Hello community,
here is the log from the commit of package ndpi for openSUSE:Factory checked in at 2019-12-30 12:35:08
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ndpi (Old)
and /work/SRC/openSUSE:Factory/.ndpi.new.6675 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ndpi"
Mon Dec 30 12:35:08 2019 rev:5 rq:759921 version:3.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/ndpi/ndpi.changes 2019-06-06 18:18:14.864669769 +0200
+++ /work/SRC/openSUSE:Factory/.ndpi.new.6675/ndpi.changes 2019-12-30 12:35:14.271817620 +0100
@@ -1,0 +2,95 @@
+Wed Dec 25 10:13:32 UTC 2019 - Martin Hauke
+
+- Drop not longer needed patches (fixed upstream)
+ * ndpi-fix-build.patch
+ * reproducible.patch
+- Update to version 3.0
+ New Features
+ * nDPI now reports the protocol ASAP even when specific fields
+ have not yet been dissected because such packets have not yet
+ been observed. This is important for inline applications that
+ can immediately act on traffic. Applications that need full
+ dissection need to call the new API function
+ ndpi_extra_dissection_possible() to check if metadata dissection
+ has been completely performed or if there is more to read before
+ declaring it completed.
+ * TLS (formerly identified as SSL in nDPI v2.x) is now dissected
+ more deeply, certificate validity is extracted as well
+ certificate SHA-1.
+ * nDPIreader can now export data in CSV format with option -C
+ * Implemented Sequence of Packet Length and Time (SPLT) and Byte
+ Distribution (BD) as specified by Cisco Joy
+ (https://github.com/cisco/joy). This allows malware activities
+ on encrypted TLS streams.
+ * Available as library and in ndpiReader with option -J
+ * Promoted usage of protocol categories rather than protocol
+ identifiers in order to classify protocols. This allows
+ application protocols to be clustered in families and thus better
+ managed by users/developers rather than using hundred of
+ protocols unknown to most of the people.
+ * Added Inter-Arrival Time (IAT) calculation used to detect
+ protocol misbehaviour (e.g. slow-DoS detection)
+ * Added data analysis features for computign metrics such as
+ entropy, average, stddev, variance on a single and consistent
+ place that will prevent when possible. This should ease traffic
+ analysis on monitoring/security applications. New API calls have
+ been implemented such as ndpi_data_XXX() to handle these
+ calculations.
+ * Initial release of Python bindings available under nDPI/python.
+ * Implemented search of human readable strings for promoting data
+ exfiltration detection
+ * Available as library and in ndpiReader with option -e
+ * Fingerprints
+ JA3 (https://github.com/salesforce/ja3)
+ HASSH (https://github.com/salesforce/hassh)
+ DHCP
+ * Implemented a library to serialize/deserialize data in both
+ Type-Length-Value (TLV) and JSON format
+ New Supported Protocols and Services
+ * DTLS (i.e. TLS over UDP)
+ * Hulu
+ * TikTok/Musical.ly
+ * WhatsApp Video
+ * DNSoverHTTPS
+ * Datasaver
+ * Line protocol
+ * Google Duo and Hangout merged
+ * WireGuard VPN
+ * IMO
+ * Zoom.us
+ Improvements
+ * TLS
+ + Organizations
+ + Ciphers
+ + Certificate analysis
+ * Added PUBLISH/SUBSCRIBE methods to SIP
+ * Implemented STUN cache to enhance matching of STUN-based protocols
+ * Dissection improvements
+ + Viber
+ + WhatsApp
+ + AmazonVideo
+ + SnapChat
+ + FTP
+ + QUIC
+ + OpenVPN support for UDP-based VPNs
+ + Facebook Messenger mobile
+ + Various improvements for STUN, Hangout and Duo
+ * Added new categories:
+ + CUSTOM_CATEGORY_ANTIMALWARE,
+ + NDPI_PROTOCOL_CATEGORY_MUSIC,
+ + NDPI_PROTOCOL_CATEGORY_VIDEO,
+ + NDPI_PROTOCOL_CATEGORY_SHOPPING,
+ + NDPI_PROTOCOL_CATEGORY_PRODUCTIVITY
+ + NDPI_PROTOCOL_CATEGORY_FILE_SHARING
+ * Added NDPI_PROTOCOL_DANGEROUS classification
+ Fixes
+ * Fixed the dissection of certain invalid DNS responses
+ * Fixed Spotify dissection
+ * Fixed false positives with FTP and FTP_DATA
+ * Fix to discard STUN over TCP flows
+ * Fixed MySQL dissector
+ * Fix category detection due to missing initialization
+ * Fix DNS rsp_addr missing in some tiny responses
+ * Various hardening fixes
+
+-------------------------------------------------------------------
Old:
----
ndpi-2.8.tar.gz
ndpi-fix-build.patch
reproducible.patch
New:
----
ndpi-3.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ndpi.spec ++++++
--- /var/tmp/diff_new_pack.RrTwKh/_old 2019-12-30 12:35:14.923817970 +0100
+++ /var/tmp/diff_new_pack.RrTwKh/_new 2019-12-30 12:35:14.923817970 +0100
@@ -21,9 +21,9 @@
%bcond_without hyperscan
%endif
-%define sover 2
+%define sover 3
Name: ndpi
-Version: 2.8
+Version: 3.0
Release: 0
Summary: Extensible deep packet inspection library
# wireshark/ndpi.lua is GPL-3.0-or-later
@@ -31,10 +31,6 @@
Group: Development/Libraries/C and C++
URL: https://github.com/ntop/nDPI
Source: https://github.com/ntop/nDPI/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
-# FIXME: Upstream makefile is broken
-Patch0: ndpi-fix-build.patch
-# PATCH-FIX-UPSTREAM https://github.com/ntop/nDPI/pull/662
-Patch1: reproducible.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: gcc-c++
@@ -90,8 +86,6 @@
%prep
%setup -q -n nDPI-%{version}
-%patch0 -p1
-%patch1 -p1
%build
sh autogen.sh
@@ -105,6 +99,7 @@
%install
%make_install PREFIX=%{_prefix} prefix=%{_prefix} libdir=%{_libdir}
rm -f %{buildroot}/%{_libdir}/libndpi.a
+rm -rf %{buildroot}/%{_sbindir}/ndpi
%post -n libndpi%{sover} -p /sbin/ldconfig
%postun -n libndpi%{sover} -p /sbin/ldconfig
++++++ ndpi-2.8.tar.gz -> ndpi-3.0.tar.gz ++++++
/work/SRC/openSUSE:Factory/ndpi/ndpi-2.8.tar.gz /work/SRC/openSUSE:Factory/.ndpi.new.6675/ndpi-3.0.tar.gz differ: char 15, line 1