Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild

Generate ethercodes.dat from latest oui.csv
Update to 3.9 (close RHBZ#2406123)
2026-01-16 03:56:08 +00:00 · 2025-12-11 07:07:44 +00:00 · 2025-10-23 23:37:22 +01:00 · 2025-10-23 23:21:46 +01:00 · 2025-10-11 07:04:34 +01:00 · 2025-09-13 07:14:57 +01:00
41 changed files with 39771 additions and 21360 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,11 @@
 /arpwatch-2.1a15.tar.gz
 /ethercodes-20110707.dat.bz2
 /arpwatch-3.1.tar.gz
 /arpwatch-3.2.tar.gz
 /arpwatch-3.3.tar.gz
 /arpwatch-3.4.tar.gz
 /arpwatch-3.5.tar.gz
 /arpwatch-3.6.tar.gz
 /arpwatch-3.7.tar.gz
 /arpwatch-3.8.tar.gz
 /arpwatch-3.9.tar.gz
--- a/arp2ethers.8
+++ b/arp2ethers.8
@ -0,0 +1,53 @@
 .Dd 8 November 2020
 .Dt ARP2ETHERS 8
 .Sh NAME
 .Nm arp2ethers
 .Nd convert arpwatch address database to ethers file format
 .Sh SYNOPSIS
 .Nm
 .Sh DESCRIPTION
 .Nm
 converts file
 .Ar arp.dat
 in the current directory into
 .Xr ethers 5
 format on
 .Ar stdout .
 Usually
 .Ar arp.dat
 is an ethernet/ip database file generated by
 .Xr arpwatch 8 .
 The
 .Xr arpwatch 8
 daemon will create different
 .Ar arp.dat
 depending on its configuration, i.e., the
 .Fl f
 flag.
 All of them will be available at
 .Ar /var/lib/arpwatch .
 .Sh FILES
 .Bl -tag -width ".Pa /var/lib/arpwatch" -compact
 .It Pa /var/lib/arpwatch
 default directory
 .It Pa arp.dat
 default ethernet/ip address database
 .Sh "SEE ALSO"
 .Xr arpwatch 8 ,
 .Xr ethers 5 ,
 .Xr rarp 8 ,
 .Xr arp 8
 .Sh AUTHORS
 .An Craig Leres
 of the Lawrence Berkeley National Laboratory Network Research Group,
 University of California, Berkeley, CA.
 .Pp
 The current version is available via anonymous ftp:
 .Pp
 .Dl Ar ftp://ftp.ee.lbl.gov/arpwatch.tar.gz
 .Pp
 This manual page was contributed by Hugo Graumann and modified by Benjamin
 Beasley.
 .Sh BUGS
 Please send bug reports to
 .Aq arpwatch@ee.lbl.gov .
--- a/arpwatch-2.1a10-man.patch
+++ b/arpwatch-2.1a10-man.patch
@ -1,33 +0,0 @@
 diff -uNr arpwatch-2.1a10/arpsnmp.8 arpwatch-2.1a10.man/arpsnmp.8
 --- arpwatch-2.1a10/arpsnmp.8	Sun Sep 17 23:34:48 2000
 +++ arpwatch-2.1a10.man/arpsnmp.8	Sun Dec 31 02:00:54 2000
@@ -41,7 +41,7 @@
 and reports certain changes via email.
 .B Arpsnmp
 reads information from a file (usually generated by
 -.BR snmpwalk (8)).
 +.BR snmpwalk (1)).
 .LP
 The
 .B -d
@@ -62,9 +62,9 @@
 .LP
 .SH "REPORT MESSAGES"
 (See the
 -.BR arpwatch (1)
 +.BR arpwatch (8)
 man page for details on the report messages generated by
 -.BR arpsnmp (1).)
 +.BR arpsnmp (8).)
 .SH FILES
 .na
 .nh
@@ -79,7 +79,7 @@
 .na
 .nh
 .BR arpwatch (8),
 -.BR snmpwalk (8),
 +.BR snmpwalk (1),
 .BR arp (8)
 .ad
 .hy
--- a/arpwatch-2.1a15-bogon.patch
+++ b/arpwatch-2.1a15-bogon.patch
@ -1,20 +0,0 @@
 --- arpwatch-2.1a15/arpwatch.c.bogon	2007-08-09 13:53:47.000000000 +0200
 +++ arpwatch-2.1a15/arpwatch.c	2007-08-09 13:58:17.000000000 +0200
@@ -730,11 +730,12 @@ addnet(register const char *str)
 	/* XXX hack */
 	n = ntohl(inet_addr(tstr));
 -	while ((n & 0xff000000) == 0) {
 -		n <<= 8;
 -		if (n == 0)
 -			return (0);
 -	}
 +	if (n || width != 32)
 +		while ((n & 0xff000000) == 0) {
 +			n <<= 8;
 +			if (n == 0)
 +				return (0);
 +		}
 	n = htonl(n);
 	if (width != 0) {
--- a/arpwatch-2.1a15-buffer-overflow-bz1563939.patch
+++ b/arpwatch-2.1a15-buffer-overflow-bz1563939.patch
@ -1,44 +0,0 @@
 From arpwatch 3.1, backport the fix for the potentially-exploitable buffer
 overflow reported in https://bugzilla.redhat.com/show_bug.cgi?id=1563939.
 Increase the length of the h field of struct einfo to 64 (63 bytes for a DNS
 name part, and one byte for a null terminator); then, use strncpy() plus
 explicit null termination to ensure that we truncate a longer hostname if we
 manage to get one, without either overflowing the buffer or having an
 unterminated string.
 diff -Naur arpwatch-2.1a15.original/db.c arpwatch-2.1a15/db.c
 --- arpwatch-2.1a15.original/db.c	2000-09-30 19:39:58.000000000 -0400
 +++ arpwatch-2.1a15/db.c	2020-10-27 12:50:49.803957083 -0400
@@ -62,7 +62,7 @@
 /* Ethernet info */
 struct einfo {
 	u_char e[6];		/* ether address */
 -	char h[34];		/* simple hostname */
 +	char h[64];		/* simple hostname */
 	time_t t;		/* timestamp */
 };
@@ -283,8 +283,10 @@
 	BCOPY(e, ep->e, 6);
 	if (h == NULL && !initializing)
 		h = getsname(a);
 -	if (h != NULL && !isdigit((int)*h))
 -		strcpy(ep->h, h);
 +	if (h != NULL && !isdigit((int)*h)) {
 +	        strncpy(ep->h, h, sizeof(ep->h));
 +	        ep->h[sizeof(ep->h) - 1] = '\0';
 +	}
 	ep->t = t;
 	return (ep);
 }
@@ -304,7 +306,8 @@
 	if (!isdigit((int)*h) && strcmp(h, ep->h) != 0) {
 		syslog(LOG_INFO, "hostname changed %s %s %s -> %s",
 		    intoa(ap->a), e2str(ep->e), ep->h, h);
 -		strcpy(ep->h, h);
 +		strncpy(ep->h, h, sizeof(ep->h));
 +		ep->h[sizeof(ep->h) - 1] = '\0';
 	}
 }
--- a/arpwatch-2.1a15-devlookup.patch
+++ b/arpwatch-2.1a15-devlookup.patch
@ -1,118 +0,0 @@
 --- arpwatch-2.1a15-dist/arpwatch.c	2012-07-23 09:55:35.832458313 +0200
 +++ arpwatch-2.1a15-new/arpwatch.c	2012-07-24 11:36:59.013953071 +0200
@@ -161,15 +161,63 @@ void dropprivileges(const char* user)
 	syslog(LOG_DEBUG, "Running as uid=%d gid=%d", getuid(), getgid());
 }
 +char *
 +get_first_dev(pcap_t **pd, int *linktype, char *errbuf)
 +{
 +	static char interface[IF_NAMESIZE + 1];
 +	register int snaplen, timeout;
 +	pcap_if_t *alldevs;
 +	pcap_if_t *dev;
 +	char *ret = NULL;
 +
 +	snaplen = max(sizeof(struct ether_header),
 +				  sizeof(struct fddi_header)) + sizeof(struct ether_arp);
 +	timeout = 1000;
 +
 +	if (pcap_findalldevs(&alldevs, errbuf) == -1) {
 +		(void)fprintf(stderr, "%s: lookup_device: %s\n",
 +					  prog, errbuf);
 +		exit(1);
 +	}
 +
 +	for (dev = alldevs; dev; dev = dev->next) {
 +		strncpy(interface, dev->name, strlen(dev->name)+1);
 +
 +		*pd = pcap_open_live(interface, snaplen, 1, timeout, errbuf);
 +		if (*pd == NULL) {
 +			syslog(LOG_ERR, "pcap open %s: %s, trying next...", interface, errbuf);
 +			continue;
 +			/* exit(1); */
 +		}
 +
 +		*linktype = pcap_datalink(*pd);
 +		/* Must be ethernet or fddi */
 +		if (*linktype != DLT_EN10MB && *linktype != DLT_FDDI) {
 +			syslog(LOG_ERR, "(%s) Link layer type %d not ethernet or fddi, trying next...",
 +				   interface, *linktype);
 +			pcap_close(*pd);
 +		}
 +		else {
 +			/* First match, use it */
 +			ret = interface;
 +			break;
 +		}
 +
 +	}
 +	pcap_freealldevs(alldevs);
 +	return (ret);
 +}
 +
 int
 main(int argc, char **argv)
 {
 	register char *cp;
 -	register int op, pid, snaplen, timeout, linktype, status;
 +	register int op, pid, status;
 +	int linktype;
 #ifdef TIOCNOTTY
 	register int fd;
 #endif
 -	register pcap_t *pd;
 +	pcap_t *pd;
 	register char *interface, *rfilename;
 	struct bpf_program code;
 	char errbuf[PCAP_ERRBUF_SIZE];
@@ -189,6 +237,7 @@ main(int argc, char **argv)
 	opterr = 0;
 	interface = NULL;
 +	linktype = -1;
 	rfilename = NULL;
 	pd = NULL;
 	while ((op = getopt(argc, argv, "df:i:n:Nr:u:e:s:")) != EOF)
@@ -264,11 +313,12 @@ main(int argc, char **argv)
 		net = 0;
 		netmask = 0;
 	} else {
 +
 		/* Determine interface if not specified */
 		if (interface == NULL &&
 -		    (interface = pcap_lookupdev(errbuf)) == NULL) {
 -			(void)fprintf(stderr, "%s: lookup_device: %s\n",
 -			    prog, errbuf);
 +			(interface = get_first_dev(&pd, &linktype, errbuf)) == NULL) {
 +			(void)fprintf(stderr, "%s: lookup_device: no suitable interface found\n",
 +						  prog);
 			exit(1);
 		}
@@ -317,10 +367,6 @@ main(int argc, char **argv)
 		}
 		swapped = pcap_is_swapped(pd);
 	} else {
 -		snaplen = max(sizeof(struct ether_header),
 -		    sizeof(struct fddi_header)) + sizeof(struct ether_arp);
 -		timeout = 1000;
 -		pd = pcap_open_live(interface, snaplen, 1, timeout, errbuf);
 		if (pd == NULL) {
 			syslog(LOG_ERR, "pcap open %s: %s", interface, errbuf);
 			exit(1);
@@ -340,14 +386,6 @@ main(int argc, char **argv)
 		dropprivileges( serveruser );
 	}
 -	/* Must be ethernet or fddi */
 -	linktype = pcap_datalink(pd);
 -	if (linktype != DLT_EN10MB && linktype != DLT_FDDI) {
 -		syslog(LOG_ERR, "Link layer type %d not ethernet or fddi",
 -		    linktype);
 -		exit(1);
 -	}
 -
 	/* Compile and install filter */
 	if (pcap_compile(pd, &code, "arp or rarp", 1, netmask) < 0) {
 		syslog(LOG_ERR, "pcap_compile: %s", pcap_geterr(pd));
--- a/arpwatch-2.1a15-dropgroup.patch
+++ b/arpwatch-2.1a15-dropgroup.patch
@ -1,12 +0,0 @@
 diff -up arpwatch-2.1a15/arpwatch.c.dropgroup arpwatch-2.1a15/arpwatch.c
 --- arpwatch-2.1a15/arpwatch.c.dropgroup	2012-05-31 11:47:13.327901902 +0200
 +++ arpwatch-2.1a15/arpwatch.c	2012-05-31 11:48:04.859900061 +0200
@@ -147,7 +147,7 @@ void dropprivileges(const char* user)
 	struct passwd* pw;
 	pw = getpwnam( user );
 	if ( pw ) {
 -		if ( initgroups(pw->pw_name, NULL) != 0 || setgid(pw->pw_gid) != 0 ||
 +		if ( setgid(pw->pw_gid) != 0 || setgroups(0, NULL) != 0 ||
 				 setuid(pw->pw_uid) != 0 ) {
 			syslog(LOG_ERR, "Couldn't change to '%.32s' uid=%d gid=%d", user,
 						 pw->pw_uid, pw->pw_gid);
--- a/arpwatch-2.1a15-extraman.patch
+++ b/arpwatch-2.1a15-extraman.patch
@ -1,173 +0,0 @@
 diff -up arpwatch-2.1a15/Makefile.in.extraman arpwatch-2.1a15/Makefile.in
 --- arpwatch-2.1a15/Makefile.in.extraman	2009-12-14 18:01:27.000000000 +0100
 +++ arpwatch-2.1a15/Makefile.in	2010-03-30 15:11:30.000000000 +0200
@@ -118,6 +118,10 @@ install-man: force
 	    $(DESTDIR)$(MANDEST)/man8
 	$(INSTALL) -m 644 $(srcdir)/arpsnmp.8 \
 	    $(DESTDIR)$(MANDEST)/man8
 +	$(INSTALL) -m 644 $(srcdir)/arp2ethers.8 \
 +	    $(DESTDIR)$(MANDEST)/man8
 +	$(INSTALL) -m 644 $(srcdir)/massagevendor.8 \
 +	    $(DESTDIR)$(MANDEST)/man8
 lint:	$(GENSRC) force
 	lint -hbxn $(SRC) | \
 diff -up arpwatch-2.1a15/arp2ethers.8.extraman arpwatch-2.1a15/arp2ethers.8
 --- arpwatch-2.1a15/arp2ethers.8.extraman	2010-03-30 15:12:37.000000000 +0200
 +++ arpwatch-2.1a15/arp2ethers.8	2010-03-30 15:53:01.000000000 +0200
@@ -0,0 +1,60 @@
 +.TH ARP2ETHERS 8
 +.SH NAME
 +arp2ethers \- convert arpwatch address database to ethers file format
 +.SH SYNOPSIS
 +.na
 +.B arp2ethers
 +.ad
 +.SH "DESCRIPTION"
 +.B arp2ethers
 +converts file
 +.IR arp.dat
 +in the current directory into
 +.BR ethers(5)
 +format on
 +.IR stdout .
 +Usually
 +.IR arp.dat
 +is an ethernet/ip database file generated by
 +.BR arpwatch(8) .
 +The arpwatch daemon in Debian will create different 
 +.IR arp.dat
 +depending on its configuration. All of them will be available at 
 +.IR /var/lib/arpwatch/ .
 +.SH FILES
 +.na
 +.nh
 +.nf
 +/var/lib/arpwatch - default directory for arp.dat
 +arp.dat - ethernet/ip address database
 +.ad
 +.hy
 +.fi
 +.SH "SEE ALSO"
 +.na
 +.nh
 +.BR arpwatch (8),
 +.BR ethers (5),
 +.BR rarp (8),
 +.BR arp (8),
 +.ad
 +.hy
 +.SH BUGS
 +Please send bug reports to arpwatch@ee.lbl.gov.
 +.SH AUTHORS
 +.LP
 +Original version by Craig Leres of the Lawrence Berkeley
 +National Laboratory Network Research Group, University of
 +California, Berkeley, CA.
 +.LP
 +Modified for the Debian Project by Peter Kelemen, with
 +additions from Erik Warmelink.
 +.LP
 +The current version is available via anonymous ftp:
 +.LP
 +.RS
 +.I ftp://ftp.ee.lbl.gov/arpwatch.tar.gz
 +.RE
 +.LP
 +This manual page was contributed by Hugo Graumann.
