Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild

[skip changelog]

.gitignore

@@ -2,3 +2,10 @@
 /ethercodes-20110707.dat.bz2
 /arpwatch-3.1.tar.gz
 /arpwatch-3.2.tar.gz
+/arpwatch-3.3.tar.gz
+/arpwatch-3.4.tar.gz
+/arpwatch-3.5.tar.gz
+/arpwatch-3.6.tar.gz
+/arpwatch-3.7.tar.gz
+/arpwatch-3.8.tar.gz
+/arpwatch-3.9.tar.gz

arpwatch-3.1-exitcode.patch

@@ -1,15 +0,0 @@
-When arpwatch is terminated cleanly by a signal (INT/TERM/HUP) handler, the
-exit code should be zero for success instead of nonzero for failure.
-
-diff -Naur arpwatch-3.1-original/arpwatch.c arpwatch-3.1/arpwatch.c
---- arpwatch-3.1-original/arpwatch.c	2019-11-30 13:35:23.000000000 -0500
-+++ arpwatch-3.1/arpwatch.c	2020-11-08 12:55:51.429575973 -0500
-@@ -892,7 +892,7 @@
- 
- 	lg(LOG_DEBUG, "exiting");
- 	checkpoint(0);
--	exit(1);
-+	exit(0);
- }
- 
- RETSIGTYPE

arpwatch-3.2-no-usr-local-path.patch

@@ -1,40 +0,0 @@
-Do not add /usr/local/bin or /usr/local/sbin to the PATH in any scripts.
-
-diff -Naur arpwatch-3.2-original/arpfetch arpwatch-3.2/arpfetch
---- arpwatch-3.2-original/arpfetch	2013-02-16 03:10:28.000000000 -0500
-+++ arpwatch-3.2/arpfetch	2021-12-16 08:26:26.931846139 -0500
-@@ -4,8 +4,6 @@
- # arpfetch - collect arp data from a cisco using net-snmp
- #
- 
--export PATH="/usr/local/bin:${PATH}"
--
- prog=`basename $0`
- 
- if [ $# -ne 2 ]; then
-diff -Naur arpwatch-3.2-original/bihourly.sh arpwatch-3.2/bihourly.sh
---- arpwatch-3.2-original/bihourly.sh	2016-09-16 22:40:54.000000000 -0400
-+++ arpwatch-3.2/bihourly.sh	2021-12-16 08:26:35.671910709 -0500
-@@ -3,9 +3,6 @@
- #
- #  bihourly arpwatch job
- #
--PATH=${PATH}:/usr/local/sbin
--export PATH
--#
- cd /usr/local/arpwatch
- #
- list="`cat list`"
-diff -Naur arpwatch-3.2-original/update-ethercodes.sh.in arpwatch-3.2/update-ethercodes.sh.in
---- arpwatch-3.2-original/update-ethercodes.sh.in	2021-12-14 19:47:54.000000000 -0500
-+++ arpwatch-3.2/update-ethercodes.sh.in	2021-12-16 08:26:16.309767665 -0500
-@@ -6,9 +6,6 @@
- 
- prog="`basename $0`"
- 
--PATH=/usr/local/bin:${PATH}
--export PATH
--
- t1=/tmp/${prog}.1.$$
- 
- trap 'rm -f ${t1}; exit 1' 1 2 3 15 EXIT

arpwatch-3.3-c99.patch

@@ -0,0 +1,17 @@
+diff --git a/dns.c b/dns.c
+index 82106e1244f94aec..75cc27b6775649f7 100644
+--- a/dns.c
++++ b/dns.c
+@@ -115,10 +115,10 @@ gethinfo(char *hostname, char *cpu, int cpulen, char *os, int oslen)
+ 		    (u_char *)cp, (char *)bp, buflen)) < 0)
+ 			break;
+ 		cp += n;
+-		type = _getshort(cp);
++		type = ns_get16(cp);
+ 		cp += sizeof(u_short);			/* class */
+ 		cp += sizeof(u_short) + sizeof(u_int32_t);
+-		n = _getshort(cp);
++		n = ns_get16(cp);
+ 		cp += sizeof(u_short);
+ 		if (type == T_HINFO) {
+ 			/* Unpack */

