.gitignore

@@ -1,11 +1,2 @@
 /arpwatch-2.1a15.tar.gz
 /ethercodes-20110707.dat.bz2
-/arpwatch-3.1.tar.gz
-/arpwatch-3.2.tar.gz
-/arpwatch-3.3.tar.gz
-/arpwatch-3.4.tar.gz
-/arpwatch-3.5.tar.gz
-/arpwatch-3.6.tar.gz
-/arpwatch-3.7.tar.gz
-/arpwatch-3.8.tar.gz
-/arpwatch-3.9.tar.gz

arp2ethers.8

@@ -1,53 +0,0 @@
-.Dd 8 November 2020
-.Dt ARP2ETHERS 8
-.Sh NAME
-.Nm arp2ethers
-.Nd convert arpwatch address database to ethers file format
-.Sh SYNOPSIS
-.Nm
-.Sh DESCRIPTION
-.Nm
-converts file
-.Ar arp.dat
-in the current directory into
-.Xr ethers 5
-format on
-.Ar stdout .
-Usually
-.Ar arp.dat
-is an ethernet/ip database file generated by
-.Xr arpwatch 8 .
-The
-.Xr arpwatch 8
-daemon will create different
-.Ar arp.dat
-depending on its configuration, i.e., the
-.Fl f
-flag.
-All of them will be available at
-.Ar /var/lib/arpwatch .
-.Sh FILES
-.Bl -tag -width ".Pa /var/lib/arpwatch" -compact
-.It Pa /var/lib/arpwatch
-default directory
-.It Pa arp.dat
-default ethernet/ip address database
-.Sh "SEE ALSO"
-.Xr arpwatch 8 ,
-.Xr ethers 5 ,
-.Xr rarp 8 ,
-.Xr arp 8
-.Sh AUTHORS
-.An Craig Leres
-of the Lawrence Berkeley National Laboratory Network Research Group,
-University of California, Berkeley, CA.
-.Pp
-The current version is available via anonymous ftp:
-.Pp
-.Dl Ar ftp://ftp.ee.lbl.gov/arpwatch.tar.gz
-.Pp
-This manual page was contributed by Hugo Graumann and modified by Benjamin
-Beasley.
-.Sh BUGS
-Please send bug reports to
-.Aq arpwatch@ee.lbl.gov .

arpwatch-2.1a10-man.patch

@@ -0,0 +1,33 @@
+diff -uNr arpwatch-2.1a10/arpsnmp.8 arpwatch-2.1a10.man/arpsnmp.8
+--- arpwatch-2.1a10/arpsnmp.8	Sun Sep 17 23:34:48 2000
++++ arpwatch-2.1a10.man/arpsnmp.8	Sun Dec 31 02:00:54 2000
+@@ -41,7 +41,7 @@
+ and reports certain changes via email.
+ .B Arpsnmp
+ reads information from a file (usually generated by
+-.BR snmpwalk (8)).
++.BR snmpwalk (1)).
+ .LP
+ The
+ .B -d
+@@ -62,9 +62,9 @@
+ .LP
+ .SH "REPORT MESSAGES"
+ (See the
+-.BR arpwatch (1)
++.BR arpwatch (8)
+ man page for details on the report messages generated by
+-.BR arpsnmp (1).)
++.BR arpsnmp (8).)
+ .SH FILES
+ .na
+ .nh
+@@ -79,7 +79,7 @@
+ .na
+ .nh
+ .BR arpwatch (8),
+-.BR snmpwalk (8),
++.BR snmpwalk (1),
+ .BR arp (8)
+ .ad
+ .hy

arpwatch-2.1a15-bogon.patch

@@ -0,0 +1,20 @@
+--- arpwatch-2.1a15/arpwatch.c.bogon	2007-08-09 13:53:47.000000000 +0200
++++ arpwatch-2.1a15/arpwatch.c	2007-08-09 13:58:17.000000000 +0200
+@@ -730,11 +730,12 @@ addnet(register const char *str)
+ 
+ 	/* XXX hack */
+ 	n = ntohl(inet_addr(tstr));
+-	while ((n & 0xff000000) == 0) {
+-		n <<= 8;
+-		if (n == 0)
+-			return (0);
+-	}
++	if (n || width != 32)
++		while ((n & 0xff000000) == 0) {
++			n <<= 8;
++			if (n == 0)
++				return (0);
++		}
+ 	n = htonl(n);
+ 
+ 	if (width != 0) {