 +
 diff -up arpwatch-2.1a15/massagevendor.8.extraman arpwatch-2.1a15/massagevendor.8
 --- arpwatch-2.1a15/massagevendor.8.extraman	2010-03-30 15:15:18.000000000 +0200
 +++ arpwatch-2.1a15/massagevendor.8	2010-03-30 15:15:18.000000000 +0200
@@ -0,0 +1,91 @@
 +.TH MASSAGEVENDOR 8
 +.SH NAME
 +massagevendor \- convert the ethernet vendor codes master list to arpwatch format
 +.SH SYNOPSIS
 +.na
 +massagevendor
 +.I vendorfile
 +.SH "DESCRIPTION"
 +.B massagevendor
 +is a program that converts a text file containing ethernet vendor codes
 +into a format suitable for use by
 +.B arpwatch(8)
 +and
 +.B arpsnmp(8).
 +The input
 +.I vendorfile
 +is a master text file containing vendor codes. The output
 +is sent to
 +.I stdout.
 +Each line of the
 +.I vendorfile
 +is expected to have a six digit hexadecimal vendor code
 +followed by spaces followed by the name of the manufacturer.
 +.LP
 +All ethernet devices have a unique identifier which
 +includes a vendor code specifying the manufacturer of the
 +device. In normal operation
 +.B arpwatch(8)
 +and
 +.B arpsnmp(8)
 +use the file
 +.I ethercodes.dat
 +to report this vendor code.
 +.B massagevendor
 +is used to generate the
 +.I ethercodes.dat
 +file from text files containing these vendor codes.
 +.LP
 +Locations where an ethernet vendor codes master text file
 +can be obtained are given below.
 +.SH FILES
 +.na
 +.nh
 +.nf
 +/var/lib/arpwatch - default location of the ethernet vendor list
 +ethercodes.dat - file containing the list of ethernet vendor codes
 +.ad
 +.hy
 +.fi
 +.SH "SEE ALSO"
 +.na
 +.nh
 +.BR arpwatch(8),
 +.BR arpsnmp(8)
 +.ad
 +.hy
 +.SH NOTES
 +Sources for ethernet vendor codes seen in the wild are
 +.LP
 +.na
 +.nh
 +.nf
 +.RS
 +.I http://map-ne.com/Ethernet/vendor.html
 +.I ftp://ftp.cavebear.com/pub/Ethernet.txt
 +.I http://www.cavebear.com/CaveBear/Ethernet/vendor.html
 +.RE
 +.ad
 +.hy
 +.LP
 +Useful for comparison or completeness are the
 +ethernet vendor codes as assigned
 +by the IEEE which can be found at
 +.LP
 +.RS
 +.I http://standards.ieee.org/regauth/oui/oui.txt
 +.RE
 +.SH BUGS
 +Please send bug reports to arpwatch@ee.lbl.gov.
 +.SH AUTHORS
 +Craig Leres of the
 +Lawrence Berkeley National Laboratory Network Research Group,
 +University of California, Berkeley, CA.
 +.LP
 +The current version is available via anonymous ftp:
 +.LP
 +.RS
 +.I ftp://ftp.ee.lbl.gov/arpwatch.tar.gz
 +.RE
 +.LP
 +This manual page was contributed by Hugo Graumann.
--- a/arpwatch-2.1a15-lookupiselect.patch
+++ b/arpwatch-2.1a15-lookupiselect.patch
@ -1,103 +0,0 @@
 Note by jsynacek:
 This patch should be rewritten. There's no reason to be using a static variable
 and returning its content from a function (in iterate_dev()). Also, some things
 should be simplified (like iterate_dev()).
 diff -up ./arpwatch.c.iselect ./arpwatch.c
 --- ./arpwatch.c.iselect	2012-10-15 16:01:24.701335291 +0200
 +++ ./arpwatch.c	2012-10-15 16:07:18.626322639 +0200
@@ -162,50 +162,52 @@ void dropprivileges(const char* user)
 }
 char *
 -get_first_dev(pcap_t **pd, int *linktype, char *errbuf)
 +try_dev(char *interface, pcap_t **pd, int *linktype, char *errbuf)
 {
 -	static char interface[IF_NAMESIZE + 1];
 	register int snaplen, timeout;
 -	pcap_if_t *alldevs;
 -	pcap_if_t *dev;
 -	char *ret = NULL;
 	snaplen = max(sizeof(struct ether_header),
 				  sizeof(struct fddi_header)) + sizeof(struct ether_arp);
 	timeout = 1000;
 -	if (pcap_findalldevs(&alldevs, errbuf) == -1) {
 -		(void)fprintf(stderr, "%s: lookup_device: %s\n",
 -					  prog, errbuf);
 -		exit(1);
 +	*pd = pcap_open_live(interface, snaplen, 1, timeout, errbuf);
 +	if (NULL == *pd) {
 +		syslog(LOG_ERR, "pcap open %s: %s", interface,  errbuf);
 +		return NULL;
 	}
 +	*linktype = pcap_datalink(*pd);
 +	/* Must be ethernet or fddi */
 +	if (*linktype != DLT_EN10MB && *linktype != DLT_FDDI) {
 +		syslog(LOG_ERR, "(%s) Link layer type %d not ethernet or fddi",
 +			   interface, *linktype);
 +		pcap_close(*pd);
 +		return NULL;
 +	}
 +	return interface;
 +}
 -	for (dev = alldevs; dev; dev = dev->next) {
 -		strncpy(interface, dev->name, strlen(dev->name)+1);
 -
 -		*pd = pcap_open_live(interface, snaplen, 1, timeout, errbuf);
 -		if (*pd == NULL) {
 -			syslog(LOG_ERR, "pcap open %s: %s, trying next...", interface, errbuf);
 -			continue;
 -			/* exit(1); */
 -		}
 +char *
 +iterate_dev(char *arginterface, pcap_t **pd, int *linktype, char *errbuf)
 +{
 +	static char interface[64 + 1];
 +	pcap_if_t *alldevs;
 +	pcap_if_t *dev;
 -		*linktype = pcap_datalink(*pd);
 -		/* Must be ethernet or fddi */
 -		if (*linktype != DLT_EN10MB && *linktype != DLT_FDDI) {
 -			syslog(LOG_ERR, "(%s) Link layer type %d not ethernet or fddi, trying next...",
 -				   interface, *linktype);
 -			pcap_close(*pd);
 +	if (NULL != arginterface) {
 +		return try_dev(arginterface, pd, linktype, errbuf);
 +	} else {
 +		if (pcap_findalldevs(&alldevs, errbuf) == -1) {
 +			(void)fprintf(stderr, "%s: lookup_device: %s\n",
 +						  prog, errbuf);
 +			exit(1);
 		}
 -		else {
 -			/* First match, use it */
 -			ret = interface;
 -			break;
 +		for (dev = alldevs; dev && (arginterface == NULL); dev = dev->next) {
 +			strncpy(interface, dev->name, strlen(dev->name)+1);
 +			arginterface = try_dev(interface, pd, linktype, errbuf);
 		}
 -
 +		pcap_freealldevs(alldevs);
 +		return arginterface;
 	}
 -	pcap_freealldevs(alldevs);
 -	return (ret);
 }
 int
@@ -315,8 +317,8 @@ main(int argc, char **argv)
 	} else {
 		/* Determine interface if not specified */
 -		if (interface == NULL &&
 -			(interface = get_first_dev(&pd, &linktype, errbuf)) == NULL) {
 +		interface = iterate_dev(interface, &pd, &linktype, errbuf);
 +		if (interface == NULL) {
 			(void)fprintf(stderr, "%s: lookup_device: no suitable interface found\n",
 						  prog);
 			exit(1);
--- a/arpwatch-2.1a15-nolocalpcap.patch
+++ b/arpwatch-2.1a15-nolocalpcap.patch
@ -1,10 +0,0 @@
 --- arpwatch-2.1a15/configure.nolocalpcap	2006-06-21 22:32:38.000000000 +0200
 +++ arpwatch-2.1a15/configure	2006-11-09 15:04:35.000000000 +0100
@@ -4956,6 +4956,7 @@
     places=`ls .. | sed -e 's,/$,,' -e 's,^,../,' | \
 	egrep '/libpcap-[0-9]*\.[0-9]*(\.[0-9]*)?([ab][0-9]*)?$'`
     for dir in $places ../libpcap libpcap ; do
 +	    break
 	    basedir=`echo $dir | sed -e 's/[ab][0-9]*$//'`
 	    if test $lastdir = $basedir ; then
 		    		    continue;
--- a/arpwatch-2.1a4-fhs.patch
+++ b/arpwatch-2.1a4-fhs.patch
@ -1,20 +0,0 @@
 --- arpwatch-2.1a4/Makefile.in.fhs	Sun Jun 18 08:26:28 2000
 +++ arpwatch-2.1a4/Makefile.in	Sun Jun 18 08:27:21 2000
@@ -109,13 +109,13 @@
 	$(CC) $(CFLAGS) -o $@ zap.o intoa.o -lutil
 install: force
 -	$(INSTALL) -m 555 -o bin -g bin arpwatch $(DESTDIR)$(BINDEST)
 -	$(INSTALL) -m 555 -o bin -g bin arpsnmp $(DESTDIR)$(BINDEST)
 +	$(INSTALL) -m 755 arpwatch $(DESTDIR)$(BINDEST)
 +	$(INSTALL) -m 755 arpsnmp $(DESTDIR)$(BINDEST)
 install-man: force
 -	$(INSTALL) -m 444 -o bin -g bin $(srcdir)/arpwatch.8 \
 +	$(INSTALL) -m 644 $(srcdir)/arpwatch.8 \
 	    $(DESTDIR)$(MANDEST)/man8
 -	$(INSTALL) -m 444 -o bin -g bin $(srcdir)/arpsnmp.8 \
 +	$(INSTALL) -m 644 $(srcdir)/arpsnmp.8 \
 	    $(DESTDIR)$(MANDEST)/man8
 lint:	$(GENSRC) force
--- a/arpwatch-201301-ethcodes.patch
+++ b/arpwatch-201301-ethcodes.patch
--- a/arpwatch-3.1-all-zero-bogon.patch
+++ b/arpwatch-3.1-all-zero-bogon.patch
@ -0,0 +1,23 @@
 RHBZ #244606: Correctly handle -n 0/32 to allow the user to disable reporting
 bogons from 0.0.0.0.
 diff -Naur arpwatch-3.1-original/arpwatch.c arpwatch-3.1/arpwatch.c
 --- arpwatch-3.1-original/arpwatch.c	2019-11-30 13:35:23.000000000 -0500
 +++ arpwatch-3.1/arpwatch.c	2020-11-07 12:10:53.357839069 -0500
@@ -814,10 +814,12 @@
 	/* XXX hack */
 	n = ntohl(inet_addr(tstr));
 -	while ((n & 0xff000000) == 0) {
 -		n <<= 8;
 -		if (n == 0)
 -			return (0);
 +	if (n || width != 32) {
 +		while ((n & 0xff000000) == 0) {
 +			n <<= 8;
 +			if (n == 0)
 +				return (0);
 +		}
 	}
 	n = htonl(n);
--- a/arpwatch-3.1-arp2ethers-sort-invocation.patch
+++ b/arpwatch-3.1-arp2ethers-sort-invocation.patch
@ -0,0 +1,15 @@
 Fix nonstandard sort flags (obsolete + notation for keys, available in some
 BSDs for compatibility but non-POSIX and not supported by GNU sort).
 diff -Naur arpwatch-3.1-original/arp2ethers arpwatch-3.1/arp2ethers
 --- arpwatch-3.1-original/arp2ethers	2013-02-16 03:10:28.000000000 -0500
 +++ arpwatch-3.1/arp2ethers	2020-11-07 11:22:04.762234105 -0500
@@ -13,7 +13,7 @@
 #	- sort
 #
 -sort +2rn arp.dat |
 +sort -k 2 -rn arp.dat |
     awk 'NF == 4 { print }' |
     awk -f p.awk |
     egrep -v '\.[0-9][0-9]*$' |
--- a/arpwatch-3.1-arpfetch-stray-rm.patch
+++ b/arpwatch-3.1-arpfetch-stray-rm.patch
@ -0,0 +1,11 @@
 Fix stray rm (of an undefined variable).
 diff -Naur arpwatch-3.1-original/arpfetch arpwatch-3.1/arpfetch
 --- arpwatch-3.1-original/arpfetch	2013-02-16 03:10:28.000000000 -0500
 +++ arpwatch-3.1/arpfetch	2020-11-07 11:22:59.344575624 -0500
@@ -29,5 +29,3 @@
 	    ea = $2
 	    print ea "\t" ip
     }'
 -
 -rm -f ${t1}
--- a/arpwatch-3.1-configure-no-local-pcap.patch
+++ b/arpwatch-3.1-configure-no-local-pcap.patch
@ -0,0 +1,15 @@
 Do not attempt to search for local libpcap libraries lying around in the parent
 of the build directory, or anywhere else random. This is not expected to
 succeed anyway, but it is better to be sure.
 diff -Naur arpwatch-3.1-original/configure arpwatch-3.1/configure
 --- arpwatch-3.1-original/configure	2020-04-05 20:22:04.000000000 -0400
 +++ arpwatch-3.1/configure	2020-11-07 11:59:40.114550004 -0500
@@ -5437,6 +5437,7 @@
     places=`ls .. | sed -e 's,/$,,' -e 's,^,../,' | \
 	egrep '/libpcap-[0-9]*\.[0-9]*(\.[0-9]*)?([ab][0-9]*)?$'`
     for dir in $places ../libpcap libpcap ; do
 +	    break
 	    basedir=`echo $dir | sed -e 's/[ab][0-9]*$//'`
 	    if test $lastdir = $basedir ; then
 		    		    continue;
--- a/arpwatch-3.1-man-references.patch
+++ b/arpwatch-3.1-man-references.patch
@ -0,0 +1,76 @@
 Fix section numbers in man page cross-references. With minor changes, this
 patch dates all the way back to arpwatch-2.1a4-man.patch, from RHBZ#15442.
 diff -Naur arpwatch-3.1-original/arpsnmp.8.in arpwatch-3.1/arpsnmp.8.in
 --- arpwatch-3.1-original/arpsnmp.8.in	2019-12-01 14:01:07.000000000 -0500
 +++ arpwatch-3.1/arpsnmp.8.in	2020-11-05 15:13:01.296113145 -0500
@@ -45,7 +45,7 @@
 and reports certain changes via email.
 .Nm
 reads information from a file (usually generated by
 -.Xr snmpwalk 3 ) .
 +.Xr snmpwalk 1 ) .
 .Pp
 The format of the input file is the same as
 .Ar arp.dat ;
@@ -119,9 +119,9 @@
 .Pp
 .Sh "REPORT MESSAGES"
 See the
 -.Xr arpwatch 1
 +.Xr arpwatch 8
 man page for details on the report messages generated by
 -.Xr arpsnmp 1 .
 +.Xr arpsnmp 8 .
 .Sh FILES
 .Bl -tag -width ".Pa /usr/local/arpwatch" -compact
 .It Pa /usr/local/arpwatch
@@ -132,7 +132,7 @@
 vendor ethernet block list
 .Sh "SEE ALSO"
 .Xr arpwatch 8 ,
 -.Xr snmpwalk 8 ,
 +.Xr snmpwalk 1 ,
 .Xr arp 8 ,
 .Sh AUTHORS
 .An Craig Leres
 diff -Naur arpwatch-3.1-original/arpwatch.8.in arpwatch-3.1/arpwatch.8.in
 --- arpwatch-3.1-original/arpwatch.8.in	2019-12-01 14:01:07.000000000 -0500
 +++ arpwatch-3.1/arpwatch.8.in	2020-11-05 15:14:12.117564292 -0500
@@ -117,9 +117,9 @@
 .Fl r
 flag is used to specify a savefile
 (perhaps created by
 -.Xr tcpdump 1
 +.Xr tcpdump 8
 or
 -.Xr pcapture 1 )
 +.Xr pcapture 8 )
 to read from instead
 of reading from the network. In this case
 .Nm
@@ -163,9 +163,9 @@
 .Pp
 .Sh "REPORT MESSAGES"
 Here's a quick list of the report messages generated by
 -.Xr arpwatch 1
 +.Xr arpwatch 8
 (and
 -.Xr arpsnmp 1 ) :
 +.Xr arpsnmp 8 ) :
 .Pp
 .Bl -tag -width xxx
 .It Ic "new activity"
@@ -216,9 +216,9 @@
 .Sh "SEE ALSO"
 .Xr arpsnmp 8 ,
 .Xr arp 8 ,
 -.Xr bpf 4 ,
 -.Xr tcpdump 1 ,
 -.Xr pcapture 1 ,
 +.Xr bpf 2 ,
 +.Xr tcpdump 8 ,
 +.Xr pcapture 8 ,
 .Xr pcap 3
 .Sh AUTHORS
 .An Craig Leres
--- a/arpwatch-3.2-change-user.patch
+++ b/arpwatch-3.2-change-user.patch
@ -0,0 +1,146 @@
 Add, and document, a -u argument to change to a specified unprivileged user
 after establishing sockets.