arpwatch-3.5-devlookup.patch

@@ -1,15 +1,8 @@
-When -i is not given, iterate all available devices until a usable one is found
+diff -Naur arpwatch-3.5-original/arpwatch.c arpwatch-3.5/arpwatch.c
-instead of just trying the first one and giving up if it is not usable. See
+--- arpwatch-3.5-original/arpwatch.c	2023-12-03 13:10:05.000000000 -0500
-RHBZ #842660.
++++ arpwatch-3.5/arpwatch.c	2023-12-03 20:06:32.694857659 -0500
-
+@@ -163,6 +163,8 @@
-Additionally, handle the case where a device provides both supported and
+ void	hup(int);
-unsupported datalink types.
-
-diff -Naur arpwatch-3.1-original/arpwatch.c arpwatch-3.1/arpwatch.c
---- arpwatch-3.1-original/arpwatch.c	2019-11-30 13:35:23.000000000 -0500
-+++ arpwatch-3.1/arpwatch.c	2021-04-24 09:02:50.762535242 -0400
-@@ -161,6 +161,8 @@
- RETSIGTYPE die(int);
  int	isbogon(u_int32_t);
  int	main(int, char **);
 +int     try_open_live(pcap_t ** pd_ptr, char const * interface_name,
@@ -17,7 +10,7 @@ diff -Naur arpwatch-3.1-original/arpwatch.c arpwatch-3.1/arpwatch.c
  void	process_ether(u_char *, const struct pcap_pkthdr *, const u_char *);
  void	process_fddi(u_char *, const struct pcap_pkthdr *, const u_char *);
  int	readsnmp(char *);
-@@ -177,7 +179,7 @@
+@@ -179,7 +181,7 @@
  	int op, snaplen, timeout, linktype, status;
  	pcap_t *pd;
  	FILE *fp;
@@ -26,7 +19,7 @@ diff -Naur arpwatch-3.1-original/arpwatch.c arpwatch-3.1/arpwatch.c
  	char *interface, *rfilename;
  	struct bpf_program code;
  	char errbuf[PCAP_ERRBUF_SIZE];
-@@ -309,13 +311,18 @@
+@@ -311,13 +313,18 @@
  				    "%s: pcap_findalldevs: %s\n", prog, errbuf);
  				exit(1);
  			}
@@ -48,7 +41,7 @@ diff -Naur arpwatch-3.1-original/arpwatch.c arpwatch-3.1/arpwatch.c
  #else
  			if (interface = pcap_lookupdev(errbuf)) == NULL) {
  				(void)fprintf(stderr,
-@@ -354,15 +361,12 @@
+@@ -356,15 +363,12 @@
  		}
  		swapped = pcap_is_swapped(pd);
  	} else {
@@ -68,7 +61,7 @@ diff -Naur arpwatch-3.1-original/arpwatch.c arpwatch-3.1/arpwatch.c
  #ifdef WORDS_BIGENDIAN
  		swapped = 1;
  #endif
-@@ -452,6 +456,74 @@
+@@ -454,6 +458,74 @@
  	exit(0);
  }
  

arpwatch-3.5-exitcode.patch

@@ -0,0 +1,12 @@
+diff -Naur arpwatch-3.5-original/arpwatch.c arpwatch-3.5/arpwatch.c
+--- arpwatch-3.5-original/arpwatch.c	2023-12-03 13:10:05.000000000 -0500
++++ arpwatch-3.5/arpwatch.c	2023-12-03 20:04:01.834691097 -0500
+@@ -915,7 +915,7 @@
+ {
+ 	lg(LOG_DEBUG, "exiting");
+ 	checkpoint(0);
+-	exit(1);
++	exit(0);
+ }
+ 
+ void

