Accepting request 777777 from home:mnhauke:security

- Update to version 3.2 New Features * New API calls * Protocol detection: ndpi_is_protocol_detected * Categories: ndpi_load_categories_file / ndpi_load_category * JSON/TLV serialization: ndpi_serialize_string_boolean / ndpi_serialize_uint32_boolean * Patricia tree: ndpi_load_ipv4_ptree * Module initialization: ndpi_init_detection_module / ndpi_finalize_initalization * Base64 encoding: ndpi_base64_encode * JSON export: ndpi_flow2json * Print protocol: ndpi_get_l4_proto_name / ndpi_get_l4_proto_info * Libfuzz integration * Implemented Community ID hash (API call ndpi_flowv6_flow_hash and ndpi_flowv4_flow_hash) * Detection of RCE in HTTP GET requests via PCRE * Integration of the libinjection library to detect SQL injections and XSS type attacks in HTTP requests New Supported Protocols and Services * TLS: new decode * Added ALPN support * Added export of supported version in TLS header * Added Telnet dissector with metadata extraction * Added Zabbix dissector * Added POP3/IMAP metadata extraction * Added FTP user/password extraction * Added NetBIOS metadata extraction * Added Kerberos metadata extraction * Implemented SQL Injection and XSS attack detection OBS-URL: https://build.opensuse.org/request/show/777777 OBS-URL: https://build.opensuse.org/package/show/server:monitoring/ndpi?expand=0&rev=17
2020-02-21 20:06:57 +00:00
parent 160d403fee
commit 5889a64983
4 changed files with 97 additions and 6 deletions
--- a/ndpi.changes
+++ b/ndpi.changes
@@ -1,3 +1,94 @@
+-------------------------------------------------------------------
+Thu Feb 20 21:03:45 UTC 2020 - Martin Hauke <mardnh@gmx.de>
+
+- Update to version 3.2
+  New Features
+  * New API calls
+  * Protocol detection: ndpi_is_protocol_detected
+  * Categories: ndpi_load_categories_file / ndpi_load_category
+  * JSON/TLV serialization: ndpi_serialize_string_boolean /
+    ndpi_serialize_uint32_boolean
+  * Patricia tree: ndpi_load_ipv4_ptree
+  * Module initialization: ndpi_init_detection_module /
+    ndpi_finalize_initalization
+  * Base64 encoding: ndpi_base64_encode
+  * JSON export: ndpi_flow2json
+  * Print protocol: ndpi_get_l4_proto_name / ndpi_get_l4_proto_info
+  * Libfuzz integration
+  * Implemented Community ID hash (API call ndpi_flowv6_flow_hash
+    and ndpi_flowv4_flow_hash)
+  * Detection of RCE in HTTP GET requests via PCRE
+  * Integration of the libinjection library to detect SQL
+    injections and XSS type attacks in HTTP requests
+  New Supported Protocols and Services
+  * TLS: new decode
+  * Added ALPN support
+  * Added export of supported version in TLS header
+  * Added Telnet dissector with metadata extraction
+  * Added Zabbix dissector
+  * Added POP3/IMAP metadata extraction
+  * Added FTP user/password extraction
+  * Added NetBIOS metadata extraction
+  * Added Kerberos metadata extraction
+  * Implemented SQL Injection and XSS attack detection
+  * Host-based detection improvements and changes
+  * Added Microsoft range
+  * Added twitch.tv website
+  * Added brasilbandalarga.com.br and .eaqbr.com.br as EAQ
+  * Added 20.180.0.0/14, 20.184.0.0/13 range as Skype
+  * Added 52.84.0.0/14 range as Amazon
+  * Added pastebin.com
+  * Changed 13.64.0.0/11 range from Skype to Microsoft
+  * Refreshed Whatsapp server list, added whatsapp-.fbcdn.net IPs
+  * Added public DNSoverHTTPS servers
+  Improvements
+  * Reworked and improved the TLS dissector
+  * Reworked Kerberos dissector
+  * Improved DNS response decoding
+  * Support for DNS continuous flow dissection
+  * Improved Python bindings
+  * Improved Ethereum support
+  * Improved categories detection with streaming and HTTP
+  * Support for IP-based detection to compute the application
+    protocol
+  * Renamed protocol 104 to IEC60870 (more meaningful)
+  * Added failed authentication support with FTP
+  * Renamed DNSoverHTTPS to handle bot DoH and DoT
+  * Implemented stacked DPI decoding
+  * Improvements for CapWAP and Bloomberg
+  * Improved SMB dissection
+  * Improved SSH dissection
+  * Added capwap support
+  * Modified API signatures for ndpi_ssl_version2str /
+    ndpi_detection_giveup
+  * Removed ndpi_pref_http_dont_dissect_response /
+    ndpi_pref_dns_dont_dissect_response (replaced by
+    ndpi_extra_dissection_possible)
+  Fixes
+  * Fixed memory invalid access in SMTP and leaks in TLS
+  * Fixed a few memory leaks
+  * Fixed invalid memory access in a few protocol dissectors (HTTP,
+    memcached, Citrix, STUN, DNS, Amazon Video, TLS, Viber)
+  * Fixed IPv6 address format across the various platforms
+  * Fixed infinite loop in ndpi_workflow_process_packet
+  * Fixed SHA1 certificate detection
+  * Fixed custom protocol detection
+  * Fixed SMTP dissection (including email)
+  * Fixed Telnet dissection and invalid password report
+  * Fixed invalid category matching in HTTP
+  * Fixed Skype and STUN false positives
+  * Fixed SQL Injection detection
+  * Fixed invalid SMBv1 detection
+  * Fixed SSH dissection
+  * Fixed ndpi_ssl_version2str
+  * Fixed ndpi_extra_dissection_possible
+  * Fixed out of bounds read in ndpi_match_custom_category
+  ndpiReader
+  * CSV output enhancements
+  * Added tunnelling decapsulation
+  * Improved HTTP reporting
+  * Added scan and HTTP attacks (XSS, SQL Injection) detection
+
 -------------------------------------------------------------------
 Thu Jan  2 11:50:52 UTC 2020 - Martin Hauke <mardnh@gmx.de>