 This patch rebases and combines arpwatch-drop.patch, which provided -u;
 arpwatch-drop-man.patch, which documented it; and
 arpwatch-2.1a15-dropgroup.patch, which fixed CVE-2012-2653 (RHBZ #825328) in
 the original arpwatch-drop.patch, into a single combined patch. It also removes
 an unnecessary and unchecked strdup() in the original patch that could have
 theoretically led to a null pointer dereference.
 diff -Naur arpwatch-3.2-original/arpwatch.8.in arpwatch-3.2/arpwatch.8.in
 --- arpwatch-3.2-original/arpwatch.8.in	2021-12-14 19:47:54.000000000 -0500
 +++ arpwatch-3.2/arpwatch.8.in	2021-12-16 08:18:21.803266980 -0500
@@ -43,6 +43,7 @@
 .Op Fl n Ar net[/width]
 .Op Fl x Ar net[/width]
 .Op Fl r Ar file
 +.Op Fl u Ar username
 .Sh DESCRIPTION
 .Nm
 keeps track of ethernet/ip address pairings. It syslogs activity
@@ -137,13 +138,30 @@
 Note that an empty
 .Ar arp.dat
 file must be created before the first time you run
 -.Fl arpwatch .
 +.Nm .
 +Also, the default directory (where
 +.Ar arp.dat
 +is stored) must be owned by
 +.Ar username
 +if the
 +.Fl u
 +flag is used.
 .Pp
 The
 .Fl s
 flag suppresses reports sent by email.
 .Pp
 The
 +.Fl u
 +flag causes
 +.Nm
 +to drop root privileges and change user ID to
 +.Ar username
 +and group ID to that of the primary group of
 +.Ar username .
 +This is recommended for security reasons.
 +.Pp
 +The
 .Fl v
 flag disables the reporting of VRRP/CARP ethernet prefixes as
 described in RFC5798 (@MACZERO@0:@MACZERO@0:5e:@MACZERO@0:@MACZERO@1:xx).
 diff -Naur arpwatch-3.2-original/arpwatch.c arpwatch-3.2/arpwatch.c
 --- arpwatch-3.2-original/arpwatch.c	2019-11-30 13:35:23.000000000 -0500
 +++ arpwatch-3.2/arpwatch.c	2021-12-16 08:18:21.812267045 -0500
@@ -72,6 +72,8 @@
 #include <syslog.h>
 #include <unistd.h>
 +#include <grp.h>
 +#include <pwd.h>
 #include <pcap.h>
 #include "gnuc.h"
@@ -170,6 +172,24 @@
 int	toskip(u_int32_t);
 void	usage(void) __attribute__((noreturn));
 +void dropprivileges(const char* user)
 +{
 +	struct passwd* const pw = getpwnam(user);
 +	if (pw) {
 +		if (setgid(pw->pw_gid) != 0 || setgroups(0, NULL) != 0 ||
 +				setuid(pw->pw_uid) != 0) {
 +			lg(LOG_ERR, "Couldn't change to '%.32s' uid=%d gid=%d",
 +				       user, pw->pw_uid, pw->pw_gid);
 +			exit(1);
 +		}
 +	} else {
 +		lg(LOG_ERR, "Couldn't find user '%.32s' in /etc/passwd",
 +			       user);
 +		exit(1);
 +	}
 +	lg(LOG_DEBUG, "Running as uid=%d gid=%d", getuid(), getgid());
 +}
 +
 int
 main(int argc, char **argv)
 {
@@ -181,6 +201,7 @@
 	char *interface, *rfilename;
 	struct bpf_program code;
 	char errbuf[PCAP_ERRBUF_SIZE];
 +	char* serveruser = NULL;
 	if (argv[0] == NULL)
 		prog = "arpwatch";
@@ -198,7 +219,7 @@
 	interface = NULL;
 	rfilename = NULL;
 	pd = NULL;
 -	while ((op = getopt(argc, argv, "CdD:Ff:i:n:NpP:qr:svw:W:x:zZ")) != EOF)
 +	while ((op = getopt(argc, argv, "CdD:Ff:i:n:NpP:qr:svw:W:x:zZu:")) != EOF)
 		switch (op) {
 		case 'C':
@@ -283,6 +304,17 @@
 			zeropad = 1;
 			break;
 +		case 'u':
 +			if (optarg) {
 +				/* no need to strdup() a pointer into the
 +				 * original arguments vector */
 +				serveruser = optarg;
 +			} else {
 +				fprintf(stderr, "%s: Need username after -u\n", prog);
 +				usage();
 +			}
 +			break;
 +
 		default:
 			usage();
 		}
@@ -379,6 +411,11 @@
 		}
 	}
 +	/* Explicit user change (privilege drop) with -u? */
 +	if (serveruser) {
 +		dropprivileges(serveruser);
 +	}
 +
 	/*
 	 * Revert to non-privileged user after opening sockets
 	 * (not needed on most systems).
@@ -927,6 +964,7 @@
 	    "usage: %s [-CdFNpqsvzZ] [-D arpdir] [-f datafile]"
 	    " [-i interface]\n\t"
 	    " [-P pidfile] [-w watcher@email] [-W watchee@email]\n\t"
 -	    " [-n net[/width]] [-x net[/width]] [-r file]\n", prog);
 +	    " [-n net[/width]] [-x net[/width]] [-r file] [-u username]\n",
 +	    prog);
 	exit(1);
 }
--- a/arpwatch-3.3-c99.patch
+++ b/arpwatch-3.3-c99.patch
@ -0,0 +1,17 @@
 diff --git a/dns.c b/dns.c
 index 82106e1244f94aec..75cc27b6775649f7 100644
 --- a/dns.c
 +++ b/dns.c
@@ -115,10 +115,10 @@ gethinfo(char *hostname, char *cpu, int cpulen, char *os, int oslen)
 		    (u_char *)cp, (char *)bp, buflen)) < 0)
 			break;
 		cp += n;
 -		type = _getshort(cp);
 +		type = ns_get16(cp);
 		cp += sizeof(u_short);			/* class */
 		cp += sizeof(u_short) + sizeof(u_int32_t);
 -		n = _getshort(cp);
 +		n = ns_get16(cp);
 		cp += sizeof(u_short);
 		if (type == T_HINFO) {
 			/* Unpack */
--- a/arpwatch-3.5-devlookup.patch
+++ b/arpwatch-3.5-devlookup.patch
@ -0,0 +1,138 @@
 diff -Naur arpwatch-3.5-original/arpwatch.c arpwatch-3.5/arpwatch.c
 --- arpwatch-3.5-original/arpwatch.c	2023-12-03 13:10:05.000000000 -0500
 +++ arpwatch-3.5/arpwatch.c	2023-12-03 20:06:32.694857659 -0500
@@ -163,6 +163,8 @@
 void	hup(int);
 int	isbogon(u_int32_t);
 int	main(int, char **);
 +int     try_open_live(pcap_t ** pd_ptr, char const * interface_name,
 +	       int promiscuous_enable);
 void	process_ether(u_char *, const struct pcap_pkthdr *, const u_char *);
 void	process_fddi(u_char *, const struct pcap_pkthdr *, const u_char *);
 int	readsnmp(char *);
@@ -179,7 +181,7 @@
 	int op, snaplen, timeout, linktype, status;
 	pcap_t *pd;
 	FILE *fp;
 -	pcap_if_t *alldevs;
 +	pcap_if_t *alldevs, *dev;
 	char *interface, *rfilename;
 	struct bpf_program code;
 	char errbuf[PCAP_ERRBUF_SIZE];
@@ -311,13 +313,18 @@
 				    "%s: pcap_findalldevs: %s\n", prog, errbuf);
 				exit(1);
 			}
 -			if (alldevs == NULL) {
 +			for (dev = alldevs; dev; dev = dev->next) {
 +				if (try_open_live(&pd, dev->name, promisc)) {
 +					interface = savestr(alldevs->name);
 +					break;
 +				}
 +			}
 +			pcap_freealldevs(alldevs);
 +			if (interface == NULL) {
 				(void)fprintf(stderr, "%s: pcap_findalldevs:"
 				    " no suitable devices found\n", prog);
 				exit(1);
 			}
 -			interface = savestr(alldevs->name);
 -			pcap_freealldevs(alldevs);
 #else
 			if (interface = pcap_lookupdev(errbuf)) == NULL) {
 				(void)fprintf(stderr,
@@ -356,15 +363,12 @@
 		}
 		swapped = pcap_is_swapped(pd);
 	} else {
 -		snaplen = max(sizeof(struct ether_header),
 -		    sizeof(struct fddi_header)) + sizeof(struct ether_arp);
 -		timeout = 1000;
 -		pd = pcap_open_live(interface, snaplen, promisc, timeout,
 -		    errbuf);
 		if (pd == NULL) {
 -			lg(LOG_ERR, "pcap open %s: %s", interface, errbuf);
 -			exit(1);
 +			if (!try_open_live(&pd, interface, promisc)) {
 +				exit(1);
 +			}
 		}
 +		/* else pd was already opened based on pcap_findalldevs */
 #ifdef WORDS_BIGENDIAN
 		swapped = 1;
 #endif
@@ -454,6 +458,74 @@
 	exit(0);
 }
 +int
 +try_open_live(pcap_t ** pd_ptr, char const * interface_name, int promiscuous_enable) {
 +	/* Attempt to open an interface and set up a supported datalink type;
 +	 * return nonzero on success and zero on failure (and log a message).
 +	 */
 +	int snaplen, timeout, n_datalinks, datalink_i;
 +	int * datalinks, datalink;
 +	char errbuf[PCAP_ERRBUF_SIZE];
 +
 +	snaplen = max(sizeof(struct ether_header),
 +	    sizeof(struct fddi_header)) + sizeof(struct ether_arp);
 +	timeout = 1000;
 +	datalinks = NULL;
 +
 +	/* Just in case... */
 +	if (*pd_ptr != NULL) {
 +		pcap_close(*pd_ptr);
 +		*pd_ptr = NULL;
 +	}
 +
 +	*pd_ptr = pcap_open_live(interface_name, snaplen, promiscuous_enable,
 +	    timeout, errbuf);
 +	if (*pd_ptr == NULL) {
 +		lg(LOG_ERR, "pcap open %s: %s", interface_name, errbuf);
 +		goto fail;
 +	}
 +
 +	/* Must be able to select an ethernet or fddi datalink */
 +	n_datalinks = pcap_list_datalinks(*pd_ptr, &datalinks);
 +	if (n_datalinks < 0) {
 +		lg(LOG_ERR, "pcap_list_datalinks %s: %s", interface_name,
 +		    pcap_geterr(*pd_ptr));
 +		goto fail;
 +	}
 +	for (datalink_i = 0; datalink_i < n_datalinks; ++datalink_i) {
 +		switch (datalinks[datalink_i]) {
 +		case DLT_EN10MB:
 +		case DLT_FDDI:
 +			break;
 +		default:
 +			continue; /* unsupported; try the next datalink */
 +		}
 +		if (pcap_set_datalink(*pd_ptr, datalinks[datalink_i]) != 0) {
 +			lg(LOG_ERR, "pcap_set_datalink %s %d: %s",
 +			    interface_name, datalinks[datalink_i],
 +			    pcap_geterr(*pd_ptr));
 +			continue;
 +		}
 +		break; /* success */
 +	}
 +	if (datalink_i >= n_datalinks) {
 +		lg(LOG_ERR, "no ethernet or fddi datalink for %s",
 +		    interface_name);
 +		goto fail;
 +	}
 +
 +	free(datalinks);
 +	return 1; /* success */
 +
 +fail:
 +	if (*pd_ptr != NULL) {
 +		pcap_close(*pd_ptr);
 +		*pd_ptr = NULL;
 +	}
 +	free(datalinks);
 +	return 0; /* failure */
 +}
 +
 /* Process an ethernet arp/rarp packet */
 void
 process_ether(u_char *u, const struct pcap_pkthdr *h, const u_char *p)
--- a/arpwatch-3.5-exitcode.patch
+++ b/arpwatch-3.5-exitcode.patch
@ -0,0 +1,12 @@
 diff -Naur arpwatch-3.5-original/arpwatch.c arpwatch-3.5/arpwatch.c
 --- arpwatch-3.5-original/arpwatch.c	2023-12-03 13:10:05.000000000 -0500
 +++ arpwatch-3.5/arpwatch.c	2023-12-03 20:04:01.834691097 -0500
@@ -915,7 +915,7 @@
 {
 	lg(LOG_DEBUG, "exiting");
 	checkpoint(0);
 -	exit(1);
 +	exit(0);
 }
 void
--- a/arpwatch-3.9-no-usr-local-path.patch
+++ b/arpwatch-3.9-no-usr-local-path.patch
@ -0,0 +1,40 @@
 Do not add /usr/local/bin or /usr/local/sbin to the PATH in any scripts.
 diff -Naur arpwatch-3.9-original/arpfetch arpwatch-3.9/arpfetch
 --- arpwatch-3.9-original/arpfetch	2013-02-16 08:10:28.000000000 +0000
 +++ arpwatch-3.9/arpfetch	2025-10-23 23:27:24.285711332 +0100
@@ -4,8 +4,6 @@
 # arpfetch - collect arp data from a cisco using net-snmp
 #
 -export PATH="/usr/local/bin:${PATH}"
 -
 prog=`basename $0`
 if [ $# -ne 2 ]; then
 diff -Naur arpwatch-3.9-original/bihourly.sh arpwatch-3.9/bihourly.sh
 --- arpwatch-3.9-original/bihourly.sh	2016-09-17 03:40:54.000000000 +0100
 +++ arpwatch-3.9/bihourly.sh	2025-10-23 23:27:24.285849999 +0100
@@ -3,9 +3,6 @@
 #
 #  bihourly arpwatch job
 #
 -PATH=${PATH}:/usr/local/sbin
 -export PATH
 -#
 cd /usr/local/arpwatch
 #
 list="`cat list`"
 diff -Naur arpwatch-3.9-original/update-ethercodes.sh.in arpwatch-3.9/update-ethercodes.sh.in
 --- arpwatch-3.9-original/update-ethercodes.sh.in	2025-10-23 20:32:08.000000000 +0100
 +++ arpwatch-3.9/update-ethercodes.sh.in	2025-10-23 23:27:50.579194300 +0100
@@ -6,9 +6,6 @@
 prog="`basename $0`"
 -PATH=/usr/local/bin:${PATH}
 -export PATH
 -
 t1=`mktemp /tmp/${prog}.1.XXXXXX`
 trap 'rm -f ${t1}; exit 1' 1 2 3 15 EXIT
--- a/arpwatch-aarch64.patch
+++ b/arpwatch-aarch64.patch
--- a/arpwatch-addr.patch
+++ b/arpwatch-addr.patch
@ -1,232 +0,0 @@
 --- arpwatch-2.1a11/addresses.h.in.addr	Wed Jun  5 00:40:29 1996
 +++ arpwatch-2.1a11/addresses.h.in	Wed Jul 31 17:39:38 2002
@@ -1,2 +1,4 @@
 #define WATCHER "root"
 -#define WATCHEE "arpwatch (Arpwatch)"
 +#define WATCHEE "root (Arpwatch)"
 +extern char *watcher;
 +extern char *watchee;
 --- arpwatch-2.1a11/arpsnmp.8.addr	Sun Sep 17 15:34:48 2000
 +++ arpwatch-2.1a11/arpsnmp.8	Fri Aug  2 15:15:31 2002
@@ -30,6 +30,12 @@
 ] [
 .B -f
 .I datafile
 +] [
 +.B -e
 +.I username
 +] [
 +.B -s
 +.I username
 ]
 .I file
 [
@@ -59,6 +65,27 @@
 .I arp.dat
 file must be created before the first time you run
 .BR arpsnmp .