arpwatch-3.9-no-usr-local-path.patch

@@ -0,0 +1,40 @@
+Do not add /usr/local/bin or /usr/local/sbin to the PATH in any scripts.
+
+diff -Naur arpwatch-3.9-original/arpfetch arpwatch-3.9/arpfetch
+--- arpwatch-3.9-original/arpfetch	2013-02-16 08:10:28.000000000 +0000
++++ arpwatch-3.9/arpfetch	2025-10-23 23:27:24.285711332 +0100
+@@ -4,8 +4,6 @@
+ # arpfetch - collect arp data from a cisco using net-snmp
+ #
+ 
+-export PATH="/usr/local/bin:${PATH}"
+-
+ prog=`basename $0`
+ 
+ if [ $# -ne 2 ]; then
+diff -Naur arpwatch-3.9-original/bihourly.sh arpwatch-3.9/bihourly.sh
+--- arpwatch-3.9-original/bihourly.sh	2016-09-17 03:40:54.000000000 +0100
++++ arpwatch-3.9/bihourly.sh	2025-10-23 23:27:24.285849999 +0100
+@@ -3,9 +3,6 @@
+ #
+ #  bihourly arpwatch job
+ #
+-PATH=${PATH}:/usr/local/sbin
+-export PATH
+-#
+ cd /usr/local/arpwatch
+ #
+ list="`cat list`"
+diff -Naur arpwatch-3.9-original/update-ethercodes.sh.in arpwatch-3.9/update-ethercodes.sh.in
+--- arpwatch-3.9-original/update-ethercodes.sh.in	2025-10-23 20:32:08.000000000 +0100
++++ arpwatch-3.9/update-ethercodes.sh.in	2025-10-23 23:27:50.579194300 +0100
+@@ -6,9 +6,6 @@
+ 
+ prog="`basename $0`"
+ 
+-PATH=/usr/local/bin:${PATH}
+-export PATH
+-
+ t1=`mktemp /tmp/${prog}.1.XXXXXX`
+ 
+ trap 'rm -f ${t1}; exit 1' 1 2 3 15 EXIT

arpwatch.rpmlintrc

@@ -1,9 +1,10 @@
 # These are not real spelling errors...
-addFilter(r'spelling-error .* en_US (arpsnmp) ')
+addFilter(r' spelling-error .* en_US (arpsnmp) ')
 # The sticky bit on this directory protects root-owned files from unlinking or
 # renaming by members of the arpwatch group.
-addFilter(r'non-standard-dir-perm /var/lib/arpwatch 1775')
+addFilter(r' non-standard-dir-perm /var/lib/arpwatch 1775')
 # Known zero-length files
-addFilter(r'zero-length /var/lib/arpwatch/arp.dat-?')
+addFilter(r' zero-length /var/lib/arpwatch/arp.dat-?')
-# Ghost file
+# This is beyond what we want to rewrite downstream, and is not necessarily a
-addFilter(r'non-readable /var/lib/arpwatch/arp.dat.new 600')
+# serious problem.
+addFilter(r' binary-or-shlib-calls-gethostbyname ')

arpwatch.service

@@ -21,7 +21,7 @@ ProtectKernelModules=true
 ProtectControlGroups=true
 RestrictSUIDSGID=true
 SystemCallFilter=@system-service
-SystemCallFilter=~@aio @chown @clock @ipc @keyring @memlock @resources @sync
+SystemCallFilter=~@aio @chown @clock @ipc @keyring @memlock @resources
 SystemCallArchitectures=native
 
 [Install]

arpwatch.spec

@@ -1,21 +1,41 @@
+%bcond autoreconf 1
+
 Name:           arpwatch
 Epoch:          14
-Version:        3.2
+Version:        3.9
 Release:        %autorelease
 Summary:        Network monitoring tools for tracking IP addresses on a network
 
-License:        BSD with advertising
+# SPDX matching with BSD-3-Clause confirmed at
+# https://gitlab.com/fedora/legal/fedora-license-data/-/issues/49
+License:        BSD-3-Clause
+# Any files under different licenses are part of the build system and do not
+# contribute to the license of the binary RPM:
+#   - config.guess and config.sub are GPL-3.0-or-later
+#   - configure is FSFUL
+#   - install-sh is X11
+#   - mkdep is BSD-4.3RENO
+SourceLicense:  %{shrink:
+                %{license} AND
+                BSD-4.3RENO AND
+                FSFUL AND
+                GPL-3.0-or-later AND
+                X11
+                }
 URL:            https://ee.lbl.gov/
 
