Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock package ntop
The new version fixes 3 RC bugs:
- #700442: remove the code handling IP fragments. It was buggy and
causing a security risk.
- #695424: removes an old incompatible license text
- #695422: disables openssl via compile-time flag (incompatible with
the GPL libgdbm)
unblock ntop/3:4.99.3+ndpi5517+dfsg3-1
-- System Information:
Debian Release: 7.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru ntop-4.99.3+ndpi5517+dfsg2/debian/changelog
ntop-4.99.3+ndpi5517+dfsg3/debian/changelog
--- ntop-4.99.3+ndpi5517+dfsg2/debian/changelog 2013-02-18 05:07:43.000000000
-0800
+++ ntop-4.99.3+ndpi5517+dfsg3/debian/changelog 2013-02-28 23:30:23.000000000
-0800
@@ -1,3 +1,12 @@
+ntop (3:4.99.3+ndpi5517+dfsg3-1) unstable; urgency=high
+
+ * Repackage source removing stale license notice from protocls.c
+ (Closes: #695424).
+ * Remove IP fragment handling code (Closes: #700442).
+ * Disable OpenSSL (thanks to Giovanni Rapagnani, Closes: #695422).
+
+ -- Ludovico Cavedon <cave...@debian.org> Thu, 28 Feb 2013 23:23:02 -0800
+
ntop (3:4.99.3+ndpi5517+dfsg2-1) unstable; urgency=medium
* Repackage upstream source replacing non-DFSG countmin code with the GPL
diff -Nru ntop-4.99.3+ndpi5517+dfsg2/debian/copyright
ntop-4.99.3+ndpi5517+dfsg3/debian/copyright
--- ntop-4.99.3+ndpi5517+dfsg2/debian/copyright 2013-02-18 05:07:43.000000000
-0800
+++ ntop-4.99.3+ndpi5517+dfsg3/debian/copyright 2013-02-28 23:30:23.000000000
-0800
@@ -37,26 +37,6 @@
1991-1999, Free Software Foundation, Inc.
License: GPL-2+
-Files: protocols.c
-Copyright: 2003-2010, Luca Deri <d...@ntop.org>
- 1994-1996, The Regents of the University of California
-License: GPL-2+ and BSD-4-clause
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that: (1) source code distributions
- retain the above copyright notice and this paragraph in its entirety, (2)
- distributions including binary code include the above copyright notice and
- this paragraph in its entirety in the documentation or other materials
- provided with the distribution, and (3) all advertising materials mentioning
- features or use of this software display the following acknowledgement:
- ``This product includes software developed by the University of California,
- Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
- the University nor the names of its contributors may be used to endorse
- or promote products derived from this software without specific prior
- written permission.
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
- WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-
Files: countmin.h countmin.c prng.h prng.c
Copyright: 2003-2004, 2010, 2012, G. Cormode
License: GPL-2+
diff -Nru ntop-4.99.3+ndpi5517+dfsg2/debian/get-orig-source.sh
ntop-4.99.3+ndpi5517+dfsg3/debian/get-orig-source.sh
--- ntop-4.99.3+ndpi5517+dfsg2/debian/get-orig-source.sh 2013-02-18
05:07:43.000000000 -0800
+++ ntop-4.99.3+ndpi5517+dfsg3/debian/get-orig-source.sh 2013-02-28
23:30:23.000000000 -0800
@@ -39,6 +39,13 @@
wq
EOF
+ # remove old and incorrect license statement from protocols.c
+ ed ntop-$UPSTREAM_DIR/protocols.c > /dev/null <<EOF
+/The Regents of the University of California. All rights reserved.