 +.LP
 +If the
 +.B -e 
 +flag is used, 
 +.B arpsnmp
 +sends e-mail messages to
 +.I username
 +rather than the default (root).
 +If a single `-' character is given for the username,
 +sending of e-mail is suppressed,
 +but logging via syslog is still done as usual.
 +(This can be useful during initial runs, to collect data
 +without being flooded with messages about new stations.)
 +.LP
 +If the
 +.B -s 
 +flag is used, 
 +.B arpsnmp
 +sends e-mail messages with
 +.I username
 +as the return address, rather than the default (root).
 .LP
 .SH "REPORT MESSAGES"
 (See the
 --- arpwatch-2.1a11/arpsnmp.c.addr	Sun Jan 17 19:47:40 1999
 +++ arpwatch-2.1a11/arpsnmp.c	Fri Aug  2 15:17:16 2002
@@ -59,6 +59,7 @@
 #include "file.h"
 #include "machdep.h"
 #include "util.h"
 +#include "addresses.h"
 /* Forwards */
 int	main(int, char **);
@@ -90,7 +91,7 @@
 	}
 	opterr = 0;
 -	while ((op = getopt(argc, argv, "df:")) != EOF)
 +	while ((op = getopt(argc, argv, "df:e:s:")) != EOF)
 		switch (op) {
 		case 'd':
@@ -105,6 +106,24 @@
 			arpfile = optarg;
 			break;
 +		case 'e':
 +			if ( optarg ) {
 +				watcher = strdup(optarg);
 +			} else {
 +				(void)fprintf(stderr, "%s: Need recipient username/e-mail address after -e\n", prog);
 +				usage();
 +			}
 +			break;
 +
 +		case 's':
 +			if ( optarg ) {
 +				watchee = strdup(optarg);
 +			} else {
 +				(void)fprintf(stderr, "%s: Need sender username/e-mail address after -s\n", prog);
 +				usage();
 +			}
 +			break;
 +
 		default:
 			usage();
 		}
@@ -184,6 +203,6 @@
 	(void)fprintf(stderr, "Version %s\n", version);
 	(void)fprintf(stderr,
 -	    "usage: %s [-d] [-f datafile] file [...]\n", prog);
 +	    "usage: %s [-d] [-f datafile] [-e username] [-s username] file [...]\n", prog);
 	exit(1);
 }
 --- arpwatch-2.1a11/arpwatch.8.addr	Thu Aug  1 13:45:36 2002
 +++ arpwatch-2.1a11/arpwatch.8	Thu Aug  1 14:08:05 2002
@@ -46,6 +46,12 @@
 ] [
 .B -u
 .I username
 +] [
 +.B -e
 +.I username
 +] [
 +.B -s
 +.I username
 ]
 .ad
 .SH DESCRIPTION
@@ -106,6 +112,27 @@
 and group ID to that of the primary group of 
 .IR username .
 This is recommended for security reasons.
 +.LP
 +If the
 +.B -e 
 +flag is used, 
 +.B arpwatch
 +sends e-mail messages to
 +.I username
 +rather than the default (root).
 +If a single `-' character is given for the username,
 +sending of e-mail is suppressed,
 +but logging via syslog is still done as usual.
 +(This can be useful during initial runs, to collect data
 +without being flooded with messages about new stations.)
 +.LP
 +If the
 +.B -s 
 +flag is used, 
 +.B arpwatch
 +sends e-mail messages with
 +.I username
 +as the return address, rather than the default (root).
 .LP
 Note that an empty
 .I arp.dat
 --- arpwatch-2.1a11/arpwatch.c.addr	Thu Aug  1 13:45:36 2002
 +++ arpwatch-2.1a11/arpwatch.c	Thu Aug  1 13:47:35 2002
@@ -78,6 +78,7 @@
 #include "machdep.h"
 #include "setsignal.h"
 #include "util.h"
 +#include "addresses.h"
 /* Some systems don't define these */
 #ifndef ETHERTYPE_REVARP
@@ -190,7 +191,7 @@
 	interface = NULL;
 	rfilename = NULL;
 	pd = NULL;
 -	while ((op = getopt(argc, argv, "df:i:n:Nr:u:")) != EOF)
 +	while ((op = getopt(argc, argv, "df:i:n:Nr:u:e:s:")) != EOF)
 		switch (op) {
 		case 'd':
@@ -232,6 +233,26 @@
 			}
 			break;
 +		case 'e':
 +			if ( optarg ) {
 +				watcher = strdup(optarg);
 +			}
 +			else {
 +				fprintf(stderr, "%s: Need recipient username/e-mail address after -e\n", prog);
 +				usage();
 +			}
 +			break;
 +
 +		case 's':
 +			if ( optarg ) {
 +				watchee = strdup(optarg);
 +			}
 +			else {
 +				fprintf(stderr, "%s: Need sender username/e-mail address after -s\n", prog);
 +				usage();
 +			}
 +			break;
 +
 		default:
 			usage();
 		}
@@ -784,6 +805,7 @@
 	(void)fprintf(stderr, "Version %s\n", version);
 	(void)fprintf(stderr, "usage: %s [-dN] [-f datafile] [-i interface]"
 -	    " [-n net[/width]] [-r file] [-u username]\n", prog);
 +	    " [-n net[/width]] [-r file] [-u username]"
 +	    " [-e username] [-s username]\n", prog);
 	exit(1);
 }
 --- arpwatch-2.1a11/report.c.addr	Sat Sep 30 18:41:10 2000
 +++ arpwatch-2.1a11/report.c	Thu Aug  1 14:16:43 2002
@@ -70,6 +70,9 @@
 #define PLURAL(n) ((n) == 1 || (n) == -1 ? "" : "s")
 +char *watcher = WATCHER;
 +char *watchee = WATCHEE;
 +
 static int cdepth;	/* number of outstanding children */
 static char *fmtdate(time_t);
@@ -240,8 +243,6 @@
 	register FILE *f;
 	char tempfile[64], cpu[64], os[64];
 	char *fmt = "%20s: %s\n";
 -	char *watcher = WATCHER;
 -	char *watchee = WATCHEE;
 	char *sendmail = PATH_SENDMAIL;
 	char *unknown = "<unknown>";
 	char buf[132];
@@ -258,6 +259,9 @@
 		}
 		f = stdout;
 		(void)putc('\n', f);
 +	} else if (watcher == NULL || *watcher == NULL || *watcher == '-') {
 +		dosyslog(LOG_NOTICE, title, a, e1, e2);
 +		return;
 	} else {
 		/* Setup child reaper if we haven't already */
 		if (!init) {
--- a/arpwatch-dir-man.patch
+++ b/arpwatch-dir-man.patch
@ -1,22 +0,0 @@
 --- arpwatch-2.1a15/arpsnmp.8.dirman	2006-11-02 17:00:58.000000000 +0100
 +++ arpwatch-2.1a15/arpsnmp.8	2006-11-02 17:23:58.000000000 +0100
@@ -96,7 +96,7 @@
 .na
 .nh
 .nf
 -/usr/operator/arpwatch - default directory
 +/var/lib/arpwatch - default directory
 arp.dat - ethernet/ip address database
 ethercodes.dat - vendor ethernet block list
 .ad
 --- arpwatch-2.1a15/arpwatch.8.dirman	2006-11-02 17:00:58.000000000 +0100
 +++ arpwatch-2.1a15/arpwatch.8	2006-11-02 17:24:07.000000000 +0100
@@ -198,7 +198,7 @@
 .na
 .nh
 .nf
 -/usr/operator/arpwatch - default directory
 +/var/lib/arpwatch - default directory
 arp.dat - ethernet/ip address database
 ethercodes.dat - vendor ethernet block list
 .ad
--- a/arpwatch-drop-man.patch
+++ b/arpwatch-drop-man.patch
@ -1,48 +0,0 @@
 --- arpwatch.8.orig	Sun Oct  8 23:31:28 2000
 +++ arpwatch.8	Mon Oct 16 16:46:19 2000
@@ -36,13 +36,16 @@
 .I interface
 ]
 .br
 -.ti +8
 +.ti +9
 [
 .B -n
 .IR net [/ width
 ]] [
 .B -r
 .I file
 +] [
 +.B -u
 +.I username
 ]
 .ad
 .SH DESCRIPTION
@@ -94,10 +97,26 @@
 .B arpwatch
 does not fork.
 .LP
 +If 
 +.B -u 
 +flag is used, 
 +.B arpwatch
 +drops root privileges and changes user ID to
 +.I username
 +and group ID to that of the primary group of 
 +.IR username .
 +This is recommended for security reasons.
 +.LP
 Note that an empty
 .I arp.dat
 file must be created before the first time you run
 -.BR arpwatch .
 +.BR arpwatch . 
 +Also, the default directory (where arp.dat is stored) must be owned
 +by 
 +.I username
 +if 
 +.BR -u
 +flag is used.
 .LP
 .SH "REPORT MESSAGES"
 Here's a quick list of the report messages generated by
--- a/arpwatch-drop.patch
+++ b/arpwatch-drop.patch
@ -1,93 +0,0 @@
 --- arpwatch-2.1a10/arpwatch.c	Sat Oct 14 05:07:35 2000
 +++ arpwatch-2.1a10/arpwatch.c	Sun Jun 10 16:22:57 2001
@@ -62,7 +62,7 @@
 #include <string.h>
 #include <syslog.h>
 #include <unistd.h>
 -
 +#include <pwd.h>
 #include <pcap.h>
 #include "gnuc.h"
@@ -141,6 +141,25 @@
 int	sanity_fddi(struct fddi_header *, struct ether_arp *, int);
 __dead	void usage(void) __attribute__((volatile));
 +void dropprivileges(const char* user)
 +{
 +	struct passwd* pw;
 +	pw = getpwnam( user );
 +	if ( pw ) {
 +		if ( initgroups(pw->pw_name, NULL) != 0 || setgid(pw->pw_gid) != 0 ||
 +				 setuid(pw->pw_uid) != 0 ) {
 +			syslog(LOG_ERR, "Couldn't change to '%.32s' uid=%d gid=%d", user,
 +						 pw->pw_uid, pw->pw_gid);
 +			exit(1);
 +		}
 +	}
 +	else {
 +		syslog(LOG_ERR, "Couldn't find user '%.32s' in /etc/passwd", user);
 +		exit(1);
 +	}
 +	syslog(LOG_DEBUG, "Running as uid=%d gid=%d", getuid(), getgid());
 +}
 +
 int
 main(int argc, char **argv)
 {
@@ -153,6 +172,7 @@
 	register char *interface, *rfilename;
 	struct bpf_program code;
 	char errbuf[PCAP_ERRBUF_SIZE];
 +	char* serveruser = NULL;
 	if (argv[0] == NULL)
 		prog = "arpwatch";
@@ -170,7 +190,7 @@
 	interface = NULL;
 	rfilename = NULL;
 	pd = NULL;
 -	while ((op = getopt(argc, argv, "df:i:n:Nr:")) != EOF)
 +	while ((op = getopt(argc, argv, "df:i:n:Nr:u:")) != EOF)
 		switch (op) {
 		case 'd':
@@ -202,6 +222,16 @@
 			rfilename = optarg;
 			break;
 +		case 'u':
 +			if ( optarg ) {
 +				serveruser = strdup(optarg);
 +			}
 +			else {
 +				fprintf(stderr, "%s: Need username after -u\n", prog);
 +				usage();
 +			}
 +			break;
 +
 		default:
 			usage();
 		}
@@ -283,8 +313,11 @@
 	 * Revert to non-privileged user after opening sockets
 	 * (not needed on most systems).
 	 */
 -	setgid(getgid());
 -	setuid(getuid());
 +	/*setgid(getgid());*/
 +	/*setuid(getuid());*/
 +	if ( serveruser ) {
 +		dropprivileges( serveruser );
 +	}
 	/* Must be ethernet or fddi */
 	linktype = pcap_datalink(pd);
@@ -751,6 +784,6 @@
 	(void)fprintf(stderr, "Version %s\n", version);
 	(void)fprintf(stderr, "usage: %s [-dN] [-f datafile] [-i interface]"
 -	    " [-n net[/width]] [-r file]\n", prog);
 +	    " [-n net[/width]] [-r file] [-u username]\n", prog);
 	exit(1);
 }
--- a/arpwatch-exitcode.patch
+++ b/arpwatch-exitcode.patch
@ -1,12 +0,0 @@
 diff -up arpwatch-2.1a15/arpwatch.c.exitcode arpwatch-2.1a15/arpwatch.c
 --- arpwatch-2.1a15/arpwatch.c.exitcode	2011-07-08 15:35:28.758414483 +0200
 +++ arpwatch-2.1a15/arpwatch.c	2011-07-08 15:35:31.539417016 +0200
@@ -782,7 +782,7 @@ die(int signo)
 	syslog(LOG_DEBUG, "exiting");
 	checkpoint(0);
 -	exit(1);
 +	exit(0);
 }
 RETSIGTYPE
--- a/arpwatch-pie.patch
+++ b/arpwatch-pie.patch
@ -1,18 +0,0 @@
 --- arpwatch-2.1a15/Makefile.in	2013-04-23 11:17:51.994488347 +0200
 +++ arpwatch-2.1a15/Makefile.in.new	2013-04-23 11:17:24.000000000 +0200
@@ -48,12 +48,12 @@
 DEFS = -DDEBUG @DEFS@ -DARPDIR=\"$(ARPDIR)\" -DPATH_SENDMAIL=\"$(SENDMAIL)\"
 # Standard CFLAGS
 -CFLAGS = $(CCOPT) $(DEFS) $(INCLS)
 +CFLAGS = $(CCOPT) $(DEFS) $(INCLS) -pie
 # Standard LIBS
 -LIBS = @LIBS@
 +LIBS = @LIBS@ -pie -Wl,-z,relro,-z,now
 # Standard LIBS without libpcap.a
 -SLIBS = @LBL_LIBS@
 +SLIBS = @LBL_LIBS@ -pie -Wl,-z,relro,-z,now
 INSTALL = @INSTALL@
 SENDMAIL = @V_SENDMAIL@
--- a/arpwatch-promisc.patch
+++ b/arpwatch-promisc.patch
@ -1,106 +0,0 @@
 --- a/arpwatch.8	2016-01-26 10:13:58.344326599 +0100
 +++ b/arpwatch.8	2016-01-26 09:59:46.620048949 +0100
@@ -27,7 +27,7 @@ arpwatch - keep track of ethernet/ip add
 .na
 .B arpwatch
 [
 -.B -dN
 +.B -dNp
 ] [
 .B -f
 .I datafile
@@ -70,6 +70,10 @@ background and emailing the reports. Ins
 .IR stderr .
 .LP
 The
 +.B -p
 +flag disables promiscous mode.
 +.LP
 +The
 .B -f
 flag is used to set the ethernet/ip address database filename.