-Requires(pre):  shadow-utils
-
 Requires:       /usr/sbin/sendmail
 Requires:       python3
 
 BuildRequires:  gcc
 BuildRequires:  make
+%if %{with autoreconf}
+BuildRequires:  autoconf
+%endif
+
 BuildRequires:  /usr/sbin/sendmail
 BuildRequires:  systemd-rpm-macros
+%{?sysuser_requires_compat}
 BuildRequires:  python3-devel
 BuildRequires:  libpcap-devel
 
@@ -23,59 +43,61 @@ BuildRequires:  libpcap-devel
 # directory listing at https://ee.lbl.gov/downloads/arpwatch/ shows all
 # available versions.
 Source0:        https://ee.lbl.gov/downloads/arpwatch/arpwatch-%{version}.tar.gz
-# This file comes from http://standards-oui.ieee.org/oui/oui.csv; it is used to
+# This file comes from https://standards-oui.ieee.org/oui/oui.csv; it is used
-# generate ethercodes.dat. Because it is unversioned (and frequently updated),
+# to generate ethercodes.dat. Because it is unversioned (and frequently
-# we store the file directly in the repository with the spec file; see the
+# updated), we store the file directly in the repository with the spec file;
-# update-oui-csv script.
+# see the update-oui-csv script.
 #
-# File oui.csv last fetched 2021-12-16T13:09:24+00:00.
+# File oui.csv last fetched 2025-12-11T07:07:44+00:00.
 Source1:        oui.csv
 Source2:        arpwatch.service
 Source3:        arpwatch.sysconfig
 Source4:        arp2ethers.8
 Source5:        massagevendor.8
+Source6:        arpwatch.sysusers
 
-# Latest version of patches 1–9 sent upstream by email 2021-04-24.
+# The latest versions of all “arpwatch-3.1-*” patches were sent upstream by
+# email 2021-04-24.
 
 # Fix section numbers in man page cross-references. With minor changes, this
 # patch dates all the way back to arpwatch-2.1a4-man.patch, from RHBZ #15442.
-Patch1:         arpwatch-3.1-man-references.patch
+Patch:          arpwatch-3.1-man-references.patch
 # Add, and document, a -u argument to change to a specified unprivileged user
 # after establishing sockets. This combines and improves multiple previous
 # patches; see patch header and changelog for notes.
-Patch2:         arpwatch-3.2-change-user.patch
+Patch:          arpwatch-3.2-change-user.patch
 # Fix nonstandard sort flags in arp2ethers script.
-Patch3:         arpwatch-3.1-arp2ethers-sort-invocation.patch
+Patch:          arpwatch-3.1-arp2ethers-sort-invocation.patch
 # Fix stray rm (of an undefined variable) in example arpfetch script.
-Patch4:         arpwatch-3.1-arpfetch-stray-rm.patch
+Patch:          arpwatch-3.1-arpfetch-stray-rm.patch
 # Do not add /usr/local/bin or /usr/local/sbin to the PATH in any scripts
-Patch5:         arpwatch-3.2-no-usr-local-path.patch
+Patch:          arpwatch-3.9-no-usr-local-path.patch
 # Do not attempt to search for local libpcap libraries lying around in the
 # parent of the build directory, or anywhere else random. This is not expected
 # to succeed anyway, but it is better to be sure.
-Patch6:         arpwatch-3.1-configure-no-local-pcap.patch
+Patch:          arpwatch-3.1-configure-no-local-pcap.patch
 # RHBZ #244606: Correctly handle -n 0/32 to allow the user to disable reporting
 # bogons from 0.0.0.0.
-Patch7:         arpwatch-3.1-all-zero-bogon.patch
+Patch:          arpwatch-3.1-all-zero-bogon.patch
 # When arpwatch is terminated cleanly by a signal (INT/TERM/HUP) handler, the
 # exit code should be zero for success instead of nonzero for failure.
-Patch8:         arpwatch-3.1-exitcode.patch
+Patch:          arpwatch-3.5-exitcode.patch
 # When -i is not given, do not just try the first device found, but keep
 # checking devices until a usable one is found, if any is available.
 # Additionally, handle the case where a device provides both supported and
 # unsupported datalink types.
-Patch9:         arpwatch-3.1-devlookup.patch
+Patch:          arpwatch-3.5-devlookup.patch
+
+# Replace _getshort(), “a glibc function that hasn't been declared in the
+# installed headers for many, many years,” with ns_get16(). Fixes C99
+# compatibility (https://bugzilla.redhat.com/show_bug.cgi?id=2166336). Sent
+# upstream by email 2023-02-01.
+Patch:          arpwatch-3.3-c99.patch
+
+# https://fedoraproject.org/wiki/Changes/EncourageI686LeafRemoval
+ExcludeArch:    %{ix86}
 
