Accepting request 759921 from server:monitoring

OBS-URL: https://build.opensuse.org/request/show/759921
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ndpi?expand=0&rev=5

ndpi-2.8.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f98def4d0e43818317b20e2887ce500b2d6a5a9c8ddb28cf57ae51caae0f33cc
-size 19754226

ndpi-3.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:69fb8003f00e9b9be3d06925398e15a83ac517cd155b6768f5f0e9342471c164
+size 26902734

ndpi-fix-build.patch

@@ -1,27 +0,0 @@
-Index: nDPI-2.6/Makefile.am
-===================================================================
---- nDPI-2.6.orig/Makefile.am
-+++ nDPI-2.6/Makefile.am
-@@ -1,7 +1,7 @@
- ACLOCAL_AMFLAGS = -I m4
- SUBDIRS = src/lib example tests
- 
--pkgconfigdir = $(prefix)/libdata/pkgconfig
-+pkgconfigdir = $(libdir)/pkgconfig
- pkgconfig_DATA = libndpi.pc
- 
- EXTRA_DIST = autogen.sh
-Index: nDPI-2.6/src/lib/Makefile.in
-===================================================================
---- nDPI-2.6.orig/src/lib/Makefile.in
-+++ nDPI-2.6/src/lib/Makefile.in
-@@ -61,7 +61,7 @@ distclean: clean
- install: $(NDPI_LIBS)
- 	mkdir -p $(DESTDIR)$(libdir)
- 	cp $(NDPI_LIBS) $(DESTDIR)$(libdir)/
--	ln -Ffs $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED) $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED_BASE)
--	ln -Ffs $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED) $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED_BASE).$(NDPI_VERSION_MAJOR)
-+	ln -Ffs $(NDPI_LIB_SHARED) $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED_BASE)
-+	ln -Ffs $(NDPI_LIB_SHARED) $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED_BASE).$(NDPI_VERSION_MAJOR)
- 	mkdir -p $(DESTDIR)$(includedir)
- 	cp ../include/*.h $(DESTDIR)$(includedir)

ndpi.changes

@@ -1,3 +1,98 @@
+-------------------------------------------------------------------
+Wed Dec 25 10:13:32 UTC 2019 - Martin Hauke <mardnh@gmx.de>
+
+- Drop not longer needed patches (fixed upstream)
+  * ndpi-fix-build.patch
+  * reproducible.patch
+- Update to version 3.0
+  New Features
+  * nDPI now reports the protocol ASAP even when specific fields
+    have not yet been dissected because such packets have not yet
+    been observed. This is important for inline applications that
+    can immediately act on traffic. Applications that need full
+    dissection need to call the new API function
+    ndpi_extra_dissection_possible() to check if metadata dissection
+    has been completely performed or if there is more to read before
+    declaring it completed.
+  * TLS (formerly identified as SSL in nDPI v2.x) is now dissected
+    more deeply, certificate validity is extracted as well
+    certificate SHA-1.
+  * nDPIreader can now export data in CSV format with option -C
+  * Implemented Sequence of Packet Length and Time (SPLT) and Byte
+    Distribution (BD) as specified by Cisco Joy
+    (https://github.com/cisco/joy). This allows malware activities
+    on encrypted TLS streams.
+  * Available as library and in ndpiReader with option -J
+  * Promoted usage of protocol categories rather than protocol
+    identifiers in order to classify protocols. This allows
+    application protocols to be clustered in families and thus better
+    managed by users/developers rather than using hundred of
+    protocols unknown to most of the people.
+  * Added Inter-Arrival Time (IAT) calculation used to detect
+    protocol misbehaviour (e.g. slow-DoS detection)
+  * Added data analysis features for computign metrics such as
+    entropy, average, stddev, variance on a single and consistent
+    place that will prevent when possible. This should ease traffic
+    analysis on monitoring/security applications. New API calls have
+    been implemented such as ndpi_data_XXX() to handle these
+    calculations.
+  * Initial release of Python bindings available under nDPI/python.
+  * Implemented search of human readable strings for promoting data
+    exfiltration detection
+  * Available as library and in ndpiReader with option -e
+  * Fingerprints
+    JA3 (https://github.com/salesforce/ja3)
+    HASSH (https://github.com/salesforce/hassh)
+    DHCP
+  * Implemented a library to serialize/deserialize data in both
+    Type-Length-Value (TLV) and JSON format
+  New Supported Protocols and Services
+  * DTLS (i.e. TLS over UDP)
+  * Hulu
+  * TikTok/Musical.ly
+  * WhatsApp Video
+  * DNSoverHTTPS
+  * Datasaver
+  * Line protocol
+  * Google Duo and Hangout merged
+  * WireGuard VPN
+  * IMO
+  * Zoom.us
+  Improvements
+  * TLS
+    + Organizations
+    + Ciphers
+    + Certificate analysis
+  * Added PUBLISH/SUBSCRIBE methods to SIP
+  * Implemented STUN cache to enhance matching of STUN-based protocols
+  * Dissection improvements
+    + Viber
+    + WhatsApp
+    + AmazonVideo
+    + SnapChat
+    + FTP
+    + QUIC
+    + OpenVPN support for UDP-based VPNs
+    + Facebook Messenger mobile
+    + Various improvements for STUN, Hangout and Duo
+  * Added new categories:
+    + CUSTOM_CATEGORY_ANTIMALWARE,
+    + NDPI_PROTOCOL_CATEGORY_MUSIC,
+    + NDPI_PROTOCOL_CATEGORY_VIDEO,
+    + NDPI_PROTOCOL_CATEGORY_SHOPPING,
+    + NDPI_PROTOCOL_CATEGORY_PRODUCTIVITY
+    + NDPI_PROTOCOL_CATEGORY_FILE_SHARING
+  * Added NDPI_PROTOCOL_DANGEROUS classification
+  Fixes
+  * Fixed the dissection of certain invalid DNS responses
+  * Fixed Spotify dissection
+  * Fixed false positives with FTP and FTP_DATA
+  * Fix to discard STUN over TCP flows
+  * Fixed MySQL dissector
+  * Fix category detection due to missing initialization
+  * Fix DNS rsp_addr missing in some tiny responses
+  * Various hardening fixes
+
 -------------------------------------------------------------------
 Wed Jun  5 04:03:31 UTC 2019 - Bernhard Wiedemann <bwiedemann@suse.com>
 