+?/\*?,/\*\//d
+wq
+EOF
+
mv ntop-$UPSTREAM_DIR ntop-$DEB_SOURCE_VERSION
cd ntop-$DEB_SOURCE_VERSION
diff -Nru
ntop-4.99.3+ndpi5517+dfsg2/debian/patches/remove-fragment-handling.patch
ntop-4.99.3+ndpi5517+dfsg3/debian/patches/remove-fragment-handling.patch
--- ntop-4.99.3+ndpi5517+dfsg2/debian/patches/remove-fragment-handling.patch
1969-12-31 16:00:00.000000000 -0800
+++ ntop-4.99.3+ndpi5517+dfsg3/debian/patches/remove-fragment-handling.patch
2013-02-28 23:30:23.000000000 -0800
@@ -0,0 +1,473 @@
+Description: Remove IP fragment handling code
+Author: Ludovico Cavedon <cave...@debian.org>
+Origin: https://svn.ntop.org/svn/ntop/trunk/ntop, commit:5629
+Bug-Debian: http://bugs.debian.org/700442
+
+Index: ntop/initialize.c
+===================================================================
+--- ntop.orig/initialize.c 2012-11-30 00:34:29.909618091 -0800
++++ ntop/initialize.c 2013-02-24 23:10:11.543717767 -0800
+@@ -356,8 +356,6 @@
+ myGlobals.device[i].sessions = (IPSession**)calloc(sizeof(IPSession*),
MAX_TOT_NUM_SESSIONS);
+ } else
+ myGlobals.device[i].sessions = NULL;
+-
+- myGlobals.device[i].fragmentList = NULL;
+ }
+
+ myGlobals.hashCollisionsLookup = 0;
+Index: ntop/ip.c
+===================================================================
+--- ntop.orig/ip.c 2013-02-24 23:04:13.296300107 -0800
++++ ntop/ip.c 2013-02-24 23:08:26.902729699 -0800
+@@ -30,256 +30,6 @@
+
+ /* ***************************************** */
+
+-/* *****************************************
+- *
+- * Fragment handling code courtesy of
+- * Andreas Pfaller <apfal...@yahoo.com.au>
+- *
+- * NOTE:
+- * the code below has a small (neglictable) limitation
+- * as described below.
+- *
+- * Subject: ntop 1.3.2: Fragment handling
+- * Date: Mon, 7 Aug 2000 16:05:45 +0200
+- * From: a.pfal...@pop.gun.de (Andreas Pfaller)
+- * To: l.d...@tecsiel.it (Luca Deri)
+- *
+- * I have also had a look at the code you added to handle
+- * overlapping fragments. It again assumes specific package
+- * ordering (either 1,2,..,n or n,n-1,..,1) which the IP protocol
+- * does not guarantee. The above assumptions are probably true
+- * for most users but in some setups they are nearly never true.
+- * Consider two host connected by multiple network cards
+- *
+- * e.g.:
+- * +--------+ eth0 eth0 +--------+
+- * | |-------------------| |
+- * | HOST A | | HOST B |
+- * | |-------------------| |
+- * +--------+ eth1 eth1 +--------+
+- *
+- * which distribute traffic on this interfaces to achive better
+- * throughput (Called bonding in Linux, Etherchannel by Cisco or
+- * trunking by Sun). A simple algorithm simple uses the interfaces
+- * in a cyclic way. Since packets are not always the same length
+- * or the interfaces my have different speeds more complicated
+- * ones use other methods to try to achive maximum throughput.
+- * In such an environment you have very high probability for
+- * out of order packets.
+- *
+- * ***************************************** */
+-
+-#ifdef FRAGMENT_DEBUG
+-static void dumpFragmentData(IpFragment *fragment) {
+- printf("FRAGMENT_DEBUG: IPFragment: (%p)\n", fragment);
+- printf(" %s:%d->%s:%d\n",
+- fragment->src->hostResolvedName, fragment->sport,
+- fragment->dest->hostResolvedName, fragment->dport);
+- printf(" FragmentId=%d\n", fragment->fragmentId);
+- printf(" lastOffset=%d, totalPacketLength=%d\n",
+- fragment->lastOffset, fragment->totalPacketLength);
+- printf(" totalDataLength=%d,
expectedDataLength=%d\n",
+- fragment->totalDataLength, fragment->expectedDataLength);
+- fflush(stdout);
+-}
+-#endif
+-
+-/* ************************************ */