 %global pkgstatedir %{_sharedstatedir}/arpwatch
-%global service_user arpwatch
-%global service_group arpwatch
-# Soft static UID and GID; see
-# https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation
-# for information, and the uidgid file in the setup package
-# (https://pagure.io/setup/blob/master/f/uidgid) for the list of allocations,
-# including the one for arpwatch.
-%global service_uid 77
-%global service_gid 77
 
 %description
 The arpwatch package contains arpwatch and arpsnmp. Arpwatch and arpsnmp are
@@ -102,13 +124,33 @@ sed -r -i 's|/usr/local/arpwatch|%{pkgstatedir}|g' *.8.in *.sh.in *.sh
 # Fix Python interpreter path (but note that this script is not installed)
 sed -r -i 's|/usr/local/bin/python|%{python3}|g' update-ethercodes.sh.in
 
+# Emailed upstream requesting a separate LICENSE/COPYING file 2022-07-30.
+# For now, we extract it from the main source file’s “header” comment.
+awk '/^ \* / { print substr($0, 4); } /^ \*\// { exit }' arpwatch.c |
+  tee LICENSE
+
+
+%conf
+%if %{with autoreconf}
+autoreconf --force --install --verbose
+%endif
+
+# Prior to version 3.4, this was handled by the configure script. If it is not
+# defined, the build fails because time.h is not included in report.c. This
+# regregression was reported upstream by email to arpwatch@ee.lbl.gov on
+# 2023-09-06.
+export CPPFLAGS="${CPPFLAGS-} -DTIME_WITH_SYS_TIME=1"
+
+%configure --with-sendmail=/usr/sbin/sendmail PYTHON=%{python3}
+
 
 %build
-%configure --with-sendmail=/usr/sbin/sendmail PYTHON=%{python3}
 %make_build ARPDIR=%{pkgstatedir}
 
 
 %install
+install -p -D -m 0644 %{SOURCE6} '%{buildroot}%{_sysusersdir}/arpwatch.conf'
+
 # The upstream Makefile does not create the directories it requires, so we must
 # do it manually. Additionally, it attempts to comment out the installation of
 # the init script on non-FreeBSD platforms, but this does not quite work as
@@ -122,6 +164,10 @@ install -d %{buildroot}%{_mandir}/man8 \
 
 %make_install
 
+# Make install uses mode 0555, which is unconventional, and which can interfere
+# with debuginfo generation since the file is not writable by its owner.
+chmod -v 0755 %{buildroot}%{_sbindir}/arpwatch %{buildroot}%{_sbindir}/arpsnmp
+
 install -p -t %{buildroot}%{_datadir}/arpwatch -m 0644 *.awk
 install -p -t %{buildroot}%{_sbindir} arp2ethers
 install -p massagevendor.py %{buildroot}%{_sbindir}/massagevendor
@@ -168,25 +214,6 @@ fi
 %systemd_post arpwatch.service
 
 
-%pre
-getent group %{service_group} >/dev/null ||
-  groupadd -f -g %{service_gid} -r %{service_group}
-if ! getent passwd %{service_user} >/dev/null
-then
-  if ! getent passwd %{service_uid} >/dev/null
-  then
-    useradd -r -u %{service_uid} -g %{service_group} \
-        -d %{pkgstatedir} -s /sbin/nologin \
-        -c "Service user for arpwatch" %{service_user}
-  else
-    useradd -r -g %{service_group} \
-        -d %{pkgstatedir} -s /sbin/nologin \
-        -c "Service user for arpwatch" %{service_user}
-  fi
-fi
-exit 0
-
-
 %postun
 %systemd_postun_with_restart arpwatch.service
 