arpwatch-2.1a15-buffer-overflow-bz1563939.patch

@@ -0,0 +1,44 @@
+From arpwatch 3.1, backport the fix for the potentially-exploitable buffer
+overflow reported in https://bugzilla.redhat.com/show_bug.cgi?id=1563939.
+
+Increase the length of the h field of struct einfo to 64 (63 bytes for a DNS
+name part, and one byte for a null terminator); then, use strncpy() plus
+explicit null termination to ensure that we truncate a longer hostname if we
+manage to get one, without either overflowing the buffer or having an
+unterminated string.
+
+diff -Naur arpwatch-2.1a15.original/db.c arpwatch-2.1a15/db.c
+--- arpwatch-2.1a15.original/db.c	2000-09-30 19:39:58.000000000 -0400
++++ arpwatch-2.1a15/db.c	2020-10-27 12:50:49.803957083 -0400
+@@ -62,7 +62,7 @@
+ /* Ethernet info */
+ struct einfo {
+ 	u_char e[6];		/* ether address */
+-	char h[34];		/* simple hostname */
++	char h[64];		/* simple hostname */
+ 	time_t t;		/* timestamp */
+ };
+ 
+@@ -283,8 +283,10 @@
+ 	BCOPY(e, ep->e, 6);
+ 	if (h == NULL && !initializing)
+ 		h = getsname(a);
+-	if (h != NULL && !isdigit((int)*h))
+-		strcpy(ep->h, h);
++	if (h != NULL && !isdigit((int)*h)) {
++	        strncpy(ep->h, h, sizeof(ep->h));
++	        ep->h[sizeof(ep->h) - 1] = '\0';
++	}
+ 	ep->t = t;
+ 	return (ep);
+ }
+@@ -304,7 +306,8 @@
+ 	if (!isdigit((int)*h) && strcmp(h, ep->h) != 0) {
+ 		syslog(LOG_INFO, "hostname changed %s %s %s -> %s",
+ 		    intoa(ap->a), e2str(ep->e), ep->h, h);
+-		strcpy(ep->h, h);
++		strncpy(ep->h, h, sizeof(ep->h));
++		ep->h[sizeof(ep->h) - 1] = '\0';
+ 	}
+ }
+ 