+-
+-static IpFragment *searchFragment(HostTraffic *srcHost,
+- HostTraffic *dstHost,
+- u_int fragmentId,
+- int actualDeviceId) {
+- IpFragment *fragment = myGlobals.device[actualDeviceId].fragmentList;
+-
+- while ((fragment != NULL)
+- && ((fragment->src != srcHost)
+- || (fragment->dest != dstHost)
+- || (fragment->fragmentId != fragmentId)))
+- fragment = fragment->next;
+-
+- return(fragment);
+-}
+-
+-/* ************************************ */
+-
+-void deleteFragment(IpFragment *fragment, int actualDeviceId) {
+-
+- if(fragment->prev == NULL)
+- myGlobals.device[actualDeviceId].fragmentList = fragment->next;
+- else
+- fragment->prev->next = fragment->next;
+-
+- free(fragment);
+- myGlobals.num_queued_fragments--;
+-}
+-
+-/* ************************************ */
+-
+-/* Courtesy of Andreas Pfaller <apfal...@yahoo.com.au> */
+-static void checkFragmentOverlap(HostTraffic *srcHost,
+- HostTraffic *dstHost,
+- IpFragment *fragment,
+- u_int fragmentOffset,
+- u_int dataLength,
+- int actualDeviceId,
+- const struct pcap_pkthdr *h, const u_char *p) {
+- if(fragment->fragmentOrder == FLAG_UNKNOWN_FRAGMENT_ORDER) {
+- if(fragment->lastOffset > fragmentOffset)
+- fragment->fragmentOrder = FLAG_DECREASING_FRAGMENT_ORDER;
+- else
+- fragment->fragmentOrder = FLAG_INCREASING_FRAGMENT_ORDER;
+- }
+-
+- if((fragment->fragmentOrder == FLAG_INCREASING_FRAGMENT_ORDER
+- && fragment->lastOffset+fragment->lastDataLength > fragmentOffset)
+- ||
+- (fragment->fragmentOrder == FLAG_DECREASING_FRAGMENT_ORDER
+- && fragment->lastOffset < fragmentOffset+dataLength)) {
+- if(myGlobals.runningPref.enableSuspiciousPacketDump) {
+- char buf[LEN_GENERAL_WORK_BUFFER];
+- safe_snprintf(__FILE__, __LINE__, buf, LEN_GENERAL_WORK_BUFFER,
+- "Detected overlapping packet fragment [%s->%s]: "
+- "fragment id=%d, actual offset=%d, previous offset=%d\n",
+- fragment->src->hostResolvedName,
+- fragment->dest->hostResolvedName,
+- fragment->fragmentId, fragmentOffset,
+- fragment->lastOffset);
+-
+- dumpSuspiciousPacket(actualDeviceId, h, p);
+- }
+-
+- allocateSecurityHostPkts(fragment->src);
allocateSecurityHostPkts(fragment->dest);
+-
incrementUsageCounter(&fragment->src->secHostPkts->overlappingFragmentSent,
+- dstHost, actualDeviceId);
+-
incrementUsageCounter(&fragment->dest->secHostPkts->overlappingFragmentRcvd,
+- srcHost, actualDeviceId);
+-
incrementTrafficCounter(&myGlobals.device[actualDeviceId].securityPkts.overlappingFragment,
1);
+- }
+-}
+-
+-/* ************************************ */
+-
+-static u_int handleFragment(HostTraffic *srcHost,
+- HostTraffic *dstHost,
+- u_short *sport,
+- u_short *dport,
+- u_int fragmentId,
+- u_int off,
+- u_int packetLength,
+- u_int dataLength,
+- int actualDeviceId,
+- const struct pcap_pkthdr *h, const u_char *p) {
+- IpFragment *fragment;
+- u_int fragmentOffset, length;
+-
+- if(!myGlobals.enableFragmentHandling)
+- return(0);
+-
+- accessMutex(&myGlobals.fragmentMutex, "handleFragment");
+-
+- fragmentOffset = (off & 0x1FFF)*8;
+-
+- fragment = searchFragment(srcHost, dstHost, fragmentId, actualDeviceId);
+-
+- if(fragment == NULL) {
+- /* new fragment */
+- fragment = (IpFragment*)calloc(1, sizeof(IpFragment));
+- if(fragment == NULL) return(0); /* out of memory, not much we can do */
+- memset(fragment, 0, sizeof(IpFragment));
+- fragment->src = srcHost, fragment->dest = dstHost;
+- fragment->fragmentId = fragmentId, fragment->firstSeen =
myGlobals.actTime;
+- fragment->fragmentOrder = FLAG_UNKNOWN_FRAGMENT_ORDER;
+- fragment->next = myGlobals.device[actualDeviceId].fragmentList,
fragment->prev = NULL;