 The default is
 diff -rup arpwatch-2.1a15/arpwatch.c arpwatch-2.1a15-new/arpwatch.c
 --- a/arpwatch.c	2016-01-26 10:13:58.356326563 +0100
 +++ b/arpwatch.c	2016-01-26 10:13:37.273390029 +0100
@@ -162,7 +162,7 @@ void dropprivileges(const char* user)
 }
 char *
 -try_dev(char *interface, pcap_t **pd, int *linktype, char *errbuf)
 +try_dev(char *interface, pcap_t **pd, int *linktype, int promisc, char *errbuf)
 {
 	register int snaplen, timeout;
@@ -170,7 +170,7 @@ try_dev(char *interface, pcap_t **pd, in
 				  sizeof(struct fddi_header)) + sizeof(struct ether_arp);
 	timeout = 1000;
 -	*pd = pcap_open_live(interface, snaplen, 1, timeout, errbuf);
 +	*pd = pcap_open_live(interface, snaplen, promisc, timeout, errbuf);
 	if (NULL == *pd) {
 		syslog(LOG_ERR, "pcap open %s: %s", interface,  errbuf);
 		return NULL;
@@ -187,14 +187,14 @@ try_dev(char *interface, pcap_t **pd, in
 }
 char *
 -iterate_dev(char *arginterface, pcap_t **pd, int *linktype, char *errbuf)
 +iterate_dev(char *arginterface, pcap_t **pd, int *linktype, int promisc, char *errbuf)
 {
 	static char interface[64 + 1];
 	pcap_if_t *alldevs;
 	pcap_if_t *dev;
 	if (NULL != arginterface) {
 -		return try_dev(arginterface, pd, linktype, errbuf);
 +		return try_dev(arginterface, pd, linktype, promisc, errbuf);
 	} else {
 		if (pcap_findalldevs(&alldevs, errbuf) == -1) {
 			(void)fprintf(stderr, "%s: lookup_device: %s\n",
@@ -203,7 +203,7 @@ iterate_dev(char *arginterface, pcap_t *
 		}
 		for (dev = alldevs; dev && (arginterface == NULL); dev = dev->next) {
 			strncpy(interface, dev->name, strlen(dev->name)+1);
 -			arginterface = try_dev(interface, pd, linktype, errbuf);
 +			arginterface = try_dev(interface, pd, linktype, promisc, errbuf);
 		}
 		pcap_freealldevs(alldevs);
 		return arginterface;
@@ -224,6 +224,7 @@ main(int argc, char **argv)
 	struct bpf_program code;
 	char errbuf[PCAP_ERRBUF_SIZE];
 	char* serveruser = NULL;
 +	int promisc = 1;
 	if (argv[0] == NULL)
 		prog = "arpwatch";
@@ -242,7 +243,7 @@ main(int argc, char **argv)
 	linktype = -1;
 	rfilename = NULL;
 	pd = NULL;
 -	while ((op = getopt(argc, argv, "df:i:n:Nr:u:e:s:")) != EOF)
 +	while ((op = getopt(argc, argv, "df:i:n:Nr:u:e:s:p")) != EOF)
 		switch (op) {
 		case 'd':
@@ -304,6 +305,10 @@ main(int argc, char **argv)
 			}
 			break;
 +		case 'p':
 +			promisc = 0;
 +			break;
 +
 		default:
 			usage();
 		}
@@ -317,7 +322,7 @@ main(int argc, char **argv)
 	} else {
 		/* Determine interface if not specified */
 -		interface = iterate_dev(interface, &pd, &linktype, errbuf);
 +		interface = iterate_dev(interface, &pd, &linktype, promisc, errbuf);
 		if (interface == NULL) {
 			(void)fprintf(stderr, "%s: lookup_device: no suitable interface found\n",
 						  prog);
--- a/arpwatch-scripts.patch
+++ b/arpwatch-scripts.patch
@ -1,27 +0,0 @@
 --- arpwatch-2.1a15/arp2ethers.scripts	2002-01-05 20:40:48.000000000 +0100
 +++ arpwatch-2.1a15/arp2ethers	2006-11-09 14:34:42.000000000 +0100
@@ -13,7 +13,7 @@
 #	- sort
 #
 -sort +2rn arp.dat | \
 +sort -k 2 -rn arp.dat | \
     awk 'NF == 4 { print }' | \
     awk -f p.awk | \
     egrep -v '\.[0-9][0-9]*$' | \
 --- arpwatch-2.1a15/arpfetch.scripts	2006-07-28 20:10:30.000000000 +0200
 +++ arpwatch-2.1a15/arpfetch	2006-11-09 14:37:05.000000000 +0100
@@ -4,8 +4,6 @@
 # arpfetch - collect arp data from a cisco using net-snmp
 #
 -export PATH="/usr/local/bin:${PATH}"
 -
 prog=`basename $0`
 if [ $# -ne 2 ]; then
@@ -30,4 +28,3 @@
 	    print ea "\t" ip
     }'
 -rm -f ${t1}
--- a/arpwatch.rpmlintrc
+++ b/arpwatch.rpmlintrc
@ -0,0 +1,10 @@
 # These are not real spelling errors...
 addFilter(r' spelling-error .* en_US (arpsnmp) ')
 # The sticky bit on this directory protects root-owned files from unlinking or
 # renaming by members of the arpwatch group.
 addFilter(r' non-standard-dir-perm /var/lib/arpwatch 1775')
 # Known zero-length files
 addFilter(r' zero-length /var/lib/arpwatch/arp.dat-?')
 # This is beyond what we want to rewrite downstream, and is not necessarily a
 # serious problem.
 addFilter(r' binary-or-shlib-calls-gethostbyname ')
--- a/arpwatch.service
+++ b/arpwatch.service
@ -1,12 +1,28 @@
 [Unit]
 Description=Arpwatch daemon which keeps track of ethernet/ip address pairings
 After=syslog.target network-online.target
-Documentation=man:arpwatch
+Wants=network-online.target
 Documentation=man:arpwatch(8)
 [Service]
-Type=forking
+Type=simple
 PrivateTmp=yes
-ExecStart=/usr/sbin/arpwatch -u arpwatch -e root -s 'root (Arpwatch)'
+EnvironmentFile=-/etc/sysconfig/arpwatch
 ExecStart=/usr/sbin/arpwatch -u arpwatch -F $OPTIONS
 Restart=on-failure
 ProtectProc=invisible
 CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN CAP_SETGID CAP_SETUID
 ProtectSystem=full
 ProtectHome=true
 ProtectClock=true
 ProtectKernelTunables=true
 ProtectKernelModules=true
 ProtectControlGroups=true
 RestrictSUIDSGID=true
 SystemCallFilter=@system-service
 SystemCallFilter=~@aio @chown @clock @ipc @keyring @memlock @resources
 SystemCallArchitectures=native
 [Install]
 WantedBy=multi-user.target
--- a/arpwatch.spec
+++ b/arpwatch.spec
@ -1,314 +1,255 @@
-%global _vararpwatch %{_localstatedir}/lib/arpwatch
+%bcond autoreconf 1
-%global _hardened_build 1
+
 Name:           arpwatch
 Epoch:          14
 Version:        3.9
 Release:        %autorelease
 Summary:        Network monitoring tools for tracking IP addresses on a network
 # SPDX matching with BSD-3-Clause confirmed at
 # https://gitlab.com/fedora/legal/fedora-license-data/-/issues/49
 License:        BSD-3-Clause
 # Any files under different licenses are part of the build system and do not
 # contribute to the license of the binary RPM:
 #   - config.guess and config.sub are GPL-3.0-or-later
 #   - configure is FSFUL
 #   - install-sh is X11
 #   - mkdep is BSD-4.3RENO
 SourceLicense:  %{shrink:
                %{license} AND
                BSD-4.3RENO AND
                FSFUL AND
                GPL-3.0-or-later AND
                X11
                }
 URL:            https://ee.lbl.gov/
 Requires:       /usr/sbin/sendmail
 Requires:       python3
 Name: arpwatch
 Epoch: 14
 Version: 2.1a15
 Release: 48%{?dist}
 Summary: Network monitoring tools for tracking IP addresses on a network
 License: BSD with advertising
 URL: http://ee.lbl.gov/
 Requires(pre): shadow-utils
 Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
 Requires: /usr/sbin/sendmail
 BuildRequires:  gcc
-BuildRequires: /usr/sbin/sendmail libpcap-devel perl-interpreter systemd
+BuildRequires:  make
 %if %{with autoreconf}
 BuildRequires:  autoconf
 %endif
-Source0: ftp://ftp.ee.lbl.gov/arpwatch-%{version}.tar.gz
+BuildRequires:  /usr/sbin/sendmail
-Source1: arpwatch.service
+BuildRequires:  systemd-rpm-macros
-# created by:
+%{?sysuser_requires_compat}
-# wget -O- http://standards.ieee.org/regauth/oui/oui.txt | \
+BuildRequires:  python3-devel
-# iconv -f iso8859-1 -t utf8 | massagevendor | bzip2
+BuildRequires:  libpcap-devel
-Source3: ethercodes-20110707.dat.bz2
+
-Patch1: arpwatch-2.1a4-fhs.patch
+# Note that https://ee.lbl.gov/ may not link to the latest version; the
-Patch2: arpwatch-2.1a10-man.patch
+# directory listing at https://ee.lbl.gov/downloads/arpwatch/ shows all
-Patch3: arpwatch-drop.patch
+# available versions.
-Patch4: arpwatch-drop-man.patch
+Source0:        https://ee.lbl.gov/downloads/arpwatch/arpwatch-%{version}.tar.gz
-Patch5: arpwatch-addr.patch
+# This file comes from https://standards-oui.ieee.org/oui/oui.csv; it is used
-Patch6: arpwatch-dir-man.patch
+# to generate ethercodes.dat. Because it is unversioned (and frequently
-Patch7: arpwatch-scripts.patch
+# updated), we store the file directly in the repository with the spec file;
-Patch8: arpwatch-2.1a15-nolocalpcap.patch
+# see the update-oui-csv script.
-Patch9: arpwatch-2.1a15-bogon.patch
+#
-Patch10: arpwatch-2.1a15-extraman.patch
+# File oui.csv last fetched 2025-12-11T07:07:44+00:00.
-Patch11: arpwatch-exitcode.patch
+Source1:        oui.csv
-Patch12: arpwatch-2.1a15-dropgroup.patch
+Source2:        arpwatch.service
-Patch13: arpwatch-2.1a15-devlookup.patch
+Source3:        arpwatch.sysconfig
-Patch14: arpwatch-2.1a15-lookupiselect.patch
+Source4:        arp2ethers.8
-Patch16: arpwatch-201301-ethcodes.patch
+Source5:        massagevendor.8
-Patch17: arpwatch-pie.patch
+Source6:        arpwatch.sysusers
-Patch18: arpwatch-aarch64.patch
+
-Patch19: arpwatch-promisc.patch
+# The latest versions of all “arpwatch-3.1-*” patches were sent upstream by
-# From arpwatch 3.1, backport the fix for the potentially-exploitable buffer
+# email 2021-04-24.
-# overflow reported in https://bugzilla.redhat.com/show_bug.cgi?id=1563939.
+
-Patch20: arpwatch-2.1a15-buffer-overflow-bz1563939.patch
+# Fix section numbers in man page cross-references. With minor changes, this
 # patch dates all the way back to arpwatch-2.1a4-man.patch, from RHBZ #15442.
 Patch:          arpwatch-3.1-man-references.patch
 # Add, and document, a -u argument to change to a specified unprivileged user
 # after establishing sockets. This combines and improves multiple previous
 # patches; see patch header and changelog for notes.
 Patch:          arpwatch-3.2-change-user.patch
 # Fix nonstandard sort flags in arp2ethers script.
 Patch:          arpwatch-3.1-arp2ethers-sort-invocation.patch
 # Fix stray rm (of an undefined variable) in example arpfetch script.
 Patch:          arpwatch-3.1-arpfetch-stray-rm.patch
 # Do not add /usr/local/bin or /usr/local/sbin to the PATH in any scripts
 Patch:          arpwatch-3.9-no-usr-local-path.patch
 # Do not attempt to search for local libpcap libraries lying around in the
 # parent of the build directory, or anywhere else random. This is not expected
 # to succeed anyway, but it is better to be sure.
 Patch:          arpwatch-3.1-configure-no-local-pcap.patch
 # RHBZ #244606: Correctly handle -n 0/32 to allow the user to disable reporting
 # bogons from 0.0.0.0.
 Patch:          arpwatch-3.1-all-zero-bogon.patch
 # When arpwatch is terminated cleanly by a signal (INT/TERM/HUP) handler, the
 # exit code should be zero for success instead of nonzero for failure.
 Patch:          arpwatch-3.5-exitcode.patch
 # When -i is not given, do not just try the first device found, but keep
 # checking devices until a usable one is found, if any is available.
 # Additionally, handle the case where a device provides both supported and
 # unsupported datalink types.
 Patch:          arpwatch-3.5-devlookup.patch
 # Replace _getshort(), “a glibc function that hasn't been declared in the
 # installed headers for many, many years,” with ns_get16(). Fixes C99
 # compatibility (https://bugzilla.redhat.com/show_bug.cgi?id=2166336). Sent
 # upstream by email 2023-02-01.
 Patch:          arpwatch-3.3-c99.patch
 # https://fedoraproject.org/wiki/Changes/EncourageI686LeafRemoval
 ExcludeArch:    %{ix86}
 %global pkgstatedir %{_sharedstatedir}/arpwatch
 %description
-The arpwatch package contains arpwatch and arpsnmp.  Arpwatch and
+The arpwatch package contains arpwatch and arpsnmp. Arpwatch and arpsnmp are
-arpsnmp are both network monitoring tools.  Both utilities monitor
+both network monitoring tools. Both utilities monitor Ethernet or FDDI network
-Ethernet or FDDI network traffic and build databases of Ethernet/IP
+traffic and build databases of Ethernet/IP address pairs, and can report
-address pairs, and can report certain changes via email.
+certain changes via email.
 Install the arpwatch package if you need networking monitoring devices which
 will automatically keep track of the IP addresses on your network.
 Install the arpwatch package if you need networking monitoring devices
 which will automatically keep track of the IP addresses on your
 network.
 %prep
-%setup -q
+%autosetup -p1
 # Substitute absolute paths to awk scripts in shell scripts
 sed -r -i 's|(-f *)([^[:blank:]+]\.awk)|\1%{_datadir}/arpwatch/\2|' arp2ethers
 # Fix default directory in man pages to match ARPDIR in build section. This was
 # formerly done by arpwatch-dir-man.patch. For thoroughness, do the same
 # replacement in update-ethercodes.sh.in and bihourly.sh, even though they are
 # not installed.
 sed -r -i 's|/usr/local/arpwatch|%{pkgstatedir}|g' *.8.in *.sh.in *.sh
 # Fix Python interpreter path (but note that this script is not installed)
 sed -r -i 's|/usr/local/bin/python|%{python3}|g' update-ethercodes.sh.in
 # Emailed upstream requesting a separate LICENSE/COPYING file 2022-07-30.
 # For now, we extract it from the main source file’s “header” comment.
 awk '/^ \* / { print substr($0, 4); } /^ \*\// { exit }' arpwatch.c |
  tee LICENSE
 %conf
 %if %{with autoreconf}
 autoreconf --force --install --verbose
 %endif
 # Prior to version 3.4, this was handled by the configure script. If it is not
 # defined, the build fails because time.h is not included in report.c. This
 # regregression was reported upstream by email to arpwatch@ee.lbl.gov on
 # 2023-09-06.
 export CPPFLAGS="${CPPFLAGS-} -DTIME_WITH_SYS_TIME=1"
 %configure --with-sendmail=/usr/sbin/sendmail PYTHON=%{python3}
 %patch1 -p1 -b .fhs
 %patch2 -p1 -b .arpsnmpman
 %patch3 -p1 -b .droproot
 %patch4 -p0 -b .droprootman
 %patch5 -p1 -b .mailuser
 %patch6 -p1 -b .dirman
 %patch7 -p1 -b .scripts
 %patch8 -p1 -b .nolocalpcap
 %patch9 -p1 -b .bogon
 %patch10 -p1 -b .extraman
 %patch11 -p1 -b .exitcode
 %patch12 -p1 -b .dropgroup
 %patch13 -p1 -b .devlookup
 %patch14 -p1 -b .iselect
 %patch16 -p1 -b .ethcode
 %patch17 -p1 -b .pie
 %patch18 -p1 -b .aarch64
 %patch19 -p1 -b .promisc
 %patch20 -p1 -b .overflow
 %build
-%configure
+%make_build ARPDIR=%{pkgstatedir}
-make ARPDIR=%{_vararpwatch}
+
 %install
 install -p -D -m 0644 %{SOURCE6} '%{buildroot}%{_sysusersdir}/arpwatch.conf'
-mkdir -p $RPM_BUILD_ROOT%{_mandir}/man8
+# The upstream Makefile does not create the directories it requires, so we must
-mkdir -p $RPM_BUILD_ROOT%{_sbindir}
+# do it manually. Additionally, it attempts to comment out the installation of
-mkdir -p $RPM_BUILD_ROOT%{_vararpwatch}
+# the init script on non-FreeBSD platforms, but this does not quite work as
-mkdir -p $RPM_BUILD_ROOT%{_unitdir}
+# intended. We just let it install the file, then remove it afterwards.