arpwatch-2.1a15-devlookup.patch

@@ -0,0 +1,118 @@
+--- arpwatch-2.1a15-dist/arpwatch.c	2012-07-23 09:55:35.832458313 +0200
++++ arpwatch-2.1a15-new/arpwatch.c	2012-07-24 11:36:59.013953071 +0200
+@@ -161,15 +161,63 @@ void dropprivileges(const char* user)
+ 	syslog(LOG_DEBUG, "Running as uid=%d gid=%d", getuid(), getgid());
+ }
+ 
++char *
++get_first_dev(pcap_t **pd, int *linktype, char *errbuf)
++{
++	static char interface[IF_NAMESIZE + 1];
++	register int snaplen, timeout;
++	pcap_if_t *alldevs;
++	pcap_if_t *dev;
++	char *ret = NULL;
++
++	snaplen = max(sizeof(struct ether_header),
++				  sizeof(struct fddi_header)) + sizeof(struct ether_arp);
++	timeout = 1000;
++
++	if (pcap_findalldevs(&alldevs, errbuf) == -1) {
++		(void)fprintf(stderr, "%s: lookup_device: %s\n",
++					  prog, errbuf);
++		exit(1);
++	}
++
++	for (dev = alldevs; dev; dev = dev->next) {
++		strncpy(interface, dev->name, strlen(dev->name)+1);
++
++		*pd = pcap_open_live(interface, snaplen, 1, timeout, errbuf);
++		if (*pd == NULL) {
++			syslog(LOG_ERR, "pcap open %s: %s, trying next...", interface, errbuf);
++			continue;
++			/* exit(1); */
++		}
++
++		*linktype = pcap_datalink(*pd);
++		/* Must be ethernet or fddi */
++		if (*linktype != DLT_EN10MB && *linktype != DLT_FDDI) {
++			syslog(LOG_ERR, "(%s) Link layer type %d not ethernet or fddi, trying next...",
++				   interface, *linktype);
++			pcap_close(*pd);
++		}
++		else {
++			/* First match, use it */
++			ret = interface;
++			break;
++		}
++
++	}
++	pcap_freealldevs(alldevs);
++	return (ret);
++}
++
+ int
+ main(int argc, char **argv)
+ {
+ 	register char *cp;
+-	register int op, pid, snaplen, timeout, linktype, status;
++	register int op, pid, status;
++	int linktype;
+ #ifdef TIOCNOTTY
+ 	register int fd;
+ #endif
+-	register pcap_t *pd;
++	pcap_t *pd;
+ 	register char *interface, *rfilename;
+ 	struct bpf_program code;
+ 	char errbuf[PCAP_ERRBUF_SIZE];
+@@ -189,6 +237,7 @@ main(int argc, char **argv)
+ 
+ 	opterr = 0;
+ 	interface = NULL;
++	linktype = -1;
+ 	rfilename = NULL;
+ 	pd = NULL;
+ 	while ((op = getopt(argc, argv, "df:i:n:Nr:u:e:s:")) != EOF)
+@@ -264,11 +313,12 @@ main(int argc, char **argv)
+ 		net = 0;
+ 		netmask = 0;
+ 	} else {
++
+ 		/* Determine interface if not specified */
+ 		if (interface == NULL &&
+-		    (interface = pcap_lookupdev(errbuf)) == NULL) {
+-			(void)fprintf(stderr, "%s: lookup_device: %s\n",
+-			    prog, errbuf);
++			(interface = get_first_dev(&pd, &linktype, errbuf)) == NULL) {
++			(void)fprintf(stderr, "%s: lookup_device: no suitable interface found\n",
++						  prog);
+ 			exit(1);
+ 		}
+ 
+@@ -317,10 +367,6 @@ main(int argc, char **argv)
+ 		}
+ 		swapped = pcap_is_swapped(pd);
+ 	} else {
+-		snaplen = max(sizeof(struct ether_header),
+-		    sizeof(struct fddi_header)) + sizeof(struct ether_arp);
+-		timeout = 1000;
+-		pd = pcap_open_live(interface, snaplen, 1, timeout, errbuf);
+ 		if (pd == NULL) {
+ 			syslog(LOG_ERR, "pcap open %s: %s", interface, errbuf);
+ 			exit(1);
+@@ -340,14 +386,6 @@ main(int argc, char **argv)
+ 		dropprivileges( serveruser );
+ 	}
+ 
+-	/* Must be ethernet or fddi */
+-	linktype = pcap_datalink(pd);
+-	if (linktype != DLT_EN10MB && linktype != DLT_FDDI) {
+-		syslog(LOG_ERR, "Link layer type %d not ethernet or fddi",
+-		    linktype);
+-		exit(1);
+-	}
+-
+ 	/* Compile and install filter */
+ 	if (pcap_compile(pd, &code, "arp or rarp", 1, netmask) < 0) {
+ 		syslog(LOG_ERR, "pcap_compile: %s", pcap_geterr(pd));

arpwatch-2.1a15-dropgroup.patch

@@ -0,0 +1,12 @@
+diff -up arpwatch-2.1a15/arpwatch.c.dropgroup arpwatch-2.1a15/arpwatch.c
+--- arpwatch-2.1a15/arpwatch.c.dropgroup	2012-05-31 11:47:13.327901902 +0200
++++ arpwatch-2.1a15/arpwatch.c	2012-05-31 11:48:04.859900061 +0200
+@@ -147,7 +147,7 @@ void dropprivileges(const char* user)
+ 	struct passwd* pw;
+ 	pw = getpwnam( user );
+ 	if ( pw ) {
+-		if ( initgroups(pw->pw_name, NULL) != 0 || setgid(pw->pw_gid) != 0 ||
++		if ( setgid(pw->pw_gid) != 0 || setgroups(0, NULL) != 0 ||
+ 				 setuid(pw->pw_uid) != 0 ) {
+ 			syslog(LOG_ERR, "Couldn't change to '%.32s' uid=%d gid=%d", user,
+ 						 pw->pw_uid, pw->pw_gid);