+- if(fragment->next) fragment->next->prev = fragment;
+- myGlobals.device[actualDeviceId].fragmentList = fragment;
+- myGlobals.num_queued_fragments++;
+- } else
+- checkFragmentOverlap(srcHost, dstHost, fragment,
+- fragmentOffset, dataLength,
+- actualDeviceId, h, p);
+-
+- fragment->lastOffset = fragmentOffset;
+- fragment->totalPacketLength += packetLength;
+- fragment->totalDataLength += dataLength;
+- fragment->lastDataLength = dataLength;
+-
+- if(fragmentOffset == 0) {
+- /* first fragment contains port numbers */
+- fragment->sport = *sport;
+- fragment->dport = *dport;
+- } else if(!(off & IP_MF)) /* last fragment->we know the total data size */
+- fragment->expectedDataLength = fragmentOffset+dataLength;
+-
+-#ifdef FRAGMENT_DEBUG
+- dumpFragmentData(fragment);
+-#endif
+-
+- /* Now check if we have all the data needed for the statistics */
+- if((fragment->sport != 0) && (fragment->dport != 0) /* first fragment rcvd
*/
+- /* last fragment rcvd */
+- && (fragment->expectedDataLength != 0)
+- /* probably all fragments rcvd */
+- && (fragment->totalDataLength >= fragment->expectedDataLength)) {
+- *sport = fragment->sport;
+- *dport = fragment->dport;
+- length = fragment->totalPacketLength;
+- deleteFragment(fragment, actualDeviceId);
+- } else {
+- *sport = 0;
+- *dport = 0;
+- length = 0;
+- }
+-
+- releaseMutex(&myGlobals.fragmentMutex);
+-
+- return length;
+-}
+-
+-/* ************************************ */
+-
+-void purgeOldFragmentEntries(int actualDeviceId) {
+- IpFragment *fragment, *next;
+-#ifdef FRAGMENT_DEBUG
+- u_int fragcnt=0, expcnt=0;
+-#endif
+-
+- accessMutex(&myGlobals.fragmentMutex, "purgeOldFragmentEntries");
+-
+- fragment = myGlobals.device[actualDeviceId].fragmentList;
+-
+- while(fragment != NULL) {
+-#ifdef FRAGMENT_DEBUG
+- fragcnt++;
+-#endif
+- next = fragment->next;
+- if((fragment->firstSeen + 30 /* sec */) < myGlobals.actTime) {
+-#ifdef FRAGMENT_DEBUG
+- expcnt++;
+- dumpFragmentData(fragment);
+-#endif
+-
+- if(fragment->prev) fragment->prev = next;
+- if(next) next->prev = fragment->prev;
+-
+- deleteFragment(fragment, actualDeviceId);
+- }
+-
+- fragment = next;
+- }
+-
+- releaseMutex(&myGlobals.fragmentMutex);
+-
+-#ifdef FRAGMENT_DEBUG
+- if(fragcnt) {
+- printf("FRAGMENT_DEBUG: fragcnt=%d, expcnt=%d\n", fragcnt, expcnt);
+- fflush(stdout);
+- }
+-#endif
+-}
+-
+-/* ************************************ */
+-
+ /*
+ Fingerprint code courtesy of ettercap
+ http://ettercap.sourceforge.net
+@@ -728,25 +478,6 @@
+ sport = ntohs(tp.th_sport);
+ dport = ntohs(tp.th_dport);
+
+- /*
+- Don't move this code on top as it is supposed to stay here
+- as it modifies sport/sport
+-
+- Courtesy of Andreas Pfaller
+- */
+- if(myGlobals.enableFragmentHandling && (fragmented)) {
+- /* Handle fragmented packets */
+- if(ip6)
+- length = handleFragment(srcHost, dstHost, &sport, &dport,
+- (u_short)(ip6->ip6_flow & 0xffff),fragmented,
+- length,ntohs(ip6->ip6_plen),
+- actualDeviceId, h, p);
+- else
+- length = handleFragment(srcHost, dstHost, &sport, &dport,
+- ntohs(ip.ip_id), off, length,
+- ip_len - hlen, actualDeviceId, h, p);
+- }
+-
+ if(srcHost->fingerprint == NULL) {
+ char fingerprint[64] = { 0 } ;
+ int WIN=0, MSS=-1, WS=-1, S=0, N=0, D=0, T=0;
+@@ -1056,24 +787,6 @@
+ }
+ }
+
+- /*
+- Don't move this code on top as it is supposed to stay here
+- as it modifies sport/sport
+-
+- Courtesy of Andreas Pfaller
+- */
+- if(myGlobals.enableFragmentHandling && (fragmented)) {
+- /* Handle fragmented packets */
+- if(ip6)
+- length = handleFragment(srcHost, dstHost, &sport, &dport,
+- (u_short)(ip6->ip6_flow & 0xffff),
