VERSION | 2 +- doc/download.texi | 4 ++++ doc/news.ru.texi | 8 ++++++++ doc/news.texi | 8 ++++++++ ports/govpn/Makefile | 27 +++++++++++++++++++++++++++ ports/govpn/pkg-descr | 14 ++++++++++++++ src/cypherpunks.ru/govpn/cmd/govpn-server/main.go | 6 +++++- src/cypherpunks.ru/govpn/cmd/govpn-server/tcp.go | 12 ++++++++++-- src/cypherpunks.ru/govpn/cmd/govpn-server/udp.go | 18 +++++++++++++++--- utils/makedist.sh | 3 ++- diff --git a/VERSION b/VERSION index 5904f7adec1a0d8e5e10d8e72fcff747645ef796..f99416236e9fc148fb5b694705c04492d60793dd 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -7.2 +7.3 diff --git a/doc/download.texi b/doc/download.texi index a9ee391bc1a2468416c754b55e8dc7f9af4f8bbe..f12e40ea8baf78ffde4f6cf12a3c246ca1ec54e3 100644 --- a/doc/download.texi +++ b/doc/download.texi @@ -18,6 +18,10 @@ @multitable {XXXXX} {XXXX KiB} {link sign} {xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx} @headitem Version @tab Size @tab Tarball @tab SHA256 checksum +@item @ref{Release 7.2, 7.2} @tab 289 KiB +@tab @url{download/govpn-7.2.tar.xz, link} @url{download/govpn-7.2.tar.xz.sig, sign} +@tab @code{8C787DCD 6FFB718E 850F287E 959FCB45 7880A8A1 1C417BCA 17A86346 AC9BAAEE} + @item @ref{Release 7.1, 7.1} @tab 289 KiB @tab @url{download/govpn-7.1.tar.xz, link} @url{download/govpn-7.1.tar.xz.sig, sign} @tab @code{DB656A87 508D6902 B9C8964D C20937BF C95E1E78 1998311F F8F85A95 F64862BB} diff --git a/doc/news.ru.texi b/doc/news.ru.texi index 3c764644d062b525c66f8df7f42847bdf3a9dc02..f00c3b1b1aa36fb30f98ac7de7dd8f845af3216c 100644 --- a/doc/news.ru.texi +++ b/doc/news.ru.texi @@ -1,6 +1,14 @@ @node Новости @section Новости +@node Релиз 7.3 +@subsection Релиз 7.3 +@itemize +@item Исправлена редкая возможная ошибка падения сервера во время +rehandshake процедуры. +@item Обновлены зависимые криптографические библиотеки. +@end itemize + @node Релиз 7.2 @subsection Релиз 7.2 @itemize diff --git a/doc/news.texi b/doc/news.texi index 861004dc5032d49b3803e69d8daa65cc1fdb89bc..cb119e25ab565d8bb49dc1dc3edc9d72f5fe0e78 100644 --- a/doc/news.texi +++ b/doc/news.texi @@ -3,6 +3,14 @@ @unnumbered News See also this page @ref{Новости, on russian}. +@node Release 7.3 +@section Release 7.3 +@itemize +@item Fixed seldom possible segmentation fault on the server during +rehandshake. +@item Dependant cryptographic libraries are updated. +@end itemize + @node Release 7.2 @section Release 7.2 @itemize diff --git a/ports/govpn/Makefile b/ports/govpn/Makefile new file mode 100644 index 0000000000000000000000000000000000000000..5d78be67a0148e00d9f6e2c1a7cf51fa34b8bf49 --- /dev/null +++ b/ports/govpn/Makefile @@ -0,0 +1,27 @@ +# $FreeBSD$ + +PORTNAME= govpn +PORTVERSION= 7.3 +CATEGORIES= security +MASTER_SITES= http://www.govpn.info/download/ \ + http://sourceforge.net/projects/govpn/files/ + +MAINTAINER= stargrave@stargrave.org +COMMENT= Simple secure, DPI-resistant VPN daemon + +LICENSE= GPLv3+ +LICENSE_FILE= ${WRKSRC}/COPYING + +BUILD_DEPENDS= go:lang/go + +USES= tar:xz +MAKEFILE= BSDmakefile + +PORTDOCS= AUTHORS INSTALL NEWS README THANKS README.RU +INFO= govpn +INSTALL_TARGET= install-strip + +PLIST_FILES= bin/govpn-server bin/govpn-client bin/govpn-verifier \ + share/govpn/newclient.sh + +.include diff --git a/ports/govpn/pkg-descr b/ports/govpn/pkg-descr new file mode 100644 index 0000000000000000000000000000000000000000..098188353d7b11f85425c638a7342db28008fe4a --- /dev/null +++ b/ports/govpn/pkg-descr @@ -0,0 +1,14 @@ +GoVPN is simple secure free software virtual private network daemon, +aimed to be reviewable, secure, DPI/censorship-resistant, written on Go. + +It uses fast strong passphrase authenticated key agreement protocol with +augmented zero-knowledge mutual peers authentication (PAKE DH