arpwatch-2.1a15-extraman.patch

@@ -0,0 +1,173 @@
+diff -up arpwatch-2.1a15/Makefile.in.extraman arpwatch-2.1a15/Makefile.in
+--- arpwatch-2.1a15/Makefile.in.extraman	2009-12-14 18:01:27.000000000 +0100
++++ arpwatch-2.1a15/Makefile.in	2010-03-30 15:11:30.000000000 +0200
+@@ -118,6 +118,10 @@ install-man: force
+ 	    $(DESTDIR)$(MANDEST)/man8
+ 	$(INSTALL) -m 644 $(srcdir)/arpsnmp.8 \
+ 	    $(DESTDIR)$(MANDEST)/man8
++	$(INSTALL) -m 644 $(srcdir)/arp2ethers.8 \
++	    $(DESTDIR)$(MANDEST)/man8
++	$(INSTALL) -m 644 $(srcdir)/massagevendor.8 \
++	    $(DESTDIR)$(MANDEST)/man8
+ 
+ lint:	$(GENSRC) force
+ 	lint -hbxn $(SRC) | \
+diff -up arpwatch-2.1a15/arp2ethers.8.extraman arpwatch-2.1a15/arp2ethers.8
+--- arpwatch-2.1a15/arp2ethers.8.extraman	2010-03-30 15:12:37.000000000 +0200
++++ arpwatch-2.1a15/arp2ethers.8	2010-03-30 15:53:01.000000000 +0200
+@@ -0,0 +1,60 @@
++.TH ARP2ETHERS 8
++.SH NAME
++arp2ethers \- convert arpwatch address database to ethers file format
++.SH SYNOPSIS
++.na
++.B arp2ethers
++.ad
++.SH "DESCRIPTION"
++.B arp2ethers
++converts file
++.IR arp.dat
++in the current directory into
++.BR ethers(5)
++format on
++.IR stdout .
++Usually
++.IR arp.dat
++is an ethernet/ip database file generated by
++.BR arpwatch(8) .
++The arpwatch daemon in Debian will create different 
++.IR arp.dat
++depending on its configuration. All of them will be available at 
++.IR /var/lib/arpwatch/ .
++.SH FILES
++.na
++.nh
++.nf
++/var/lib/arpwatch - default directory for arp.dat
++arp.dat - ethernet/ip address database
++.ad
++.hy
++.fi
++.SH "SEE ALSO"
++.na
++.nh
++.BR arpwatch (8),
++.BR ethers (5),
++.BR rarp (8),
++.BR arp (8),
++.ad
++.hy
++.SH BUGS
++Please send bug reports to arpwatch@ee.lbl.gov.
++.SH AUTHORS
++.LP
++Original version by Craig Leres of the Lawrence Berkeley
++National Laboratory Network Research Group, University of
++California, Berkeley, CA.
++.LP
++Modified for the Debian Project by Peter Kelemen, with
++additions from Erik Warmelink.
++.LP
++The current version is available via anonymous ftp:
++.LP
++.RS
++.I ftp://ftp.ee.lbl.gov/arpwatch.tar.gz
++.RE
++.LP
++This manual page was contributed by Hugo Graumann.
++
+diff -up arpwatch-2.1a15/massagevendor.8.extraman arpwatch-2.1a15/massagevendor.8
+--- arpwatch-2.1a15/massagevendor.8.extraman	2010-03-30 15:15:18.000000000 +0200
++++ arpwatch-2.1a15/massagevendor.8	2010-03-30 15:15:18.000000000 +0200
+@@ -0,0 +1,91 @@
++.TH MASSAGEVENDOR 8
++.SH NAME
++massagevendor \- convert the ethernet vendor codes master list to arpwatch format
++.SH SYNOPSIS
++.na
++massagevendor
++.I vendorfile
++.SH "DESCRIPTION"
++.B massagevendor
++is a program that converts a text file containing ethernet vendor codes
++into a format suitable for use by
++.B arpwatch(8)
++and
++.B arpsnmp(8).
++The input
++.I vendorfile
++is a master text file containing vendor codes. The output
++is sent to
++.I stdout.
++Each line of the
++.I vendorfile
++is expected to have a six digit hexadecimal vendor code
++followed by spaces followed by the name of the manufacturer.
++.LP
++All ethernet devices have a unique identifier which
++includes a vendor code specifying the manufacturer of the
++device. In normal operation
++.B arpwatch(8)
++and
++.B arpsnmp(8)
++use the file
++.I ethercodes.dat
++to report this vendor code.
++.B massagevendor
++is used to generate the
++.I ethercodes.dat
++file from text files containing these vendor codes.
++.LP
++Locations where an ethernet vendor codes master text file
++can be obtained are given below.
++.SH FILES
++.na
++.nh
++.nf
++/var/lib/arpwatch - default location of the ethernet vendor list
++ethercodes.dat - file containing the list of ethernet vendor codes
++.ad
++.hy
++.fi
++.SH "SEE ALSO"
++.na
++.nh
++.BR arpwatch(8),
++.BR arpsnmp(8)
++.ad
++.hy
++.SH NOTES
++Sources for ethernet vendor codes seen in the wild are
++.LP
++.na
++.nh
++.nf
++.RS
++.I http://map-ne.com/Ethernet/vendor.html
++.I ftp://ftp.cavebear.com/pub/Ethernet.txt
++.I http://www.cavebear.com/CaveBear/Ethernet/vendor.html
++.RE
++.ad
++.hy
++.LP
++Useful for comparison or completeness are the
++ethernet vendor codes as assigned
++by the IEEE which can be found at
++.LP
++.RS
++.I http://standards.ieee.org/regauth/oui/oui.txt
++.RE
++.SH BUGS
++Please send bug reports to arpwatch@ee.lbl.gov.
++.SH AUTHORS
++Craig Leres of the
++Lawrence Berkeley National Laboratory Network Research Group,
++University of California, Berkeley, CA.
++.LP
++The current version is available via anonymous ftp:
++.LP
++.RS
++.I ftp://ftp.ee.lbl.gov/arpwatch.tar.gz
++.RE
++.LP
++This manual page was contributed by Hugo Graumann.