fragmented, length,
+- ntohs(ip6->ip6_plen), actualDeviceId, h, p);
+- else
+- length = handleFragment(srcHost, dstHost, &sport, &dport,
+- ntohs(ip.ip_id), off, length,
+- ip_len - hlen, actualDeviceId, h, p);
+- }
+-
+ if((sport > 0) || (dport > 0)) {
+ updateInterfacePorts(actualDeviceId, sport, dport, length);
+ updateUsedPorts(srcHost, dstHost, sport, dport, udpDataLength);
+Index: ntop/webInterface.c
+===================================================================
+--- ntop.orig/webInterface.c 2013-02-24 23:11:15.048316261 -0800
++++ ntop/webInterface.c 2013-02-24 23:11:33.276487868 -0800
+@@ -6391,8 +6391,6 @@
+
+ printFeatureConfigInfo(textPrintFlag, "Protocol Decoders",
+ pref->enablePacketDecoding == 1 ? "Enabled" :
"Disabled");
+- printFeatureConfigInfo(textPrintFlag, "Fragment Handling",
+- myGlobals.enableFragmentHandling == 1 ? "Enabled" :
"Disabled");
+ printFeatureConfigInfo(textPrintFlag, "Tracking only local hosts",
+ pref->trackOnlyLocalHosts == 1 ? "Yes" : "No");
+ safe_snprintf(__FILE__, __LINE__, buf, sizeof(buf), "%d",
+@@ -6911,10 +6909,6 @@
+
+ /* **** */
+
+- printInfoSectionTitle(textPrintFlag, "Fragments Handling");
+- safe_snprintf(__FILE__, __LINE__, buf, sizeof(buf), "%u",
myGlobals.num_queued_fragments);
+- printFeatureConfigInfo(textPrintFlag, "Queued Fragments", buf);
+-
+ printInfoSectionTitle(textPrintFlag, "----- Address Resolution -----");
+
+ printInfoSectionTitle(textPrintFlag, "DNS Sniffing (other hosts requests)");
+Index: ntop/globals-core.c
+===================================================================
+--- ntop.orig/globals-core.c 2013-02-18 04:53:17.716460658 -0800
++++ ntop/globals-core.c 2013-02-24 23:16:56.751522248 -0800
+@@ -166,9 +166,6 @@
+ myGlobals.checkVersionStatus = FLAG_CHECKVERSION_NOTCHECKED;
+ myGlobals.checkVersionStatusAgain = 1;
+
+- /* Other flags (to be set via command line options one day) */
+- myGlobals.enableFragmentHandling = 1;
+-
+ /* Search paths */
+ myGlobals.dataFileDirs = _dataFileDirs;
+ myGlobals.pluginDirs = _pluginDirs;
+@@ -214,7 +211,6 @@
+ myGlobals.runningPref.sslPort = 0; /* Disabled by default: enabled via -W */
+ #endif
+
+- myGlobals.num_queued_fragments = 0;
+ myGlobals.dnsSniffCount = 0;
+ myGlobals.dnsSniffRequestCount = 0;
+ myGlobals.dnsSniffFailedCount = 0;
+@@ -297,7 +293,6 @@
+ createMutex(&myGlobals.purgeMutex); /* synchronize purging */
+ createMutex(&myGlobals.securityItemsMutex);
+ createMutex(&myGlobals.hostsHashLockMutex);
+- createMutex(&myGlobals.fragmentMutex);
+
+ createMutex(&myGlobals.serialLockMutex); /* Serial host locking */
+
+Index: ntop/globals-core.h
+===================================================================
+--- ntop.orig/globals-core.h 2013-02-18 04:53:17.716460658 -0800
++++ ntop/globals-core.h 2013-02-24 23:17:23.975776667 -0800
+@@ -399,8 +399,6 @@
+ u_char *ether_dst,
+ int actualDeviceId,
+ int vlanId);
+-extern void deleteFragment(IpFragment *fragment, int actualDeviceId);
+-extern void purgeOldFragmentEntries(int actualDeviceId);
+
+ /* pbuf.c */
+ extern void allocateSecurityHostPkts(HostTraffic *srcHost);
+Index: ntop/globals-structtypes.h
+===================================================================
+--- ntop.orig/globals-structtypes.h 2013-02-18 04:53:17.720460687 -0800
++++ ntop/globals-structtypes.h 2013-02-24 23:16:21.791195306 -0800
+@@ -1438,7 +1438,6 @@
+
+ /* ************************** */
+
+- IpFragment *fragmentList;
+ IPSession **sessions;
+ u_int numSessions, maxNumSessions;
+
+@@ -1910,8 +1909,6 @@
+ char *dbPath; /* 'P' */
+ char *spoolPath; /* 'Q' */
+ struct fileList *pcap_file_list; /* --pcap-file-list */