-touch $RPM_BUILD_ROOT%{_vararpwatch}/arp.dat-
+install -d %{buildroot}%{_mandir}/man8 \
-make DESTDIR=$RPM_BUILD_ROOT install install-man
+    %{buildroot}%{_sbindir} \
    %{buildroot}%{_datadir}/arpwatch \
    %{buildroot}%{pkgstatedir} \
    %{buildroot}%{_unitdir} \
    %{buildroot}%{_prefix}/etc/rc.d
-# prepare awk scripts
+%make_install
 perl -pi -e "s/\'/\'\\\'\'/g" *.awk
-# and embed them
+# Make install uses mode 0555, which is unconventional, and which can interfere
-for i in arp2ethers massagevendor massagevendor-old; do
+# with debuginfo generation since the file is not writable by its owner.
-	cp -f $i $RPM_BUILD_ROOT%{_sbindir}
+chmod -v 0755 %{buildroot}%{_sbindir}/arpwatch %{buildroot}%{_sbindir}/arpsnmp
 	for j in *.awk; do
 		sed "s/-f\ *\(\<$j\>\)/\'\1\n\' /g" \
 			< $RPM_BUILD_ROOT%{_sbindir}/$i \
 			| sed "s/$j\$//;tx;b;:x;r$j" \
 			> $RPM_BUILD_ROOT%{_sbindir}/$i.x
 		mv -f $RPM_BUILD_ROOT%{_sbindir}/$i{.x,}
 	done
 	chmod 755 $RPM_BUILD_ROOT%{_sbindir}/$i
 done
-install -p -m644 *.dat $RPM_BUILD_ROOT%{_vararpwatch}
+install -p -t %{buildroot}%{_datadir}/arpwatch -m 0644 *.awk
-install -p -m644 %{SOURCE1} $RPM_BUILD_ROOT%{_unitdir}/arpwatch.service
+install -p -t %{buildroot}%{_sbindir} arp2ethers
-install -p -m644 %{SOURCE3} $RPM_BUILD_ROOT%{_vararpwatch}/ethercodes.dat.bz2
+install -p massagevendor.py %{buildroot}%{_sbindir}/massagevendor
-bzip2 -df $RPM_BUILD_ROOT%{_vararpwatch}/ethercodes.dat.bz2
+
 install -p -t %{buildroot}%{pkgstatedir} -m 0644 *.dat
 touch %{buildroot}%{pkgstatedir}/arp.dat- \
    %{buildroot}%{pkgstatedir}/arp.dat.new
 install -p -t %{buildroot}%{_unitdir} -m 0644 %{SOURCE2}
 %{python3} massagevendor.py < %{SOURCE1} \
    > %{buildroot}%{pkgstatedir}/ethercodes.dat
 touch -r %{SOURCE1} ethercodes.dat
 # Add an environment/sysconfig file:
 install -d %{buildroot}%{_sysconfdir}/sysconfig
 install -p -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/arpwatch
 # Add extra man pages not provided upstream:
 install -p -t %{buildroot}%{_mandir}/man8 -m 0644 %{SOURCE4} %{SOURCE5}
 # Remove legacy init scripts:
 rm -rvf %{buildroot}%{_prefix}/etc/rc.d
 %check
 # Verify the sed script in the prep section did not miss fixing the ARPDIR
 # anywhere
 if grep -FrnI '/usr/local/arpwatch' .
 then
  echo 'Missed fixing ARPDIR in at least one file' 1>&2
  exit 1
 fi
 # Verify we did not miss any PATH alterations in
 # arpwatch-no-usr-local-path.patch.
 if grep -ErnI --exclude=mkdep --exclude='config.*' '^[^#].*/usr/local/s?bin' .
 then
  echo 'Probably missed an uncommented PATH alteration with /usr/local' 1>&2
  exit 1
 fi
 rm -f $RPM_BUILD_ROOT%{_sbindir}/massagevendor-old
 %post
 %systemd_post arpwatch.service
 %pre
 if ! getent group arpwatch &> /dev/null; then
 	getent group pcap 2> /dev/null | grep -q 77 &&
 		/usr/sbin/groupmod -n arpwatch pcap 2> /dev/null ||
 		/usr/sbin/groupadd -g 77 arpwatch 2> /dev/null
 fi
 if ! getent passwd arpwatch &> /dev/null; then
 	getent passwd pcap 2> /dev/null | grep -q 77 &&
 		/usr/sbin/usermod -l arpwatch -g 77 \
 			-d %{_vararpwatch} pcap 2> /dev/null ||
 		/usr/sbin/useradd -u 77 -g 77 -s /sbin/nologin \
 			-M -r -d %{_vararpwatch} arpwatch 2> /dev/null
 fi
 :
 %postun
 %systemd_postun_with_restart arpwatch.service
 %preun
 %systemd_preun arpwatch.service
 %files
-%doc README CHANGES arpfetch
+%license LICENSE
 %doc README
 %doc CHANGES
 %doc arpfetch
 %{_sbindir}/arpwatch
 %{_sbindir}/arpsnmp
 # manually-installed scripts
 %{_sbindir}/arp2ethers
 %{_sbindir}/massagevendor
-%{_mandir}/man8/*.8*
+
 %dir %{_datadir}/arpwatch
 %{_datadir}/arpwatch/*.awk
 # make install uses mode 0444, which is unconventional
 %attr(0644,-,-) %{_mandir}/man8/*.8*
 %{_unitdir}/arpwatch.service
-%attr(1775,-,arpwatch) %dir %{_vararpwatch}
+%{_sysusersdir}/arpwatch.conf
-%attr(0644,arpwatch,arpwatch) %verify(not md5 size mtime) %config(noreplace) %{_vararpwatch}/arp.dat
+%config(noreplace) %{_sysconfdir}/sysconfig/arpwatch
-%attr(0644,arpwatch,arpwatch) %verify(not md5 size mtime) %config(noreplace) %{_vararpwatch}/arp.dat-
+
-%attr(0600,arpwatch,arpwatch) %verify(not md5 size mtime) %ghost %{_vararpwatch}/arp.dat.new
+%attr(1775,-,arpwatch) %dir %{pkgstatedir}
-%attr(0644,-,arpwatch) %verify(not md5 size mtime) %config(noreplace) %{_vararpwatch}/ethercodes.dat
+%attr(0644,arpwatch,arpwatch) %verify(not md5 size mtime) %config(noreplace) %{pkgstatedir}/arp.dat
 %attr(0644,arpwatch,arpwatch) %verify(not md5 size mtime) %config(noreplace) %{pkgstatedir}/arp.dat-
 %attr(0600,arpwatch,arpwatch) %verify(not md5 size mtime) %ghost %{pkgstatedir}/arp.dat.new
 %attr(0644,-,arpwatch) %verify(not md5 size mtime) %config(noreplace) %{pkgstatedir}/ethercodes.dat
 %changelog
-* Tue Oct 27 2020 Benjamin A. Beasley <code@musicinmybrain.net> - 14:2.1a15-48
+%autochangelog
 - fix arpwatch buffer overflow (#1563939)
 * Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-47
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-46
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 * Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-45
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 * Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-44
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-43
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 * Mon Mar  5 2018 Jan Synáček <jsynacek@redhat.com> - 14:2.1a15-42
 - make sure arpwatch starts after network devices are up (#1551431)
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-41
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
 * Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-40
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
 * Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-39
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
 * Mon Feb 20 2017 Jan Synáček <jsynacek@redhat.com> - 14:2.1a15-38
 - fix FTBFS (#1423238)
 * Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-37
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
 * Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-36
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
 * Tue Jan 26 2016 Jan Synáček <jsynacek@redhat.com> - 14:2.1a15-35
 - fix arpwatch buffer overflow (#1301880)
 - add -p option that disables promiscuous mode (#1301853)
 * Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-34
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
 * Fri Aug 15 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-33
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
 * Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-32
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
 * Mon Feb  3 2014 Jan Synáček <jsynacek@redhat.com> 14:2.1a15-31
 - reference documentation in the service file
 - remove redundant sysconfig-related stuff
 * Sun Aug  4 2013 Peter Robinson <pbrobinson@fedoraproject.org> 14:2.1a15-30
 - Fix FTBFS
 * Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-29
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
 * Tue Apr 23 2013 Jan Synáček <jsynacek@redhat.com> 14:2.1a15-28
 - harden the package (#954336)
 - support aarch64 (#925027)
 * Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-27
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
 * Thu Jan 17 2013 Ales Ledvinka <aledvink@redhat.com> - 14:2.1a15-26
 - fix permissions related to collected database
 - update ethcodes defaults to current public IEEE OUI-32
 * Mon Oct 15 2012 Ales Ledvinka <aledvink@redhat.com> - 14:2.1a15-25
 - fix -i with invalid interface specified (#842660)
 * Mon Oct 15 2012 Ales Ledvinka <aledvink@redhat.com> - 14:2.1a15-24
 - fix devlookup to start with -i interface specified (#842660)
 * Wed Aug 22 2012 Jan Synáček <jsynacek@redhat.com> - 14:2.1a15-23
 - Add system-rpm macros (#850032)
 * Tue Jul 24 2012 Jan Synáček <jsynacek@redhat.com> - 14:2.1a15-22
 - add devlookup patch: search for suitable default interface, if -i is not
  specified (#842660)
 * Thu Jul 19 2012 Jan Synáček <jsynacek@redhat.com> - 14:2.1a15-21
 - make spec slightly more fedora-review-friendly
 * Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-21
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
 * Thu May 31 2012 Aleš Ledvinka <aledvink@redhat.com> 14:2.1a15-20
 - fix supplementary group list (#825328) (CVE-2012-2653)
 * Thu Jan 19 2012 Jan Synáček <jsynacek@redhat.com> 14:2.1a15-19
 - Turn on PrivateTmp=true in service file (#782477)
 * Thu Jan 05 2012 Jan Synáček <jsynacek@redhat.com> 14:2.1a15-18
 - Rebuilt for GCC 4.7
 * Fri Jul 08 2011 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-17
 - exit with zero error code (#699285)
 - change service type to forking (#699285)
 * Thu Jul 07 2011 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-16
 - replace SysV init script with systemd service (#699285)
 - update ethercodes.dat
 * Mon Mar 28 2011 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-15
 - update ethercodes.dat (#690948)
 * Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-14
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
 * Tue Mar 30 2010 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-13
 - update ethercodes.dat (#577552)
 - mark ethercodes.dat as noreplace
 - fix init script LSB compliance
 - include Debian arp2ethers and massagevendor man pages (#526160)
 - don't include massagevendor-old script anymore
 * Wed Sep 02 2009 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-12
 - update ethercodes.dat
 * Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-11
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
 * Mon Feb 23 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-10
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
 * Tue Sep 16 2008 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-9
 - update ethercodes.dat (#462364)
 * Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 14:2.1a15-8
 - Autorebuild for GCC 4.3
 * Wed Aug 22 2007 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-7
 - rebuild
 * Thu Aug 09 2007 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-6
 - improve init script (#246869)
 - allow -n 0/32 to disable reporting bogons from 0.0.0.0 (#244606)
 - update license tag
 - update ethercodes.dat
 * Wed Jun 13 2007 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-5
 - update ethercodes.dat
 * Thu May 24 2007 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-4
 - fix return codes in init script (#237781)
 * Mon Jan 15 2007 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-3
 - rename pcap user to arpwatch
 * Tue Nov 28 2006 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-2
 - split from tcpdump package (#193657)
 - update to 2.1a15
 - clean up files in /var
 - force linking with system libpcap
--- a/arpwatch.sysconfig
+++ b/arpwatch.sysconfig
@ -0,0 +1,2 @@
 # See arpwatch(8) for more information on available options.
 OPTIONS=-C
--- a/arpwatch.sysusers
+++ b/arpwatch.sysusers
@ -0,0 +1,2 @@
 #Type Name      ID  GECOS                         Home directory     Shell
 u     arpwatch  -   "Service user for arpwatch"   /var/lib/arpwatch  /sbin/nologin
--- a/292
+++ b/292
@ -0,0 +1,292 @@
 * Fri Jul 09 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 14:3.1-14
 - generate ethercodes.dat from latest oui.csv
 * Mon May 03 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 14:3.1-13
 - Fix systemd sandboxing syntax in unit file
 - generate ethercodes.dat from latest oui.csv
 * Sat Apr 24 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 14:3.1-12
 - Fix an error in arpwatch-devlookup.patch that could cause a null pointer
  dereference on startup. Implements the suggestion of PR#1, “Update
  arpwatch-devlookup.patch to correctly open a named interface”.
 - generate ethercodes.dat from latest oui.csv
 * Tue Apr 06 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 14:3.1-11
 - Do not use %%exclude for unpackaged files (RPM 4.17 compatibility)
 - generate ethercodes.dat from latest oui.csv
 * Mon Mar 29 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 14:3.1-10
 - generate ethercodes.dat from latest oui.csv
 * Wed Mar 17 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 14:3.1-9
 - generate ethercodes.dat from latest oui.csv
 * Tue Mar 09 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 14:3.1-8
 - generate ethercodes.dat from latest oui.csv
 * Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 14:3.1-7
 - Rebuilt for updated systemd-rpm-macros
  See https://pagure.io/fesco/issue/2583.
 * Sun Jan 31 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 14:3.1-6
 - generate ethercodes.dat from latest oui.csv
 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 14:3.1-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 * Sun Jan 10 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 14:3.1-4
 - Fix changelog date
 * Sat Jan  9 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 14:3.1-3
 - Generate ethercodes.dat from latest oui.csv
 - Change systemd BR to systemd-rpm-macros
 - Drop Requires on systemd for scriptlets per current guidelines
 * Wed Dec 16 2020 Benjamin A. Beasley <code@musicinmybrain.net> - 14:3.1-2
 - Add BR on make for
  https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot
 - generate ethercodes.dat from latest oui.csv
 * Wed Nov 11 2020 Benjamin A. Beasley <code@musicinmybrain.net> - 14:3.1-1
 - new upstream version 3.1
 - generate ethercodes.dat from latest oui.csv
 - improve systemd unit file, including hardening
 - add sysconfig (environment) file
 - drop arpwatch-2.1a4-fhs.patch: version 3.1 no longer attempts to set
  user/group for installed binaries, and permissions for binaries and man pages
  are now adjusted in the files section of the spec file
 - rebase arpwatch-2.1a10-man.patch against version 3.1 as
  arpwatch-man-references.patch, fixing some additional cross-references
 - rebase against version 3.1 and combine arpwatch-drop.patch, which provided
  -u; arpwatch-drop-man.patch, which documented it; and
  arpwatch-2.1a15-dropgroup.patch, which fixed CVE-2012-2653 (RHBZ #825328) in
  the original arpwatch-drop.patch, into a single combined
  arpwatch-change-user.patch; remove an unnecessary and unchecked strdup() in
  the original patch that could have theoretically led to a null pointer
  dereference
 - drop arpwatch-addr.patch; the -e and -s arguments are now present in upstream
  version 3.1 as -w and -W, respectively
 - replace arpwatch-dir-man.patch with a sed invocation
 - replace arpwatch-2.1a15-extraman.patch with additional source files
  arp2ethers.8 and massagevendor.8; reformat the contents to match the upstream
  arpwatch.8 and arpsnmp.8 man pages; remove references to Debian; and rewrite
  massagevendor.8 to match the new Python-based massagevendor script
 - split arpwatch-scripts.patch into arpwatch-arp2ethers-sort-invocation.patch,
  arpwatch-arpfetch-stray-rm.patch, and arpwatch-no-usr-local-path.patch,
  removing some additional PATH alterations in the last
 - rebase arpwatch-2.1a15-nolocalpcap.patch against the version 3.1 configure script
  and rename it as arpwatch-configure-no-local-pcap.patch
 - rebase arpwatch-2.1a15-bogon.patch against version 3.1 and rename it as
  arpwatch-all-zero-bogon.patch
 - rebase arpwatch-exitcode.patch against version 3.1
 - rewrite, combine, and simplify arpwatch-2.1a15-devlookup.patch and
  arpwatch-2.1a15-lookupiselect.patch, which fixed RHBZ #842660, as
  arpwatch-devlookup.patch; upstream version 3.1 will now try the first
  interface when -i is not given, but we still need a patch to search for
  another usable interface if the first one is not usable; additionally, the
  patch now handles the case where a device provides both supported and
  unsupported datalink types.