arpwatch-2.1a15-lookupiselect.patch

@@ -0,0 +1,103 @@
+Note by jsynacek:
+This patch should be rewritten. There's no reason to be using a static variable
+and returning its content from a function (in iterate_dev()). Also, some things
+should be simplified (like iterate_dev()).
+
+diff -up ./arpwatch.c.iselect ./arpwatch.c
+--- ./arpwatch.c.iselect	2012-10-15 16:01:24.701335291 +0200
++++ ./arpwatch.c	2012-10-15 16:07:18.626322639 +0200
+@@ -162,50 +162,52 @@ void dropprivileges(const char* user)
+ }
+ 
+ char *
+-get_first_dev(pcap_t **pd, int *linktype, char *errbuf)
++try_dev(char *interface, pcap_t **pd, int *linktype, char *errbuf)
+ {
+-	static char interface[IF_NAMESIZE + 1];
+ 	register int snaplen, timeout;
+-	pcap_if_t *alldevs;
+-	pcap_if_t *dev;
+-	char *ret = NULL;
+ 
+ 	snaplen = max(sizeof(struct ether_header),
+ 				  sizeof(struct fddi_header)) + sizeof(struct ether_arp);
+ 	timeout = 1000;
+ 
+-	if (pcap_findalldevs(&alldevs, errbuf) == -1) {
+-		(void)fprintf(stderr, "%s: lookup_device: %s\n",
+-					  prog, errbuf);
+-		exit(1);
++	*pd = pcap_open_live(interface, snaplen, 1, timeout, errbuf);
++	if (NULL == *pd) {
++		syslog(LOG_ERR, "pcap open %s: %s", interface,  errbuf);
++		return NULL;
+ 	}
++	*linktype = pcap_datalink(*pd);
++	/* Must be ethernet or fddi */
++	if (*linktype != DLT_EN10MB && *linktype != DLT_FDDI) {
++		syslog(LOG_ERR, "(%s) Link layer type %d not ethernet or fddi",
++			   interface, *linktype);
++		pcap_close(*pd);
++		return NULL;
++	}
++	return interface;
++}
+ 
+-	for (dev = alldevs; dev; dev = dev->next) {
+-		strncpy(interface, dev->name, strlen(dev->name)+1);
+-
+-		*pd = pcap_open_live(interface, snaplen, 1, timeout, errbuf);
+-		if (*pd == NULL) {
+-			syslog(LOG_ERR, "pcap open %s: %s, trying next...", interface, errbuf);
+-			continue;
+-			/* exit(1); */
+-		}
++char *
++iterate_dev(char *arginterface, pcap_t **pd, int *linktype, char *errbuf)
++{
++	static char interface[64 + 1];
++	pcap_if_t *alldevs;
++	pcap_if_t *dev;
+ 
+-		*linktype = pcap_datalink(*pd);
+-		/* Must be ethernet or fddi */
+-		if (*linktype != DLT_EN10MB && *linktype != DLT_FDDI) {
+-			syslog(LOG_ERR, "(%s) Link layer type %d not ethernet or fddi, trying next...",
+-				   interface, *linktype);
+-			pcap_close(*pd);
++	if (NULL != arginterface) {
++		return try_dev(arginterface, pd, linktype, errbuf);
++	} else {
++		if (pcap_findalldevs(&alldevs, errbuf) == -1) {
++			(void)fprintf(stderr, "%s: lookup_device: %s\n",
++						  prog, errbuf);
++			exit(1);
+ 		}
+-		else {
+-			/* First match, use it */
+-			ret = interface;
+-			break;
++		for (dev = alldevs; dev && (arginterface == NULL); dev = dev->next) {
++			strncpy(interface, dev->name, strlen(dev->name)+1);
++			arginterface = try_dev(interface, pd, linktype, errbuf);
+ 		}
+-
++		pcap_freealldevs(alldevs);
++		return arginterface;
+ 	}
+-	pcap_freealldevs(alldevs);
+-	return (ret);
+ }
+ 
+ int
+@@ -315,8 +317,8 @@ main(int argc, char **argv)
+ 	} else {
+ 
+ 		/* Determine interface if not specified */
+-		if (interface == NULL &&
+-			(interface = get_first_dev(&pd, &linktype, errbuf)) == NULL) {
++		interface = iterate_dev(interface, &pd, &linktype, errbuf);
++		if (interface == NULL) {
+ 			(void)fprintf(stderr, "%s: lookup_device: no suitable interface found\n",
+ 						  prog);
+ 			exit(1);

