Accepting request 777777 from home:mnhauke:security

- Update to version 3.2 New Features * New API calls * Protocol detection: ndpi_is_protocol_detected * Categories: ndpi_load_categories_file / ndpi_load_category * JSON/TLV serialization: ndpi_serialize_string_boolean / ndpi_serialize_uint32_boolean * Patricia tree: ndpi_load_ipv4_ptree * Module initialization: ndpi_init_detection_module / ndpi_finalize_initalization * Base64 encoding: ndpi_base64_encode * JSON export: ndpi_flow2json * Print protocol: ndpi_get_l4_proto_name / ndpi_get_l4_proto_info * Libfuzz integration * Implemented Community ID hash (API call ndpi_flowv6_flow_hash and ndpi_flowv4_flow_hash) * Detection of RCE in HTTP GET requests via PCRE * Integration of the libinjection library to detect SQL injections and XSS type attacks in HTTP requests New Supported Protocols and Services * TLS: new decode * Added ALPN support * Added export of supported version in TLS header * Added Telnet dissector with metadata extraction * Added Zabbix dissector * Added POP3/IMAP metadata extraction * Added FTP user/password extraction * Added NetBIOS metadata extraction * Added Kerberos metadata extraction * Implemented SQL Injection and XSS attack detection OBS-URL: https://build.opensuse.org/request/show/777777 OBS-URL: https://build.opensuse.org/package/show/server:monitoring/ndpi?expand=0&rev=17
2020-02-21 20:06:57 +00:00 · 2020-02-21 20:06:57 +00:00 · 5889a64983
commit 5889a64983
parent 160d403fee
4 changed files with 97 additions and 6 deletions
--- a/ndpi-3.0.tar.gz
+++ b/ndpi-3.0.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:69fb8003f00e9b9be3d06925398e15a83ac517cd155b6768f5f0e9342471c164
-size 26902734
--- a/ndpi-3.2.tar.gz
+++ b/ndpi-3.2.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6808c8c4495343e67863f4d30bb261c1e2daec5628ae0be257ba2a2dea7ec70a
+size 29586049
--- a/ndpi.changes
+++ b/ndpi.changes
@ -1,3 +1,94 @@
+-------------------------------------------------------------------
+Thu Feb 20 21:03:45 UTC 2020 - Martin Hauke <mardnh@gmx.de>
+
+- Update to version 3.2
+  New Features
+  * New API calls
+  * Protocol detection: ndpi_is_protocol_detected
+  * Categories: ndpi_load_categories_file / ndpi_load_category
+  * JSON/TLV serialization: ndpi_serialize_string_boolean /
+    ndpi_serialize_uint32_boolean
+  * Patricia tree: ndpi_load_ipv4_ptree
+  * Module initialization: ndpi_init_detection_module /
+    ndpi_finalize_initalization
+  * Base64 encoding: ndpi_base64_encode
+  * JSON export: ndpi_flow2json
+  * Print protocol: ndpi_get_l4_proto_name / ndpi_get_l4_proto_info
+  * Libfuzz integration
+  * Implemented Community ID hash (API call ndpi_flowv6_flow_hash
+    and ndpi_flowv4_flow_hash)
+  * Detection of RCE in HTTP GET requests via PCRE
+  * Integration of the libinjection library to detect SQL
+    injections and XSS type attacks in HTTP requests
+  New Supported Protocols and Services
+  * TLS: new decode
+  * Added ALPN support
+  * Added export of supported version in TLS header
+  * Added Telnet dissector with metadata extraction
+  * Added Zabbix dissector
+  * Added POP3/IMAP metadata extraction
+  * Added FTP user/password extraction
+  * Added NetBIOS metadata extraction
+  * Added Kerberos metadata extraction
+  * Implemented SQL Injection and XSS attack detection
+  * Host-based detection improvements and changes
+  * Added Microsoft range