ndpi.spec

@@ -21,9 +21,9 @@
 %bcond_without hyperscan
 %endif
 
-%define sover 2
+%define sover 3
 Name:           ndpi
-Version:        2.8
+Version:        3.0
 Release:        0
 Summary:        Extensible deep packet inspection library
 # wireshark/ndpi.lua is GPL-3.0-or-later
@@ -31,10 +31,6 @@ License:        LGPL-3.0-only
 Group:          Development/Libraries/C and C++
 URL:            https://github.com/ntop/nDPI
 Source:         https://github.com/ntop/nDPI/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
-# FIXME: Upstream makefile is broken
-Patch0:         ndpi-fix-build.patch
-# PATCH-FIX-UPSTREAM https://github.com/ntop/nDPI/pull/662
-Patch1:         reproducible.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  gcc-c++
@@ -90,8 +86,6 @@ This package contains the ndpiReader binary.
 
 %prep
 %setup -q -n nDPI-%{version}
-%patch0 -p1
-%patch1 -p1
 
 %build
 sh autogen.sh
@@ -105,6 +99,7 @@ make %{?_smp_mflags}
 %install
 %make_install PREFIX=%{_prefix} prefix=%{_prefix} libdir=%{_libdir}
 rm -f %{buildroot}/%{_libdir}/libndpi.a
+rm -rf %{buildroot}/%{_sbindir}/ndpi
 
 %post   -n libndpi%{sover} -p /sbin/ldconfig
 %postun -n libndpi%{sover} -p /sbin/ldconfig

reproducible.patch

@@ -1,29 +0,0 @@
-https://github.com/ntop/nDPI/pull/662
-
-From e91123e17a6ebe2cb1f718aa3e44edb10b707779 Mon Sep 17 00:00:00 2001
-From: "Bernhard M. Wiedemann" <bwiedemann@suse.de>
-Date: Thu, 24 Jan 2019 14:21:06 +0100
-Subject: [PATCH] Use ChangeLog date instead of build date
-
-in order to make builds reproducible.
-See https://reproducible-builds.org/ for why this is good.
-
-This date call works with GNU date and BSD date.
-Also use UTC/gmtime to be independent of timezone.
----
- configure.seed | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.seed b/configure.seed
-index 1aa68f17..006e6d97 100644
---- a/configure.seed
-+++ b/configure.seed
-@@ -30,7 +30,7 @@ if test -d ".git"; then :
-      GIT_RELEASE="${PACKAGE_VERSION}-${GIT_NUM}-${GIT_TAG}"
- else
-      GIT_RELEASE="${PACKAGE_VERSION}"
--     GIT_DATE=`date`
-+     GIT_DATE=`date -u -r CHANGELOG.md`
- fi
- 
- AC_DEFINE_UNQUOTED(NDPI_GIT_RELEASE, "${GIT_RELEASE}", [GIT Release])