+- /* Other flags (these could set via command line options one day) */
+- bool enableFragmentHandling;
+
+ HostsDisplayPolicy hostsDisplayPolicy;
+ LocalityDisplayPolicy localityDisplayPolicy;
+@@ -1959,10 +1956,6 @@
+ */
+ PthreadMutex purgeMutex;
+
+- /* Fragments */
+- u_int num_queued_fragments;
+- PthreadMutex fragmentMutex;
+-
+ /*
+ * HTS - Host Traffic Statistics
+ */
+Index: ntop/hash.c
+===================================================================
+--- ntop.orig/hash.c 2012-11-30 00:34:29.869618288 -0800
++++ ntop/hash.c 2013-02-24 23:18:14.024244031 -0800
+@@ -398,8 +398,6 @@
+ myGlobals.piMem = (u_int)(maxHosts*sizeof(HostTraffic*));
+ theFlaggedHosts = (HostTraffic**)calloc(1, myGlobals.piMem);
+
+- purgeOldFragmentEntries(actDevice); /* let's do this too */
+-
+ #ifdef IDLE_PURGE_DEBUG
+ traceEvent(CONST_TRACE_INFO, "IDLE_PURGE_DEBUG:
accessMutex(purgeMutex)...calling");
+ #endif
+Index: ntop/ntop.c
+===================================================================
+--- ntop.orig/ntop.c 2012-11-30 00:34:29.941617926 -0800
++++ ntop/ntop.c 2013-02-24 23:17:40.495931031 -0800
+@@ -1030,12 +1030,6 @@
+ for(i=0; i<myGlobals.numDevices; i++) {
+ freeHostInstances(i);
+ freeDeviceSessions(i);
+-
+- while(myGlobals.device[i].fragmentList != NULL) {
+- IpFragment *fragment = myGlobals.device[i].fragmentList->next;
+- free(myGlobals.device[i].fragmentList);
+- myGlobals.device[i].fragmentList = fragment;
+- }
+ }
+
+ freeHostInfo(myGlobals.broadcastEntry, 0); myGlobals.broadcastEntry = NULL;
+Index: ntop/term.c
+===================================================================
+--- ntop.orig/term.c 2012-11-30 00:34:29.961617827 -0800
++++ ntop/term.c 2013-02-24 23:18:06.148170547 -0800
+@@ -76,9 +76,6 @@
+ }
+
+ myGlobals.device[j].numSessions = 0;
+-
+- while(myGlobals.device[j].fragmentList != NULL)
+- deleteFragment(myGlobals.device[j].fragmentList, j);
+ }
+ }
+
diff -Nru ntop-4.99.3+ndpi5517+dfsg2/debian/patches/series
ntop-4.99.3+ndpi5517+dfsg3/debian/patches/series
--- ntop-4.99.3+ndpi5517+dfsg2/debian/patches/series 2013-02-18
05:07:43.000000000 -0800
+++ ntop-4.99.3+ndpi5517+dfsg3/debian/patches/series 2013-02-28
23:30:23.000000000 -0800
@@ -12,3 +12,4 @@
tcp-option-parsing.patch
l7_major_proto-fix.patch
install-jqplot.patch
+remove-fragment-handling.patch
diff -Nru ntop-4.99.3+ndpi5517+dfsg2/protocols.c
ntop-4.99.3+ndpi5517+dfsg3/protocols.c
--- ntop-4.99.3+ndpi5517+dfsg2/protocols.c 2012-01-08 09:26:42.000000000
-0800
+++ ntop-4.99.3+ndpi5517+dfsg3/protocols.c 2013-02-24 22:22:42.000000000
-0800
@@ -18,26 +18,6 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
-/*
- * Copyright (c) 1994, 1996
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that: (1) source code distributions
- * retain the above copyright notice and this paragraph in its entirety, (2)
- * distributions including binary code include the above copyright notice and
- * this paragraph in its entirety in the documentation or other materials
- * provided with the distribution, and (3) all advertising materials mentioning
- * features or use of this software display the following acknowledgement:
- * ``This product includes software developed by the University of California,
- * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
- * the University nor the names of its contributors may be used to endorse
- * or promote products derived from this software without specific prior
- * written permission.
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
- * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
#include "ntop.h"
