*crypter}
+    @item @code{TLSTREE}, used in TLS 1.[23], implementation
+    @item @code{gost3410.KEK2012*} can be used with any curves, not only 512-bit ones
+    @item @code{gost3410.PrivateKey} satisfies @code{crypto.Signer} interface
+    @item @code{gost34112012*} hashes satisfy @code{encoding.Binary(Un)Marshaler}
+    @item Streebog256 HKDF test vectors
+    @end itemize
+
 @anchor{Release 3.0}
 @item 3.0
     @itemize
diff --git a/www.texi b/www.texi
index 5a94b5944e4d2003d5a663e4bee42a275168f4e4f3f222f5cbb052488cb81e5a..fed8747b20500f83a31af2d20dfd34709a91c5a7a073c29748d17e3a8e7c8883 100644
--- a/www.texi
+++ b/www.texi
@@ -49,6 +49,7 @@     (@url{https://tools.ietf.org/html/rfc7801.html, RFC 7801})
 @item GOST R 34.12-2015 64-bit block cipher Магма (Magma)
 @item GOST R 34.13-2015 padding methods
 @item MGM AEAD mode for 64 and 128 bit ciphers
+@item TLSTREE keyscheduling function
 @end itemize
 
 Please send questions, bug reports and patches to