arpwatch-2.1a15-nolocalpcap.patch

@@ -0,0 +1,10 @@
+--- arpwatch-2.1a15/configure.nolocalpcap	2006-06-21 22:32:38.000000000 +0200
++++ arpwatch-2.1a15/configure	2006-11-09 15:04:35.000000000 +0100
+@@ -4956,6 +4956,7 @@
+     places=`ls .. | sed -e 's,/$,,' -e 's,^,../,' | \
+ 	egrep '/libpcap-[0-9]*\.[0-9]*(\.[0-9]*)?([ab][0-9]*)?$'`
+     for dir in $places ../libpcap libpcap ; do
++	    break
+ 	    basedir=`echo $dir | sed -e 's/[ab][0-9]*$//'`
+ 	    if test $lastdir = $basedir ; then
+ 		    		    continue;

arpwatch-2.1a4-fhs.patch

@@ -0,0 +1,20 @@
+--- arpwatch-2.1a4/Makefile.in.fhs	Sun Jun 18 08:26:28 2000
++++ arpwatch-2.1a4/Makefile.in	Sun Jun 18 08:27:21 2000
+@@ -109,13 +109,13 @@
+ 	$(CC) $(CFLAGS) -o $@ zap.o intoa.o -lutil
+ 
+ install: force
+-	$(INSTALL) -m 555 -o bin -g bin arpwatch $(DESTDIR)$(BINDEST)
+-	$(INSTALL) -m 555 -o bin -g bin arpsnmp $(DESTDIR)$(BINDEST)
++	$(INSTALL) -m 755 arpwatch $(DESTDIR)$(BINDEST)
++	$(INSTALL) -m 755 arpsnmp $(DESTDIR)$(BINDEST)
+ 
+ install-man: force
+-	$(INSTALL) -m 444 -o bin -g bin $(srcdir)/arpwatch.8 \
++	$(INSTALL) -m 644 $(srcdir)/arpwatch.8 \
+ 	    $(DESTDIR)$(MANDEST)/man8
+-	$(INSTALL) -m 444 -o bin -g bin $(srcdir)/arpsnmp.8 \
++	$(INSTALL) -m 644 $(srcdir)/arpsnmp.8 \
+ 	    $(DESTDIR)$(MANDEST)/man8
+ 
+ lint:	$(GENSRC) force

arpwatch-3.1-all-zero-bogon.patch

@@ -1,23 +0,0 @@
-RHBZ #244606: Correctly handle -n 0/32 to allow the user to disable reporting
-bogons from 0.0.0.0.
-
-diff -Naur arpwatch-3.1-original/arpwatch.c arpwatch-3.1/arpwatch.c
---- arpwatch-3.1-original/arpwatch.c	2019-11-30 13:35:23.000000000 -0500
-+++ arpwatch-3.1/arpwatch.c	2020-11-07 12:10:53.357839069 -0500
-@@ -814,10 +814,12 @@
- 
- 	/* XXX hack */
- 	n = ntohl(inet_addr(tstr));
--	while ((n & 0xff000000) == 0) {
--		n <<= 8;
--		if (n == 0)
--			return (0);
-+	if (n || width != 32) {
-+		while ((n & 0xff000000) == 0) {
-+			n <<= 8;
-+			if (n == 0)
-+				return (0);
-+		}
- 	}
- 	n = htonl(n);
- 