@@ -196,13 +223,13 @@ exit 0
 
 
 %files
+%license LICENSE
 %doc README
 %doc CHANGES
 %doc arpfetch
 
-# make install uses mode 0555, which is unconventional
+%{_sbindir}/arpwatch
-%attr(0755,-,-) %{_sbindir}/arpwatch
+%{_sbindir}/arpsnmp
-%attr(0755,-,-) %{_sbindir}/arpsnmp
 # manually-installed scripts
 %{_sbindir}/arp2ethers
 %{_sbindir}/massagevendor
@@ -214,13 +241,14 @@ exit 0
 %attr(0644,-,-) %{_mandir}/man8/*.8*
 
 %{_unitdir}/arpwatch.service
+%{_sysusersdir}/arpwatch.conf
 %config(noreplace) %{_sysconfdir}/sysconfig/arpwatch
 
-%attr(1775,-,%{service_group}) %dir %{pkgstatedir}
+%attr(1775,-,arpwatch) %dir %{pkgstatedir}
-%attr(0644,%{service_user},%{service_group}) %verify(not md5 size mtime) %config(noreplace) %{pkgstatedir}/arp.dat
+%attr(0644,arpwatch,arpwatch) %verify(not md5 size mtime) %config(noreplace) %{pkgstatedir}/arp.dat
-%attr(0644,%{service_user},%{service_group}) %verify(not md5 size mtime) %config(noreplace) %{pkgstatedir}/arp.dat-
+%attr(0644,arpwatch,arpwatch) %verify(not md5 size mtime) %config(noreplace) %{pkgstatedir}/arp.dat-
-%attr(0600,%{service_user},%{service_group}) %verify(not md5 size mtime) %ghost %{pkgstatedir}/arp.dat.new
+%attr(0600,arpwatch,arpwatch) %verify(not md5 size mtime) %ghost %{pkgstatedir}/arp.dat.new
-%attr(0644,-,%{service_group}) %verify(not md5 size mtime) %config(noreplace) %{pkgstatedir}/ethercodes.dat
+%attr(0644,-,arpwatch) %verify(not md5 size mtime) %config(noreplace) %{pkgstatedir}/ethercodes.dat
 
 
 %changelog

arpwatch.sysusers

@@ -0,0 +1,2 @@
+#Type Name      ID  GECOS                         Home directory     Shell
+u     arpwatch  -   "Service user for arpwatch"   /var/lib/arpwatch  /sbin/nologin

massagevendor.8

@@ -77,7 +77,7 @@ file containing the list of ethernet vendor codes
 .Sh NOTES
 The ethernet vendor codes as assigned by the IEEE can be found at:
 .Pp
-.Dl Ar http://standards-oui.ieee.org/oui/oui.csv
+.Dl Ar https://standards-oui.ieee.org/oui/oui.csv
 .Sh AUTHORS
 .An Craig Leres
 of the Lawrence Berkeley National Laboratory Network Research Group,

sources

@@ -1 +1 @@
-SHA512 (arpwatch-3.2.tar.gz) = 0a028e770e73f8ff2e926da5ab58e067c05908924a60cfc52c5fb7d57a0f36d3087f6cedb4a8b39b66ce85a4f6a12a594e7e74fd044331e5f346bcc9add99585
+SHA512 (arpwatch-3.9.tar.gz) = b6fdda79caf6c79d78d629b28987d381981d8ac9150dd95c44ba0ed634d905446a8b64d73cdacca89d42a77965e0710d0a60184010440fed19168dae4e3dd4bd

update-oui-csv

@@ -2,7 +2,7 @@
 set -o errexit
 set -o nounset
 
-URL='http://standards-oui.ieee.org/oui/oui.csv'
+URL='https://standards-oui.ieee.org/oui/oui.csv'
 DATA='oui.csv'
 SPEC='arpwatch.spec'