From 5889a6498311f687d0881f1330fb0b774483dc198bbcd29641034ac26c4d6cc8 Mon Sep 17 00:00:00 2001
From: Lars Vogdt <lrupp@suse.com>
Date: Fri, 21 Feb 2020 20:06:57 +0000
Subject: [PATCH] Accepting request 777777 from home:mnhauke:security

- Update to version 3.2
  New Features
  * New API calls
  * Protocol detection: ndpi_is_protocol_detected
  * Categories: ndpi_load_categories_file / ndpi_load_category
  * JSON/TLV serialization: ndpi_serialize_string_boolean /
    ndpi_serialize_uint32_boolean
  * Patricia tree: ndpi_load_ipv4_ptree
  * Module initialization: ndpi_init_detection_module /
    ndpi_finalize_initalization
  * Base64 encoding: ndpi_base64_encode
  * JSON export: ndpi_flow2json
  * Print protocol: ndpi_get_l4_proto_name / ndpi_get_l4_proto_info
  * Libfuzz integration
  * Implemented Community ID hash (API call ndpi_flowv6_flow_hash
    and ndpi_flowv4_flow_hash)
  * Detection of RCE in HTTP GET requests via PCRE
  * Integration of the libinjection library to detect SQL
    injections and XSS type attacks in HTTP requests
  New Supported Protocols and Services
  * TLS: new decode
  * Added ALPN support
  * Added export of supported version in TLS header
  * Added Telnet dissector with metadata extraction
  * Added Zabbix dissector
  * Added POP3/IMAP metadata extraction
  * Added FTP user/password extraction
  * Added NetBIOS metadata extraction
  * Added Kerberos metadata extraction
  * Implemented SQL Injection and XSS attack detection

OBS-URL: https://build.opensuse.org/request/show/777777
OBS-URL: https://build.opensuse.org/package/show/server:monitoring/ndpi?expand=0&rev=17
---
 ndpi-3.0.tar.gz |  3 --
 ndpi-3.2.tar.gz |  3 ++
 ndpi.changes    | 91 +++++++++++++++++++++++++++++++++++++++++++++++++
 ndpi.spec       |  6 ++--
 4 files changed, 97 insertions(+), 6 deletions(-)
 delete mode 100644 ndpi-3.0.tar.gz
 create mode 100644 ndpi-3.2.tar.gz

