diff --git a/ndpi-2.8.tar.gz b/ndpi-2.8.tar.gz deleted file mode 100644 index 811b8ba..0000000 --- a/ndpi-2.8.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f98def4d0e43818317b20e2887ce500b2d6a5a9c8ddb28cf57ae51caae0f33cc -size 19754226 diff --git a/ndpi-3.0.tar.gz b/ndpi-3.0.tar.gz new file mode 100644 index 0000000..01bdc45 --- /dev/null +++ b/ndpi-3.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:69fb8003f00e9b9be3d06925398e15a83ac517cd155b6768f5f0e9342471c164 +size 26902734 diff --git a/ndpi-fix-build.patch b/ndpi-fix-build.patch deleted file mode 100644 index 1b56d3f..0000000 --- a/ndpi-fix-build.patch +++ /dev/null @@ -1,27 +0,0 @@ -Index: nDPI-2.6/Makefile.am -=================================================================== ---- nDPI-2.6.orig/Makefile.am -+++ nDPI-2.6/Makefile.am -@@ -1,7 +1,7 @@ - ACLOCAL_AMFLAGS = -I m4 - SUBDIRS = src/lib example tests - --pkgconfigdir = $(prefix)/libdata/pkgconfig -+pkgconfigdir = $(libdir)/pkgconfig - pkgconfig_DATA = libndpi.pc - - EXTRA_DIST = autogen.sh -Index: nDPI-2.6/src/lib/Makefile.in -=================================================================== ---- nDPI-2.6.orig/src/lib/Makefile.in -+++ nDPI-2.6/src/lib/Makefile.in -@@ -61,7 +61,7 @@ distclean: clean - install: $(NDPI_LIBS) - mkdir -p $(DESTDIR)$(libdir) - cp $(NDPI_LIBS) $(DESTDIR)$(libdir)/ -- ln -Ffs $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED) $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED_BASE) -- ln -Ffs $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED) $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED_BASE).$(NDPI_VERSION_MAJOR) -+ ln -Ffs $(NDPI_LIB_SHARED) $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED_BASE) -+ ln -Ffs $(NDPI_LIB_SHARED) $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED_BASE).$(NDPI_VERSION_MAJOR) - mkdir -p $(DESTDIR)$(includedir) - cp ../include/*.h $(DESTDIR)$(includedir) diff --git a/ndpi.changes b/ndpi.changes index 0ad11b5..7a4e024 100644 --- a/ndpi.changes +++ b/ndpi.changes @@ -1,3 +1,98 @@ +------------------------------------------------------------------- +Wed Dec 25 10:13:32 UTC 2019 - Martin Hauke + +- Drop not longer needed patches (fixed upstream) + * ndpi-fix-build.patch + * reproducible.patch +- Update to version 3.0 + New Features + * nDPI now reports the protocol ASAP even when specific fields + have not yet been dissected because such packets have not yet + been observed. This is important for inline applications that + can immediately act on traffic. Applications that need full + dissection need to call the new API function + ndpi_extra_dissection_possible() to check if metadata dissection + has been completely performed or if there is more to read before + declaring it completed. + * TLS (formerly identified as SSL in nDPI v2.x) is now dissected + more deeply, certificate validity is extracted as well + certificate SHA-1. + * nDPIreader can now export data in CSV format with option -C + * Implemented Sequence of Packet Length and Time (SPLT) and Byte + Distribution (BD) as specified by Cisco Joy + (https://github.com/cisco/joy). This allows malware activities + on encrypted TLS streams. + * Available as library and in ndpiReader with option -J + * Promoted usage of protocol categories rather than protocol + identifiers in order to classify protocols. This allows + application protocols to be clustered in families and thus better + managed by users/developers rather than using hundred of + protocols unknown to most of the people. + * Added Inter-Arrival Time (IAT) calculation used to detect + protocol misbehaviour (e.g. slow-DoS detection) + * Added data analysis features for computign metrics such as + entropy, average, stddev, variance on a single and consistent + place that will prevent when possible. This should ease traffic + analysis on monitoring/security applications. New API calls have + been implemented such as ndpi_data_XXX() to handle these + calculations. + * Initial release of Python bindings available under