+  * Added twitch.tv website
+  * Added brasilbandalarga.com.br and .eaqbr.com.br as EAQ
+  * Added 20.180.0.0/14, 20.184.0.0/13 range as Skype
+  * Added 52.84.0.0/14 range as Amazon
+  * Added pastebin.com
+  * Changed 13.64.0.0/11 range from Skype to Microsoft
+  * Refreshed Whatsapp server list, added whatsapp-.fbcdn.net IPs
+  * Added public DNSoverHTTPS servers
+  Improvements
+  * Reworked and improved the TLS dissector
+  * Reworked Kerberos dissector
+  * Improved DNS response decoding
+  * Support for DNS continuous flow dissection
+  * Improved Python bindings
+  * Improved Ethereum support
+  * Improved categories detection with streaming and HTTP
+  * Support for IP-based detection to compute the application
+    protocol
+  * Renamed protocol 104 to IEC60870 (more meaningful)
+  * Added failed authentication support with FTP
+  * Renamed DNSoverHTTPS to handle bot DoH and DoT
+  * Implemented stacked DPI decoding
+  * Improvements for CapWAP and Bloomberg
+  * Improved SMB dissection
+  * Improved SSH dissection
+  * Added capwap support
+  * Modified API signatures for ndpi_ssl_version2str /
+    ndpi_detection_giveup
+  * Removed ndpi_pref_http_dont_dissect_response /
+    ndpi_pref_dns_dont_dissect_response (replaced by
+    ndpi_extra_dissection_possible)
+  Fixes
+  * Fixed memory invalid access in SMTP and leaks in TLS
+  * Fixed a few memory leaks
+  * Fixed invalid memory access in a few protocol dissectors (HTTP,
+    memcached, Citrix, STUN, DNS, Amazon Video, TLS, Viber)
+  * Fixed IPv6 address format across the various platforms
+  * Fixed infinite loop in ndpi_workflow_process_packet
+  * Fixed SHA1 certificate detection
+  * Fixed custom protocol detection
+  * Fixed SMTP dissection (including email)
+  * Fixed Telnet dissection and invalid password report
+  * Fixed invalid category matching in HTTP
+  * Fixed Skype and STUN false positives
+  * Fixed SQL Injection detection
+  * Fixed invalid SMBv1 detection
+  * Fixed SSH dissection
+  * Fixed ndpi_ssl_version2str
+  * Fixed ndpi_extra_dissection_possible
+  * Fixed out of bounds read in ndpi_match_custom_category
+  ndpiReader
+  * CSV output enhancements
+  * Added tunnelling decapsulation
+  * Improved HTTP reporting
+  * Added scan and HTTP attacks (XSS, SQL Injection) detection
+
 -------------------------------------------------------------------
 Thu Jan  2 11:50:52 UTC 2020 - Martin Hauke <mardnh@gmx.de>

--- a/ndpi.spec
+++ b/ndpi.spec
@ -1,7 +1,7 @@
 #
 # spec file for package ndpi
 #
-# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
 # Copyright (c) 2017, Martin Hauke <mardnh@gmx.de>
 #
 # All modifications and additions to the file contributed by third parties
@ -23,7 +23,7 @@

 %define sover 3
 Name:           ndpi
-Version:        3.0
+Version:        3.2
 Release:        0
 Summary:        Extensible deep packet inspection library
 # wireshark/ndpi.lua is GPL-3.0-or-later
@ -35,7 +35,6 @@ BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  gcc-c++
 BuildRequires:  libnuma-devel
-BuildRequires:  libnuma-devel
 BuildRequires:  libpcap-devel
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
@ -111,6 +110,7 @@ rm -rf %{buildroot}/%{_sbindir}/ndpi
 %license COPYING
 %doc CHANGELOG.md README.md README.nDPI README.protocols
 %doc doc/nDPI_QuickStartGuide.pdf
+%{_datadir}/%{name}
 %{_libdir}/libndpi.so.%{sover}*

 %files -n libndpi-devel