arpwatch-3.1-arp2ethers-sort-invocation.patch

@@ -1,15 +0,0 @@
-Fix nonstandard sort flags (obsolete + notation for keys, available in some
-BSDs for compatibility but non-POSIX and not supported by GNU sort).
-
-diff -Naur arpwatch-3.1-original/arp2ethers arpwatch-3.1/arp2ethers
---- arpwatch-3.1-original/arp2ethers	2013-02-16 03:10:28.000000000 -0500
-+++ arpwatch-3.1/arp2ethers	2020-11-07 11:22:04.762234105 -0500
-@@ -13,7 +13,7 @@
- #	- sort
- #
- 
--sort +2rn arp.dat |
-+sort -k 2 -rn arp.dat |
-     awk 'NF == 4 { print }' |
-     awk -f p.awk |
-     egrep -v '\.[0-9][0-9]*$' |

arpwatch-3.1-arpfetch-stray-rm.patch

@@ -1,11 +0,0 @@
-Fix stray rm (of an undefined variable).
-
-diff -Naur arpwatch-3.1-original/arpfetch arpwatch-3.1/arpfetch
---- arpwatch-3.1-original/arpfetch	2013-02-16 03:10:28.000000000 -0500
-+++ arpwatch-3.1/arpfetch	2020-11-07 11:22:59.344575624 -0500
-@@ -29,5 +29,3 @@
- 	    ea = $2
- 	    print ea "\t" ip
-     }'
--
--rm -f ${t1}

arpwatch-3.1-configure-no-local-pcap.patch

@@ -1,15 +0,0 @@
-Do not attempt to search for local libpcap libraries lying around in the parent
-of the build directory, or anywhere else random. This is not expected to
-succeed anyway, but it is better to be sure.
-
-diff -Naur arpwatch-3.1-original/configure arpwatch-3.1/configure
---- arpwatch-3.1-original/configure	2020-04-05 20:22:04.000000000 -0400
-+++ arpwatch-3.1/configure	2020-11-07 11:59:40.114550004 -0500
-@@ -5437,6 +5437,7 @@
-     places=`ls .. | sed -e 's,/$,,' -e 's,^,../,' | \
- 	egrep '/libpcap-[0-9]*\.[0-9]*(\.[0-9]*)?([ab][0-9]*)?$'`
-     for dir in $places ../libpcap libpcap ; do
-+	    break
- 	    basedir=`echo $dir | sed -e 's/[ab][0-9]*$//'`
- 	    if test $lastdir = $basedir ; then
- 		    		    continue;

arpwatch-3.1-man-references.patch

@@ -1,76 +0,0 @@
-Fix section numbers in man page cross-references. With minor changes, this
-patch dates all the way back to arpwatch-2.1a4-man.patch, from RHBZ#15442.
-
-diff -Naur arpwatch-3.1-original/arpsnmp.8.in arpwatch-3.1/arpsnmp.8.in
---- arpwatch-3.1-original/arpsnmp.8.in	2019-12-01 14:01:07.000000000 -0500
-+++ arpwatch-3.1/arpsnmp.8.in	2020-11-05 15:13:01.296113145 -0500
-@@ -45,7 +45,7 @@
- and reports certain changes via email.
- .Nm
- reads information from a file (usually generated by
--.Xr snmpwalk 3 ) .
-+.Xr snmpwalk 1 ) .
- .Pp
- The format of the input file is the same as
- .Ar arp.dat ;
-@@ -119,9 +119,9 @@
- .Pp
- .Sh "REPORT MESSAGES"
- See the
--.Xr arpwatch 1
-+.Xr arpwatch 8
- man page for details on the report messages generated by
--.Xr arpsnmp 1 .
-+.Xr arpsnmp 8 .
- .Sh FILES
- .Bl -tag -width ".Pa /usr/local/arpwatch" -compact
- .It Pa /usr/local/arpwatch
-@@ -132,7 +132,7 @@
- vendor ethernet block list
- .Sh "SEE ALSO"
- .Xr arpwatch 8 ,
--.Xr snmpwalk 8 ,
-+.Xr snmpwalk 1 ,
- .Xr arp 8 ,
- .Sh AUTHORS
- .An Craig Leres
-diff -Naur arpwatch-3.1-original/arpwatch.8.in arpwatch-3.1/arpwatch.8.in
---- arpwatch-3.1-original/arpwatch.8.in	2019-12-01 14:01:07.000000000 -0500
-+++ arpwatch-3.1/arpwatch.8.in	2020-11-05 15:14:12.117564292 -0500
-@@ -117,9 +117,9 @@
- .Fl r
- flag is used to specify a savefile
- (perhaps created by
--.Xr tcpdump 1
-+.Xr tcpdump 8
- or
--.Xr pcapture 1 )
-+.Xr pcapture 8 )
- to read from instead
- of reading from the network. In this case
- .Nm
-@@ -163,9 +163,9 @@
- .Pp
- .Sh "REPORT MESSAGES"
- Here's a quick list of the report messages generated by
--.Xr arpwatch 1
-+.Xr arpwatch 8
- (and
--.Xr arpsnmp 1 ) :
-+.Xr arpsnmp 8 ) :
- .Pp
- .Bl -tag -width xxx
- .It Ic "new activity"
-@@ -216,9 +216,9 @@
- .Sh "SEE ALSO"
- .Xr arpsnmp 8 ,
- .Xr arp 8 ,
--.Xr bpf 4 ,
--.Xr tcpdump 1 ,
--.Xr pcapture 1 ,
-+.Xr bpf 2 ,
-+.Xr tcpdump 8 ,
-+.Xr pcapture 8 ,
- .Xr pcap 3
- .Sh AUTHORS
- .An Craig Leres