A-EKE). +Encrypted, authenticated data transport that hides message's length and +timestamps. Optional encryptionless mode, that still preserves data +confidentiality. Perfect forward secrecy property. Resistance to: +offline dictionary attacks, replay attacks, client's passphrases +compromising and dictionary attacks on the server side. Built-in +heartbeating, rehandshaking, real-time statistics. Ability to work +through UDP, TCP and HTTP proxies. IPv4/IPv6-compatibility. + +WWW: http://www.govpn.info/ diff --git a/src/cypherpunks.ru/govpn/cmd/govpn-server/main.go b/src/cypherpunks.ru/govpn/cmd/govpn-server/main.go index 2beb396f6958409a2cf0f27f9e938e6a76558d47..3e80975587fbe6df3abd8572d9ae23d7ddea9aa1 100644 --- a/src/cypherpunks.ru/govpn/cmd/govpn-server/main.go +++ b/src/cypherpunks.ru/govpn/cmd/govpn-server/main.go @@ -132,7 +132,11 @@ ps.peer.BusyR.Lock() needsDeletion = ps.peer.LastPing.Add(timeout).Before(now) ps.peer.BusyR.Unlock() if needsDeletion { - govpn.Printf(`[peer-delete bind="%s" peer="%s"]`, *bindAddr, ps.peer) + govpn.Printf( + `[peer-delete bind="%s" peer="%s"]`, + *bindAddr, + ps.peer.ID.String(), + ) delete(peers, addr) delete(knownPeers, addr) delete(peersByID, *ps.peer.ID) diff --git a/src/cypherpunks.ru/govpn/cmd/govpn-server/tcp.go b/src/cypherpunks.ru/govpn/cmd/govpn-server/tcp.go index c36da3fed3ca02f8610a7ff9040b679f3e4b3981..61eb1e07395fcc8b10ddf690d43b706b0f28300b 100644 --- a/src/cypherpunks.ru/govpn/cmd/govpn-server/tcp.go +++ b/src/cypherpunks.ru/govpn/cmd/govpn-server/tcp.go @@ -99,10 +99,18 @@ ) peersByIDLock.RLock() addrPrev, exists := peersByID[*peer.ID] peersByIDLock.RUnlock() + var peerPrev *PeerState if exists { peersLock.Lock() - peers[addrPrev].terminator <- struct{}{} - tap = peers[addrPrev].tap + peerPrev = peers[addrPrev] + if peerPrev == nil { + exists = false + peersLock.Unlock() + } + } + if exists { + peerPrev.terminator <- struct{}{} + tap = peerPrev.tap ps = &PeerState{ peer: peer, tap: tap, diff --git a/src/cypherpunks.ru/govpn/cmd/govpn-server/udp.go b/src/cypherpunks.ru/govpn/cmd/govpn-server/udp.go index cdcfb56996cc8492106f3f20797f315d8caa70df..037351778f566605fcc28733350ac60d663cc978 100644 --- a/src/cypherpunks.ru/govpn/cmd/govpn-server/udp.go +++ b/src/cypherpunks.ru/govpn/cmd/govpn-server/udp.go @@ -136,12 +136,20 @@ }() peersByIDLock.RLock() addrPrev, exists = peersByID[*peer.ID] peersByIDLock.RUnlock() + var peerPrev *PeerState if exists { peersLock.Lock() - peers[addrPrev].terminator <- struct{}{} + peerPrev = peers[addrPrev] + if peerPrev == nil { + exists = false + peersLock.Unlock() + } + } + if exists { + peerPrev.terminator <- struct{}{} psNew := &PeerState{ peer: peer, - tap: peers[addrPrev].tap, + tap: peerPrev.tap, terminator: make(chan struct{}), } go func(peer *govpn.Peer, tap *govpn.TAP, terminator chan struct{}) { @@ -196,7 +204,11 @@ peersByID[*peer.ID] = addr peersLock.Unlock() peersByIDLock.Unlock() kpLock.Unlock() - govpn.Printf(`[peer-created bind="%s" peer="%s"]`, *bindAddr, peer.ID.String()) + govpn.Printf( + `[peer-created bind="%s" peer="%s"]`, + *bindAddr, + peer.ID.String(), + ) }(addr, peer) } udpBufs <- buf diff --git a/utils/makedist.sh b/utils/makedist.sh index deff7783b9c02017ea73e84547bfacc5002d987d..3deab39ef1f53b5038561736b142ecd4b34a0733 100755 --- a/utils/makedist.sh +++ b/utils/makedist.sh @@ -44,13 +44,14 @@ You can obtain releases source code prepared tarballs on @url{http://www.govpn.info/}. EOF make -C doc -./utils/news.sh +/bin/sh utils/news.sh rm -r doc/.well-known doc/govpn.html/.well-known utils/news.sh rm utils/makedist.sh find . -name .git -type d | xargs rm -fr find . -name .gitignore -delete rm .gitmodules +rm -r ports cd .. tar cvf govpn-"$release".tar govpn-"$release"