diff --git a/ndpi-3.0.tar.gz b/ndpi-3.0.tar.gz
deleted file mode 100644
index 01bdc45..0000000
--- a/ndpi-3.0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:69fb8003f00e9b9be3d06925398e15a83ac517cd155b6768f5f0e9342471c164
-size 26902734
diff --git a/ndpi-3.2.tar.gz b/ndpi-3.2.tar.gz
new file mode 100644
index 0000000..4a69c7e
--- /dev/null
+++ b/ndpi-3.2.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6808c8c4495343e67863f4d30bb261c1e2daec5628ae0be257ba2a2dea7ec70a
+size 29586049
diff --git a/ndpi.changes b/ndpi.changes
index b502cdf..1d12861 100644
--- a/ndpi.changes
+++ b/ndpi.changes
@@ -1,3 +1,94 @@
+-------------------------------------------------------------------
+Thu Feb 20 21:03:45 UTC 2020 - Martin Hauke <mardnh@gmx.de>
+
+- Update to version 3.2
+  New Features
+  * New API calls
+  * Protocol detection: ndpi_is_protocol_detected
+  * Categories: ndpi_load_categories_file / ndpi_load_category
+  * JSON/TLV serialization: ndpi_serialize_string_boolean /
+    ndpi_serialize_uint32_boolean
+  * Patricia tree: ndpi_load_ipv4_ptree
+  * Module initialization: ndpi_init_detection_module /
+    ndpi_finalize_initalization
+  * Base64 encoding: ndpi_base64_encode
+  * JSON export: ndpi_flow2json
+  * Print protocol: ndpi_get_l4_proto_name / ndpi_get_l4_proto_info
+  * Libfuzz integration
+  * Implemented Community ID hash (API call ndpi_flowv6_flow_hash
+    and ndpi_flowv4_flow_hash)
+  * Detection of RCE in HTTP GET requests via PCRE
+  * Integration of the libinjection library to detect SQL
+    injections and XSS type attacks in HTTP requests
+  New Supported Protocols and Services
+  * TLS: new decode
+  * Added ALPN support
+  * Added export of supported version in TLS header
+  * Added Telnet dissector with metadata extraction
+  * Added Zabbix dissector
+  * Added POP3/IMAP metadata extraction
+  * Added FTP user/password extraction
+  * Added NetBIOS metadata extraction
+  * Added Kerberos metadata extraction
+  * Implemented SQL Injection and XSS attack detection
+  * Host-based detection improvements and changes
+  * Added Microsoft range
+  * Added twitch.tv website
+  * Added brasilbandalarga.com.br and .eaqbr.com.br as EAQ
+  * Added 20.180.0.0/14, 20.184.0.0/13 range as Skype
+  * Added 52.84.0.0/14 range as Amazon
+  * Added pastebin.com
+  * Changed 13.64.0.0/11 range from Skype to Microsoft
+  * Refreshed Whatsapp server list, added whatsapp-.fbcdn.net IPs
+  * Added public DNSoverHTTPS servers
+  Improvements
+  * Reworked and improved the TLS dissector
+  * Reworked Kerberos dissector
+  * Improved DNS response decoding
+  * Support for DNS continuous flow dissection
+  * Improved Python bindings
+  * Improved Ethereum support
+  * Improved categories detection with streaming and HTTP
+  * Support for IP-based detection to compute the application
+    protocol
+  * Renamed protocol 104 to IEC60870 (more meaningful)
+  * Added failed authentication support with FTP
+  * Renamed DNSoverHTTPS to handle bot DoH and DoT
+  * Implemented stacked DPI decoding
+  * Improvements for CapWAP and Bloomberg
+  * Improved SMB dissection
+  * Improved SSH dissection
+  * Added capwap support
+  * Modified API signatures for ndpi_ssl_version2str /
+    ndpi_detection_giveup
+  * Removed ndpi_pref_http_dont_dissect_response /
+    ndpi_pref_dns_dont_dissect_response (replaced by
+    ndpi_extra_dissection_possible)
+  Fixes
+  * Fixed memory invalid access in SMTP and leaks in TLS
+  * Fixed a few memory leaks
+  * Fixed invalid memory access in a few protocol dissectors (HTTP,
+    memcached, Citrix, STUN, DNS, Amazon Video, TLS, Viber)
+  * Fixed IPv6 address format across the various platforms
+  * Fixed infinite loop in ndpi_workflow_process_packet
+  * Fixed SHA1 certificate detection
+  * Fixed custom protocol detection
+  * Fixed SMTP dissection (including email)
+  * Fixed Telnet dissection and invalid password report
+  * Fixed invalid category matching in HTTP
+  * Fixed Skype and STUN false positives
+  * Fixed SQL Injection detection
+  * Fixed invalid SMBv1 detection
+  * Fixed SSH dissection
+  * Fixed ndpi_ssl_version2str
+  * Fixed ndpi_extra_dissection_possible
+  * Fixed out of bounds read in ndpi_match_custom_category
+  ndpiReader
+  * CSV output enhancements
+  * Added tunnelling decapsulation
+  * Improved HTTP reporting
+  * Added scan and HTTP attacks (XSS, SQL Injection) detection
+
 -------------------------------------------------------------------
 Thu Jan  2 11:50:52 UTC 2020 - Martin Hauke <mardnh@gmx.de>
 
diff --git a/ndpi.spec b/ndpi.spec
index 5a10a58..84babd2 100644
--- a/ndpi.spec
+++ b/ndpi.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package ndpi
 #
-# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
 # Copyright (c) 2017, Martin Hauke <mardnh@gmx.de>
 #
 # All modifications and additions to the file contributed by third parties
@@ -23,7 +23,7 @@
 
 %define sover 3
 Name:           ndpi
-Version:        3.0
+Version:        3.2
 Release:        0
 Summary:        Extensible deep packet inspection library
 # wireshark/ndpi.lua is GPL-3.0-or-later
@@ -35,7 +35,6 @@ BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  gcc-c++
 BuildRequires:  libnuma-devel
-BuildRequires:  libnuma-devel
 BuildRequires:  libpcap-devel
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
@@ -111,6 +110,7 @@ rm -rf %{buildroot}/%{_sbindir}/ndpi
 %license COPYING
 %doc CHANGELOG.md README.md README.nDPI README.protocols
 %doc doc/nDPI_QuickStartGuide.pdf
+%{_datadir}/%{name}
 %{_libdir}/libndpi.so.%{sover}*
 
 %files -n libndpi-devel