 - drop arpwatch-201301-ethcodes.patch; upstream no longer distributes
  ethercodes.dat anyway, and we are generating it from oui.csv
 - drop arpwatch-pie.patch; we are passing in hardened CFLAGS/LDFLAGS the normal
  way
 - drop arpwatch-aarch64.patch, as upstream now has a more up-to-date
  config.guess
 - drop arpwatch-promisc.patch; the -p flag is now upstream
 - drop arpwatch-2.1a15-buffer-overflow-bz1563939.patch, which was a backport
  from this version
 * Sat Oct 31 2020 Benjamin A. Beasley <code@musicinmybrain.net> - 14:2.1a15-52
 - add rpmlintrc file to suppress expected rpmlint errors
 * Sat Oct 31 2020 Benjamin A. Beasley <code@musicinmybrain.net> - 14:2.1a15-51
 - touch ghost file arp.dat.new (ghost files should exist in the buildroot)
 * Sat Oct 31 2020 Benjamin A. Beasley <code@musicinmybrain.net> - 14:2.1a15-50
 - use autosetup macro to apply patches
 * Fri Oct 30 2020 Benjamin A. Beasley <code@musicinmybrain.net> - 14:2.1a15-49
 - drop explicit _hardened_build macro (default in all current Fedora releases)
 - replace _vararpwatch macro with pkgstatedir, and define in terms of
  _sharedstatedir instead of _localstatedir
 - use buildroot macro instead of RPM_BUILD_ROOT variable
 - use package name macro more widely
 - create macros for unprivileged service user and group names
 - adjust whitespace throughout the spec file
 - update URLs
 - remove unnecessary BR on systemd
 - use make_build and make_install macros; as a consequence, we now preserve
  timestamps when installing files (install -p)
 - since we do not package the massagevendor-old script, do not prep it with the
  others
 - instead of embedding awk scripts in the shell scripts that use them, install
  the awk scripts and use their absolute paths in the shell scripts; drop BR on
  perl, which was used to quote the awk scripts
 - tidy up manual install steps
 - remove user/group renaming code from pre-install script, and replace it with
  the suggested implementation for soft static allocation from
  https://fedoraproject.org/wiki/Packaging:UsersAndGroups;
  the pcap user and group were renamed to arpwatch in 2007
  (https://src.fedoraproject.org/rpms/arpwatch/c/f1b7b51), and we have no need
  to handle such ancient installations anymore
 * Tue Oct 27 2020 Benjamin A. Beasley <code@musicinmybrain.net> - 14:2.1a15-48
 - fix arpwatch buffer overflow (#1563939)
 * Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-47
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-46
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 * Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-45
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 * Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-44
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-43
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 * Mon Mar  5 2018 Jan Synáček <jsynacek@redhat.com> - 14:2.1a15-42
 - make sure arpwatch starts after network devices are up (#1551431)
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-41
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
 * Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-40
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
 * Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-39
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
 * Mon Feb 20 2017 Jan Synáček <jsynacek@redhat.com> - 14:2.1a15-38
 - fix FTBFS (#1423238)
 * Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-37
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
 * Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-36
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
 * Tue Jan 26 2016 Jan Synáček <jsynacek@redhat.com> - 14:2.1a15-35
 - fix arpwatch buffer overflow (#1301880)
 - add -p option that disables promiscuous mode (#1301853)
 * Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-34
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
 * Fri Aug 15 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-33
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
 * Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-32
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
 * Mon Feb  3 2014 Jan Synáček <jsynacek@redhat.com> 14:2.1a15-31
 - reference documentation in the service file
 - remove redundant sysconfig-related stuff
 * Sun Aug  4 2013 Peter Robinson <pbrobinson@fedoraproject.org> 14:2.1a15-30
 - Fix FTBFS
 * Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-29
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
 * Tue Apr 23 2013 Jan Synáček <jsynacek@redhat.com> 14:2.1a15-28
 - harden the package (#954336)
 - support aarch64 (#925027)
 * Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-27
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
 * Thu Jan 17 2013 Ales Ledvinka <aledvink@redhat.com> - 14:2.1a15-26
 - fix permissions related to collected database
 - update ethcodes defaults to current public IEEE OUI-32
 * Mon Oct 15 2012 Ales Ledvinka <aledvink@redhat.com> - 14:2.1a15-25
 - fix -i with invalid interface specified (#842660)
 * Mon Oct 15 2012 Ales Ledvinka <aledvink@redhat.com> - 14:2.1a15-24
 - fix devlookup to start with -i interface specified (#842660)
 * Wed Aug 22 2012 Jan Synáček <jsynacek@redhat.com> - 14:2.1a15-23
 - Add system-rpm macros (#850032)
 * Tue Jul 24 2012 Jan Synáček <jsynacek@redhat.com> - 14:2.1a15-22
 - add devlookup patch: search for suitable default interface, if -i is not
  specified (#842660)
 * Thu Jul 19 2012 Jan Synáček <jsynacek@redhat.com> - 14:2.1a15-21
 - make spec slightly more fedora-review-friendly
 * Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-21
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
 * Thu May 31 2012 Aleš Ledvinka <aledvink@redhat.com> 14:2.1a15-20
 - fix supplementary group list (#825328) (CVE-2012-2653)
 * Thu Jan 19 2012 Jan Synáček <jsynacek@redhat.com> 14:2.1a15-19
 - Turn on PrivateTmp=true in service file (#782477)
 * Thu Jan 05 2012 Jan Synáček <jsynacek@redhat.com> 14:2.1a15-18
 - Rebuilt for GCC 4.7
 * Fri Jul 08 2011 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-17
 - exit with zero error code (#699285)
 - change service type to forking (#699285)
 * Thu Jul 07 2011 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-16
 - replace SysV init script with systemd service (#699285)
 - update ethercodes.dat
 * Mon Mar 28 2011 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-15
 - update ethercodes.dat (#690948)
 * Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-14
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
 * Tue Mar 30 2010 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-13
 - update ethercodes.dat (#577552)
 - mark ethercodes.dat as noreplace
 - fix init script LSB compliance
 - include Debian arp2ethers and massagevendor man pages (#526160)
 - don't include massagevendor-old script anymore
 * Wed Sep 02 2009 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-12
 - update ethercodes.dat
 * Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-11
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
 * Mon Feb 23 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-10
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
 * Tue Sep 16 2008 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-9
 - update ethercodes.dat (#462364)
 * Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 14:2.1a15-8
 - Autorebuild for GCC 4.3
 * Wed Aug 22 2007 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-7
 - rebuild
 * Thu Aug 09 2007 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-6
 - improve init script (#246869)
 - allow -n 0/32 to disable reporting bogons from 0.0.0.0 (#244606)
 - update license tag
 - update ethercodes.dat
 * Wed Jun 13 2007 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-5
 - update ethercodes.dat
 * Thu May 24 2007 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-4
 - fix return codes in init script (#237781)
 * Mon Jan 15 2007 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-3
 - rename pcap user to arpwatch
 * Tue Nov 28 2006 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-2
 - split from tcpdump package (#193657)
 - update to 2.1a15
 - clean up files in /var
 - force linking with system libpcap
--- a/massagevendor.8
+++ b/massagevendor.8
@ -0,0 +1,94 @@
 .Dd 8 November 2020
 .Dt MASSAGEVENDOR 8
 .Sh NAME
 .Nm massagevendor
 .Nd convert the ethernet vendor codes master list to arpwatch format
 .Sh SYNOPSIS
 .Nm
 .Op Fl CdhvZ
 .Op Fl -vendor
 .Op Ar csv
 .Sh DESCRIPTION
 .Nm
 is a program that converts a text file containing ethernet vendor codes into a
 format suitable for use by
 .Xr arpwatch 8
 and
 .Xr arpsnmp 8 .
 The input
 .Ar csv
 is a master CSV (comma-separated-value) file containing vendor codes.
 The output is sent to
 .Ar stdout .
 .Pp
 All ethernet devices have a unique identifier which includes a vendor code
 specifying the manufacturer of the device.
 In normal operation
 .Xr arpwatch 8
 and
 .Xr arpsnmp 8
 use the file
 .Ar ethercodes.dat
 to report this vendor code.
 .Nm
 is used to generate the
 .Ar ethercodes.dat
 file from CSV files containing these vendor codes.
 .Pp
 Locations where an ethernet vendor codes master text file can be obtained are
 given below.
 .Pp
 The
 .Fl C
 flag (default) uses compact padded ethernet addresses in
 .Ar ethercodes.dat ,
 e.g. 0:8:e1:1:2:d6; this is the default.
 .Pp
 The
 .Fl d
 flag is used to enable debugging.
 .Pp
 The
 .Fl v
 flag is used to enable verbose messages.
 .Pp
 The
 .Fl Z
 flag uses zero padded ethernet addresses in
 .Ar ethercodes.dat ,
 e.g. 00:08:e1:01:02:d6.
 .Pp
 The
 .Fl h
 flag shows a help message and exits.
 .Pp
 The
 .Fl -version
 option shows the program version number and exits.
 .Sh FILES
 .Bl -tag -width ".Pa /var/lib/arpwatch" -compact
 .It Pa /var/lib/arpwatch
 default location of the ethernet vendor list
 .It Pa ethercodes.dat
 file containing the list of ethernet vendor codes
 .Sh "SEE ALSO"
 .Xr arpwatch 8 ,
 .Xr arpsnmp 8
 .Sh NOTES
 The ethernet vendor codes as assigned by the IEEE can be found at:
 .Pp
 .Dl Ar https://standards-oui.ieee.org/oui/oui.csv
 .Sh AUTHORS
 .An Craig Leres
 of the Lawrence Berkeley National Laboratory Network Research Group,
 University of California, Berkeley, CA.
 .Pp
 The current version is available via anonymous ftp:
 .Pp
 .Dl Ar ftp://ftp.ee.lbl.gov/arpwatch.tar.gz
 .Pp
 This manual page was contributed by Hugo Graumann and updated by Benjamin
 Beasley.
 .Sh BUGS
 Please send bug reports to
 .Aq arpwatch@ee.lbl.gov .
--- a/oui.csv
+++ b/oui.csv
--- a/3
+++ b/3
@ -1,2 +1 @@
-cebfeb99c4a7c2a6cee2564770415fe7  arpwatch-2.1a15.tar.gz
+SHA512 (arpwatch-3.9.tar.gz) = b6fdda79caf6c79d78d629b28987d381981d8ac9150dd95c44ba0ed634d905446a8b64d73cdacca89d42a77965e0710d0a60184010440fed19168dae4e3dd4bd
 01f3c7d622269404b08696f3c4a5737e  ethercodes-20110707.dat.bz2
--- a/41
+++ b/41
@ -0,0 +1,41 @@
 #!/bin/sh
 set -o errexit
 set -o nounset
 URL='https://standards-oui.ieee.org/oui/oui.csv'
 DATA='oui.csv'
 SPEC='arpwatch.spec'
 cd "$(dirname "$0")"
 echo "==> Fetching ${URL}..." 1>&2
 newfile="$(mktemp out.csv.XXXXXXXXXX)"
 # shellcheck disable=SC2064
 trap "rm -f '${newfile}'" INT TERM EXIT
 chmod 0644 "${newfile}"
 curl --output "${newfile}" "${URL}"
 echo '==> Comparing data...' 1>&2
 newhash="$(sha256sum < "${newfile}")"
 oldhash="$(sha256sum < "${DATA}")"
 if [ "${newhash}" = "${oldhash}" ]
 then
  echo '==> Local file is up to date' 1>&2
  exit 0
 fi
 env TZ=UTC stat --format='Old file %s bytes, modified %y' "${DATA}"
 env TZ=UTC stat --format='New file %s bytes, modified %y' "${newfile}"
 mv "${newfile}" "${DATA}"
 ISOMTIME="$(
  env TZ=UTC date --iso-8601=seconds --date="$(stat --format='@%Y' "${DATA}")"
 )"
 sed -r -i 's/(oui\.csv last fetched )[^[:blank:]]+\./\1'"${ISOMTIME}./" "${SPEC}"
 echo "==> Updated ${DATA}" 1>&2
 git add "${DATA}"
 fedpkg commit -m 'Generate ethercodes.dat from latest oui.csv'
 # vim: set tw=78 ts=2 sw=2 sts=2 et ai cin nojs :
Author	SHA1	Message	Date
Fedora Release Engineering	6ed64346f0	Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild	2026-01-16 03:56:08 +00:00
Benjamin A. Beasley	3541129118	Generate ethercodes.dat from latest oui.csv	2025-12-11 07:07:44 +00:00
Benjamin A. Beasley	6141d65df8	Update to 3.9 (close RHBZ#2406123)	2025-10-23 23:37:22 +01:00
Benjamin A. Beasley	db38436f1e	Generate ethercodes.dat from latest oui.csv	2025-10-23 23:21:46 +01:00
Benjamin A. Beasley	b44e9a4c9f	Generate ethercodes.dat from latest oui.csv	2025-10-11 07:04:34 +01:00
Benjamin A. Beasley	6b7db1bfcf	Generate ethercodes.dat from latest oui.csv	2025-09-13 07:14:57 +01:00
Benjamin A. Beasley	f5306decab	Generate ethercodes.dat from latest oui.csv	2025-08-16 06:22:17 -04:00
Fedora Release Engineering	5cfee9bb3c	Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild	2025-07-23 17:15:06 +00:00
Benjamin A. Beasley	5ef30239ce	Very minor spec-file reformatting [skip changelog]	2025-06-13 06:24:20 -04:00
Benjamin A. Beasley	bf02e5c50e	Generate ethercodes.dat from latest oui.csv	2025-06-02 20:42:09 -04:00
Benjamin A. Beasley	90b170a064	Generate ethercodes.dat from latest oui.csv	2025-04-24 16:19:29 -04:00
Benjamin A. Beasley	b77727ab51	Update .rpmlintrc file for a new rpmlint version	2025-04-24 16:17:54 -04:00
Benjamin A. Beasley	362e16b710	Update to 3.8 (close RHBZ#2349279)	2025-03-03 11:29:09 -05:00
Benjamin A. Beasley	a4e44e673f	Generate ethercodes.dat from latest oui.csv	2025-03-03 11:25:55 -05:00
Zbigniew Jędrzejewski-Szmek	aa93d898b1	Drop call to %sysusers_create_compat After https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers, rpm will handle account creation automatically.	2025-02-11 17:03:15 +01:00
Benjamin A. Beasley	9f602e31b6	Generate ethercodes.dat from latest oui.csv	2025-02-01 10:35:35 -05:00
Fedora Release Engineering	f42f360657	Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild	2025-01-16 11:34:52 +00:00