nDPI/python. + * Implemented search of human readable strings for promoting data + exfiltration detection + * Available as library and in ndpiReader with option -e + * Fingerprints + JA3 (https://github.com/salesforce/ja3) + HASSH (https://github.com/salesforce/hassh) + DHCP + * Implemented a library to serialize/deserialize data in both + Type-Length-Value (TLV) and JSON format + New Supported Protocols and Services + * DTLS (i.e. TLS over UDP) + * Hulu + * TikTok/Musical.ly + * WhatsApp Video + * DNSoverHTTPS + * Datasaver + * Line protocol + * Google Duo and Hangout merged + * WireGuard VPN + * IMO + * Zoom.us + Improvements + * TLS + + Organizations + + Ciphers + + Certificate analysis + * Added PUBLISH/SUBSCRIBE methods to SIP + * Implemented STUN cache to enhance matching of STUN-based protocols + * Dissection improvements + + Viber + + WhatsApp + + AmazonVideo + + SnapChat + + FTP + + QUIC + + OpenVPN support for UDP-based VPNs + + Facebook Messenger mobile + + Various improvements for STUN, Hangout and Duo + * Added new categories: + + CUSTOM_CATEGORY_ANTIMALWARE, + + NDPI_PROTOCOL_CATEGORY_MUSIC, + + NDPI_PROTOCOL_CATEGORY_VIDEO, + + NDPI_PROTOCOL_CATEGORY_SHOPPING, + + NDPI_PROTOCOL_CATEGORY_PRODUCTIVITY + + NDPI_PROTOCOL_CATEGORY_FILE_SHARING + * Added NDPI_PROTOCOL_DANGEROUS classification + Fixes + * Fixed the dissection of certain invalid DNS responses + * Fixed Spotify dissection + * Fixed false positives with FTP and FTP_DATA + * Fix to discard STUN over TCP flows + * Fixed MySQL dissector + * Fix category detection due to missing initialization + * Fix DNS rsp_addr missing in some tiny responses + * Various hardening fixes + ------------------------------------------------------------------- Wed Jun 5 04:03:31 UTC 2019 - Bernhard Wiedemann diff --git a/ndpi.spec b/ndpi.spec index ffa888a..df3218f 100644 --- a/ndpi.spec +++ b/ndpi.spec @@ -21,9 +21,9 @@ %bcond_without hyperscan %endif -%define sover 2 +%define sover 3 Name: ndpi -Version: 2.8 +Version: 3.0 Release: 0 Summary: Extensible deep packet inspection library # wireshark/ndpi.lua is GPL-3.0-or-later @@ -31,10 +31,6 @@ License: LGPL-3.0-only Group: Development/Libraries/C and C++ URL: https://github.com/ntop/nDPI Source: https://github.com/ntop/nDPI/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz -# FIXME: Upstream makefile is broken -Patch0: ndpi-fix-build.patch -# PATCH-FIX-UPSTREAM https://github.com/ntop/nDPI/pull/662 -Patch1: reproducible.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: gcc-c++ @@ -90,8 +86,6 @@ This package contains the ndpiReader binary. %prep %setup -q -n nDPI-%{version} -%patch0 -p1 -%patch1 -p1 %build sh autogen.sh @@ -105,6 +99,7 @@ make %{?_smp_mflags} %install %make_install PREFIX=%{_prefix} prefix=%{_prefix} libdir=%{_libdir} rm -f %{buildroot}/%{_libdir}/libndpi.a +rm -rf %{buildroot}/%{_sbindir}/ndpi %post -n libndpi%{sover} -p /sbin/ldconfig %postun -n libndpi%{sover} -p /sbin/ldconfig diff --git a/reproducible.patch b/reproducible.patch deleted file mode 100644 index 5dede33..0000000 --- a/reproducible.patch +++ /dev/null @@ -1,29 +0,0 @@ -https://github.com/ntop/nDPI/pull/662 - -From e91123e17a6ebe2cb1f718aa3e44edb10b707779 Mon Sep 17 00:00:00 2001 -From: "Bernhard M. Wiedemann" -Date: Thu, 24 Jan 2019 14:21:06 +0100 -Subject: [PATCH] Use ChangeLog date instead of build date - -in order to make builds reproducible. -See https://reproducible-builds.org/ for why this is good. - -This date call works with GNU date and BSD date. -Also use UTC/gmtime to be independent of timezone. ---- - configure.seed | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure.seed b/configure.seed -index 1aa68f17..006e6d97 100644 ---- a/configure.seed -+++ b/configure.seed -@@ -30,7 +30,7 @@ if test -d ".git"; then : - GIT_RELEASE="${PACKAGE_VERSION}-${GIT_NUM}-${GIT_TAG}" - else - GIT_RELEASE="${PACKAGE_VERSION}" -- GIT_DATE=`date` -+ GIT_DATE=`date -u -r CHANGELOG.md` - fi - - AC_DEFINE_UNQUOTED(NDPI_GIT_RELEASE, "${GIT_RELEASE}", [GIT Release])