Hello community, here is the log from the commit of package ndpi for openSUSE:Factory checked in at 2019-12-30 12:35:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ndpi (Old) and /work/SRC/openSUSE:Factory/.ndpi.new.6675 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "ndpi" Mon Dec 30 12:35:08 2019 rev:5 rq:759921 version:3.0 Changes: -------- --- /work/SRC/openSUSE:Factory/ndpi/ndpi.changes 2019-06-06 18:18:14.864669769 +0200 +++ /work/SRC/openSUSE:Factory/.ndpi.new.6675/ndpi.changes 2019-12-30 12:35:14.271817620 +0100 @@ -1,0 +2,95 @@ +Wed Dec 25 10:13:32 UTC 2019 - Martin Hauke <mardnh@gmx.de> + +- Drop not longer needed patches (fixed upstream) + * ndpi-fix-build.patch + * reproducible.patch +- Update to version 3.0 + New Features + * nDPI now reports the protocol ASAP even when specific fields + have not yet been dissected because such packets have not yet + been observed. This is important for inline applications that + can immediately act on traffic. Applications that need full + dissection need to call the new API function + ndpi_extra_dissection_possible() to check if metadata dissection + has been completely performed or if there is more to read before + declaring it completed. + * TLS (formerly identified as SSL in nDPI v2.x) is now dissected + more deeply, certificate validity is extracted as well + certificate SHA-1. + * nDPIreader can now export data in CSV format with option -C + * Implemented Sequence of Packet Length and Time (SPLT) and Byte + Distribution (BD) as specified by Cisco Joy + (https://github.com/cisco/joy). This allows malware activities + on encrypted TLS streams. + * Available as library and in ndpiReader with option -J + * Promoted usage of protocol categories rather than protocol + identifiers in order to classify protocols. This allows + application protocols to be clustered in families and thus better + managed by users/developers rather than using hundred of + protocols unknown to most of the people. + * Added Inter-Arrival Time (IAT) calculation used to detect + protocol misbehaviour (e.g. slow-DoS detection) + * Added data analysis features for computign metrics such as + entropy, average, stddev, variance on a single and consistent + place that will prevent when possible. This should ease traffic + analysis on monitoring/security applications. New API calls have + been implemented such as ndpi_data_XXX() to handle these + calculations. + * Initial release of Python bindings available under nDPI/python. + * Implemented search of human readable strings for promoting data + exfiltration detection + * Available as library and in ndpiReader with option -e + * Fingerprints + JA3 (https://github.com/salesforce/ja3) + HASSH (https://github.com/salesforce/hassh) + DHCP + * Implemented a library to serialize/deserialize data in both + Type-Length-Value (TLV) and JSON format + New Supported Protocols and Services + * DTLS (i.e. TLS over UDP) + * Hulu + * TikTok/Musical.ly + * WhatsApp Video + * DNSoverHTTPS + * Datasaver + * Line protocol + * Google Duo and Hangout merged + * WireGuard VPN + * IMO + * Zoom.us + Improvements + * TLS + + Organizations + + Ciphers + + Certificate analysis + * Added PUBLISH/SUBSCRIBE methods to SIP + * Implemented STUN cache to enhance matching of STUN-based protocols + * Dissection improvements + + Viber + + WhatsApp + + AmazonVideo + + SnapChat + + FTP + + QUIC + + OpenVPN support for UDP-based VPNs + + Facebook Messenger mobile + + Various improvements for STUN, Hangout and Duo + * Added new categories: + + CUSTOM_CATEGORY_ANTIMALWARE, + + NDPI_PROTOCOL_CATEGORY_MUSIC, + + NDPI_PROTOCOL_CATEGORY_VIDEO, + + NDPI_PROTOCOL_CATEGORY_SHOPPING, + + NDPI_PROTOCOL_CATEGORY_PRODUCTIVITY + + NDPI_PROTOCOL_CATEGORY_FILE_SHARING + * Added NDPI_PROTOCOL_DANGEROUS classification + Fixes + * Fixed the dissection of certain invalid DNS responses + * Fixed Spotify dissection + * Fixed false positives with FTP and FTP_DATA + * Fix to discard STUN over TCP flows + * Fixed MySQL dissector + * Fix category detection due to missing initialization + * Fix DNS rsp_addr missing in some tiny responses + * Various hardening fixes + +------------------------------------------------------------------- Old: ---- ndpi-2.8.tar.gz ndpi-fix-build.patch reproducible.patch New: ---- ndpi-3.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ndpi.spec ++++++ --- /var/tmp/diff_new_pack.RrTwKh/_old 2019-12-30 12:35:14.923817970 +0100 +++ /var/tmp/diff_new_pack.RrTwKh/_new 2019-12-30 12:35:14.923817970 +0100 @@ -21,9 +21,9 @@ %bcond_without hyperscan %endif -%define sover 2 +%define sover 3 Name: ndpi -Version: 2.8 +Version: 3.0 Release: 0 Summary: Extensible deep packet inspection library # wireshark/ndpi.lua is GPL-3.0-or-later @@ -31,10 +31,6 @@ Group: Development/Libraries/C and C++ URL: https://github.com/ntop/nDPI Source: https://github.com/ntop/nDPI/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz -# FIXME: Upstream makefile is broken -Patch0: ndpi-fix-build.patch -# PATCH-FIX-UPSTREAM https://github.com/ntop/nDPI/pull/662 -Patch1: reproducible.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: gcc-c++ @@ -90,8 +86,6 @@ %prep %setup -q -n nDPI-%{version} -%patch0 -p1 -%patch1 -p1 %build sh autogen.sh @@ -105,6 +99,7 @@ %install %make_install PREFIX=%{_prefix} prefix=%{_prefix} libdir=%{_libdir} rm -f %{buildroot}/%{_libdir}/libndpi.a +rm -rf %{buildroot}/%{_sbindir}/ndpi %post -n libndpi%{sover} -p /sbin/ldconfig %postun -n libndpi%{sover} -p /sbin/ldconfig ++++++ ndpi-2.8.tar.gz -> ndpi-3.0.tar.gz ++++++ /work/SRC/openSUSE:Factory/ndpi/ndpi-2.8.tar.gz /work/SRC/openSUSE:Factory/.ndpi.new.6675/ndpi-3.0.tar.gz differ: char 15, line 1