Benjamin A. Beasley	fc583c9e0c	Add a SourceLicense field	2024-12-11 14:42:00 -05:00
Benjamin A. Beasley	b040c3562d	Generate ethercodes.dat from latest oui.csv	2024-12-11 14:42:00 -05:00
Benjamin A. Beasley	f74702c0e3	Generate ethercodes.dat from latest oui.csv	2024-11-26 01:45:19 -05:00
Benjamin A. Beasley	e0bcb1f8cd	Invoke autoreconf and configure in %conf rather than in %build	2024-10-31 14:52:22 -04:00
Benjamin A. Beasley	872fd85ed5	By default, re-generate the configure script	2024-10-31 14:51:48 -04:00
Benjamin A. Beasley	768183ab7d	Fix arpwatch/arpsnmp permissions in %install, not in %files - Works around an issue extracting debuginfo	2024-10-31 14:50:13 -04:00
Benjamin A. Beasley	656c3cc8eb	Fix a trivial typo in the spec file	2024-10-31 14:50:13 -04:00
Benjamin A. Beasley	ce3298b99b	Generate ethercodes.dat from latest oui.csv	2024-10-31 14:34:08 -04:00
Benjamin A. Beasley	0676e59166	Update to 3.7 (close RHBZ#2316380)	2024-10-04 07:18:29 -04:00
Benjamin A. Beasley	2d5150f315	Generate ethercodes.dat from latest oui.csv	2024-10-04 07:15:41 -04:00
Benjamin A. Beasley	b62191f856	Generate ethercodes.dat from latest oui.csv	2024-09-14 12:33:12 -04:00
Fedora Release Engineering	14f68a1cd1	Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild	2024-07-17 17:27:40 +00:00
Benjamin A. Beasley	5e5d4350d0	Generate ethercodes.dat from latest oui.csv	2024-07-02 14:34:54 -04:00
Benjamin A. Beasley	0d3389279c	Generate ethercodes.dat from latest oui.csv	2024-05-17 13:17:26 -04:00
Benjamin A. Beasley	cec1869a02	Generate ethercodes.dat from latest oui.csv	2024-03-28 09:35:29 -04:00
Fedora Release Engineering	4f615d4bd1	Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild	2024-01-22 23:28:27 +00:00
Benjamin A. Beasley	5ae4fb1bd1	Add missing source [skip changelog]	2024-01-21 21:55:40 -05:00
Benjamin A. Beasley	f39649efa2	Update to 3.6 (close RHBZ#2259459)	2024-01-21 21:51:47 -05:00
Benjamin A. Beasley	e63c968357	Generate ethercodes.dat from latest oui.csv	2024-01-21 21:51:47 -05:00
Fedora Release Engineering	cd2dd6ef44	Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild	2024-01-19 13:34:14 +00:00
Benjamin A. Beasley	240a5e21a5	Generate ethercodes.dat from latest oui.csv	2024-01-02 12:47:36 -05:00
Benjamin A. Beasley	c0a7e9de94	Switch to dynamically-allocated service user/group ID’s	2023-12-04 11:00:39 -05:00
Benjamin A. Beasley	695a404243	Update to 3.5 (close RHBZ#2252673)	2023-12-03 20:07:31 -05:00
Benjamin A. Beasley	8d4c9e8635	Generate ethercodes.dat from latest oui.csv	2023-12-03 20:01:55 -05:00
Benjamin A. Beasley	238a51ec94	Generate ethercodes.dat from latest oui.csv	2023-11-10 13:21:28 -05:00
Benjamin A. Beasley	46f4713ac2	Generate ethercodes.dat from latest oui.csv	2023-10-04 10:40:47 -04:00
Benjamin A. Beasley	6f71ee9010	Update to 3.4 (close RHBZ#2237532)	2023-09-06 10:15:47 -04:00
Benjamin A. Beasley	cd43df9085	Generate ethercodes.dat from latest oui.csv	2023-09-06 09:54:46 -04:00
Benjamin A. Beasley	6553581ef2	Generate ethercodes.dat from latest oui.csv	2023-09-06 09:54:46 -04:00
Fedora Release Engineering	3a59eeafe6	Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2023-07-19 13:47:00 +00:00
Benjamin A. Beasley	5afd997524	Generate ethercodes.dat from latest oui.csv	2023-07-13 00:41:00 -04:00
Benjamin A. Beasley	b832247995	Generate ethercodes.dat from latest oui.csv	2023-05-24 17:54:49 -04:00
Benjamin A. Beasley	a54d9c2db8	Generate ethercodes.dat from latest oui.csv	2023-04-25 10:46:26 -04:00
Benjamin A. Beasley	0e9edf73cb	Generate ethercodes.dat from latest oui.csv	2023-03-26 09:21:08 -04:00
Benjamin A. Beasley	fd86a91e44	Generate ethercodes.dat from latest oui.csv	2023-02-15 17:18:08 -05:00
Benjamin A. Beasley	2e89479fcc	C99 compatibility patch (fix RHBZ#2166336)	2023-02-01 09:32:04 -05:00
Benjamin A. Beasley	a56fca0a8c	Stop numbering patches	2023-02-01 09:29:04 -05:00
Fedora Release Engineering	31fc0fdb37	Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2023-01-18 22:08:56 +00:00
Benjamin A. Beasley	64326d22c8	Generate ethercodes.dat from latest oui.csv	2023-01-17 20:27:50 -05:00
Benjamin A. Beasley	0c1aa8afd5	Generate ethercodes.dat from latest oui.csv	2022-12-19 00:25:33 -05:00
Benjamin A. Beasley	66352771d7	Leaf package: remove i686 support	2022-12-19 00:25:29 -05:00
Benjamin A. Beasley	abefd4571a	Generate ethercodes.dat from latest oui.csv	2022-08-03 14:59:18 -04:00
Benjamin A. Beasley	ae1d7fe609	Update License field to SPDX - Additionally, the license is corrected; it should have been “BSD” rather than “BSD with advertising” under the old system.	2022-08-01 08:12:17 -04:00
Benjamin A. Beasley	1ced6aa4a1	Generate ethercodes.dat from latest oui.csv	2022-07-30 21:40:51 -04:00
Benjamin A. Beasley	aba0dcc5ea	Extract a LICENSE file from arpwatch.c’s comment header We have emailed upstream requesting a proper license file.	2022-07-30 21:40:46 -04:00
Fedora Release Engineering	5f783a9efc	Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2022-07-20 21:14:13 +00:00
Benjamin A. Beasley	8c0deee75e	Generate ethercodes.dat from latest oui.csv	2022-05-06 14:19:39 -04:00
Benjamin A. Beasley	efa90ca41a	Update to 3.3 (close RHBZ#2068925)	2022-03-28 12:49:40 -04:00
Benjamin A. Beasley	13c84c8c7f	Generate ethercodes.dat from latest oui.csv	2022-03-28 12:49:05 -04:00
Benjamin A. Beasley	384e1238f3	Generate ethercodes.dat from latest oui.csv	2022-03-24 15:37:34 -04:00
Benjamin A. Beasley	734a1207b2	Switch OUI URL from HTTP to HTTPS	2022-03-24 15:37:28 -04:00
Benjamin A. Beasley	ab25714d78	Allow fsync in systemd sandbox (fix RHBZ#2051521) Allow the @sync group to the SystemCallFilter in the systemd sandbox. When arpwatch is configured to send notification emails via sendmail, at least the fsync call is needed.	2022-02-07 08:16:04 -05:00
Benjamin A. Beasley	da7e07b1f3	Generate ethercodes.dat from latest oui.csv	2022-02-01 10:17:51 -05:00
Fedora Release Engineering	ed21210c4c	- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2022-01-19 21:38:22 +00:00
Benjamin A. Beasley	854a67036c	Update to 3.2 (close RHBZ#2033095)	2021-12-16 08:33:04 -05:00
Benjamin A. Beasley	d66806cf47	Generate ethercodes.dat from latest oui.csv	2021-12-16 08:09:25 -05:00
Benjamin A. Beasley	9c99645a1e	Do not use path macros in file dependencies https://pagure.io/packaging-committee/pull-request/1135#comment-162531 https://pagure.io/packaging-committee/pull-request/1138	2021-12-09 14:26:11 -05:00
Benjamin A. Beasley	8b9bdef8d7	Generate ethercodes.dat from latest oui.csv	2021-12-09 14:25:36 -05:00
Benjamin A. Beasley	43dd89f414	Generate ethercodes.dat from latest oui.csv	2021-12-05 09:47:30 -05:00
Benjamin A. Beasley	a520f05cd2	Allow timer syscalls in systemd sandboxing (fix RHBZ#2023139) This fixes a core dump at startup, since arpwatch does use alarm(2).	2021-11-14 22:38:16 -05:00
Benjamin A. Beasley	0780353a90	Generate ethercodes.dat from latest oui.csv	2021-11-14 22:38:16 -05:00
Benjamin A. Beasley	08fba0d687	Generate ethercodes.dat from latest oui.csv	2021-11-11 12:05:48 -05:00
Benjamin A. Beasley	a6fad828e7	Trivial spec file reformatting	2021-11-11 12:05:44 -05:00
Benjamin A. Beasley	54b9fdd876	Change BR on python3 to python3-devel From https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/ : Every package that uses Python (at runtime and/or build time) and/or installs Python modules MUST explicitly include BuildRequires: python3-devel in its .spec file, even if Python is not actually invoked during build time.	2021-11-11 12:02:01 -05:00
Benjamin A. Beasley	0411a6f96b	Reduce macro indirection in the spec file	2021-11-11 12:01:02 -05:00
Benjamin A. Beasley	8042297856	Use %%python3 macro instead of %%__python3	2021-10-25 18:23:12 -04:00
Benjamin A. Beasley	f088a2b2b6	Generate ethercodes.dat from latest oui.csv	2021-09-30 10:16:45 -04:00
Benjamin A. Beasley	b484a6d6d6	Add “Wants=network-online.target” to systemd unit file (fixes RHBZ#1988849)	2021-08-01 19:13:50 -04:00
Benjamin A. Beasley	cced941510	Generate ethercodes.dat from latest oui.csv	2021-08-01 19:13:50 -04:00
Fedora Release Engineering	b240e42804	- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2021-07-21 17:55:54 +00:00
Fedora Release Engineering	7408aec9a8	- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2021-07-21 12:59:48 +00:00
Benjamin A. Beasley	28d172ba5b	Generate ethercodes.dat from latest oui.csv	2021-07-20 14:08:28 -04:00
Benjamin A. Beasley	0888dc1388	Opt in to rpmautospec	2021-07-20 14:08:17 -04:00
Benjamin A. Beasley	a926260bb8	generate ethercodes.dat from latest oui.csv	2021-07-09 09:11:57 -04:00
Benjamin A. Beasley	d51f96f1a9	generate ethercodes.dat from latest oui.csv	2021-05-03 15:19:19 -04:00
Benjamin A. Beasley	8ec0fea3f0	Fix systemd sandboxing syntax in unit file	2021-05-03 15:19:05 -04:00
Benjamin A. Beasley	1801766040	Add note about sending patches upstream	2021-04-24 09:18:42 -04:00
Benjamin A. Beasley	73a189512e	generate ethercodes.dat from latest oui.csv	2021-04-24 09:08:29 -04:00
Benjamin A. Beasley	4f047b4d8e	Fix an error in arpwatch-devlookup.patch that could cause a null pointer dereference on startup. Implements the suggestion of PR#1, “Update arpwatch-devlookup.patch to correctly open a named interface”.	2021-04-24 09:07:29 -04:00
Benjamin A. Beasley	87f0050ee4	generate ethercodes.dat from latest oui.csv	2021-04-06 11:57:18 -04:00
Benjamin A. Beasley	2c3ce15432	Do not use %exclude for unpackaged files (RPM 4.17 compatibility)	2021-04-06 11:54:26 -04:00
Benjamin A. Beasley	7fbf8a817f	generate ethercodes.dat from latest oui.csv	2021-03-29 12:05:30 -04:00
Benjamin A. Beasley	c2a95a7f7f	generate ethercodes.dat from latest oui.csv	2021-03-17 16:43:17 -04:00
Benjamin A. Beasley	accece5c21	generate ethercodes.dat from latest oui.csv	2021-03-09 07:41:31 -05:00
Zbigniew Jędrzejewski-Szmek	a48b5b665f	Rebuilt for updated systemd-rpm-macros See https://pagure.io/fesco/issue/2583.	2021-03-02 16:14:10 +01:00
Benjamin A. Beasley	6be867c82f	generate ethercodes.dat from latest oui.csv	2021-01-31 12:23:00 -05:00
Benjamin A. Beasley	82303dea59	Automatically bump release when using update-oui-csv script	2021-01-31 12:21:53 -05:00
Fedora Release Engineering	b2cedd59c3	- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2021-01-26 00:27:26 +00:00
Benjamin Beasley	e4f5906875	Fix changelog date	2021-01-10 12:06:07 -05:00
Benjamin Beasley	1a6180f2a3	Generate ethercodes.dat from latest oui.csv; change systemd BR to systemd-rpm-macros; and drop Requires on systemd for scriptlets per current guidelines	2021-01-09 15:41:12 -05:00
Benjamin Beasley	2ecbad6c9d	Rebuild with BR on make; generate ethercodes.dat from latest oui.csv	2020-12-16 21:08:10 -05:00
Tom Stellard	ed17ce8618	Add BuildRequires: make https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot	2020-12-16 23:39:15 +00:00
Benjamin Beasley	9f4ad01105	new version 3.1; every patch and additional source file has been reviewed and rebased, reworked, or dropped	2020-11-11 10:40:51 -05:00
Benjamin Beasley	9bfd398e94	fix changelog entries for 14:2.1a15-51 and 14:2.1a15-52	2020-11-11 08:49:10 -05:00
Benjamin Beasley	26af50489f	add rpmlintrc file to suppress expected rpmlint errors	2020-11-01 11:40:14 -05:00
Benjamin Beasley	fbb9cddc6b	Touch ghost file arp.dat.new (ghost files should exist in the buildroot)	2020-10-31 16:43:36 -04:00
Benjamin Beasley	5e0c38e7b4	use autosetup macro to apply patches	2020-10-31 09:11:59 -04:00
Benjamin Beasley	168ef7670c	add changelog and bump release for substantially revamped spec file	2020-10-30 14:27:45 -04:00
Benjamin Beasley	5e7aaac5b5	Remove user/group renaming code from pre-install script, and replace it with the suggested implementation for soft static allocation from https://fedoraproject.org/wiki/Packaging:UsersAndGroups; the pcap user and group were renamed to arpwatch in 2007 (https://src.fedoraproject.org/rpms/arpwatch/c/f1b7b51), and we have no need to handle such ancient installations anymore.	2020-10-30 14:27:45 -04:00
Benjamin Beasley	9e1fb1c36b	tidy up manual install steps	2020-10-30 14:27:45 -04:00
Benjamin Beasley	c960f8fcb3	Use make_build and make_install macros; as a consequence, we now preserve timestamps when installing files (install -p)	2020-10-30 14:27:45 -04:00
Benjamin Beasley	d5977a847b	Instead of embedding awk scripts in the shell scripts that use them, install the awk scripts and use their absolute paths in the shell scripts. Drop the BR on perl, which was used to quote awk scripts.	2020-10-30 14:27:45 -04:00
Benjamin Beasley	b39cf6ef23	Since we do not package the massagevendor-old script, do not prep it with the others	2020-10-30 14:27:45 -04:00
Benjamin Beasley	b66474ef04	Update URLs	2020-10-30 14:27:45 -04:00
Benjamin Beasley	02d9774915	Adjust whitespace throughout the spec file	2020-10-30 14:27:41 -04:00
Benjamin Beasley	4d6b27c1e0	Create macros for unprivileged service user and group names	2020-10-28 12:01:43 -04:00
Benjamin Beasley	d2dfbf73c8	Use package name macro more widely	2020-10-28 12:01:36 -04:00
Benjamin Beasley	28c7c85c58	Use buildroot macro instead of RPM_BUILD_ROOT variable	2020-10-28 11:17:34 -04:00
Benjamin Beasley	b544fb0091	Replace _vararpwatch macro with pkgstatedir, and define in terms of _sharedstatedir instead of _localstatedir	2020-10-28 11:17:29 -04:00
Benjamin Beasley	e7fb13ff60	Drop explicit _hardened_build macro (default in all current Fedora releases)	2020-10-28 11:07:04 -04:00
		`@ -0,0 +1,2 @@`
							`# See arpwatch(8) for more information on available options.`
							`OPTIONS=-C`
		`@ -0,0 +1,2 @@`
							`#Type Name ID GECOS Home directory Shell`
							`u arpwatch - "Service user for arpwatch" /var/lib/arpwatch /sbin/nologin`
`@ -1,2 +1 @@`
	`cebfeb99c4a7c2a6cee2564770415fe7 arpwatch-2.1a15.tar.gz`	`SHA512 (arpwatch-3.9.tar.gz) = b6fdda79caf6c79d78d629b28987d381981d8ac9150dd95c44ba0ed634d905446a8b64d73cdacca89d42a77965e0710d0a60184010440fed19168dae4e3dd4bd`
	`01f3c7d622269404b08696f3c4a5737e ethercodes-20110707.dat.bz2`