arpwatch-3.2-change-user.patch

@@ -1,146 +0,0 @@
-Add, and document, a -u argument to change to a specified unprivileged user
-after establishing sockets.
-
-This patch rebases and combines arpwatch-drop.patch, which provided -u;
-arpwatch-drop-man.patch, which documented it; and
-arpwatch-2.1a15-dropgroup.patch, which fixed CVE-2012-2653 (RHBZ #825328) in
-the original arpwatch-drop.patch, into a single combined patch. It also removes
-an unnecessary and unchecked strdup() in the original patch that could have
-theoretically led to a null pointer dereference.
-
-diff -Naur arpwatch-3.2-original/arpwatch.8.in arpwatch-3.2/arpwatch.8.in
---- arpwatch-3.2-original/arpwatch.8.in	2021-12-14 19:47:54.000000000 -0500
-+++ arpwatch-3.2/arpwatch.8.in	2021-12-16 08:18:21.803266980 -0500
-@@ -43,6 +43,7 @@
- .Op Fl n Ar net[/width]
- .Op Fl x Ar net[/width]
- .Op Fl r Ar file
-+.Op Fl u Ar username
- .Sh DESCRIPTION
- .Nm
- keeps track of ethernet/ip address pairings. It syslogs activity
-@@ -137,13 +138,30 @@
- Note that an empty
- .Ar arp.dat
- file must be created before the first time you run
--.Fl arpwatch .
-+.Nm .
-+Also, the default directory (where
-+.Ar arp.dat
-+is stored) must be owned by
-+.Ar username
-+if the
-+.Fl u
-+flag is used.
- .Pp
- The
- .Fl s
- flag suppresses reports sent by email.
- .Pp
- The
-+.Fl u
-+flag causes
-+.Nm
-+to drop root privileges and change user ID to
-+.Ar username
-+and group ID to that of the primary group of
-+.Ar username .
-+This is recommended for security reasons.
-+.Pp
-+The
- .Fl v
- flag disables the reporting of VRRP/CARP ethernet prefixes as
- described in RFC5798 (@MACZERO@0:@MACZERO@0:5e:@MACZERO@0:@MACZERO@1:xx).
-diff -Naur arpwatch-3.2-original/arpwatch.c arpwatch-3.2/arpwatch.c
---- arpwatch-3.2-original/arpwatch.c	2019-11-30 13:35:23.000000000 -0500
-+++ arpwatch-3.2/arpwatch.c	2021-12-16 08:18:21.812267045 -0500
-@@ -72,6 +72,8 @@
- #include <syslog.h>
- #include <unistd.h>
- 
-+#include <grp.h>
-+#include <pwd.h>
- #include <pcap.h>
- 
- #include "gnuc.h"
-@@ -170,6 +172,24 @@
- int	toskip(u_int32_t);
- void	usage(void) __attribute__((noreturn));
- 
-+void dropprivileges(const char* user)
-+{
-+	struct passwd* const pw = getpwnam(user);
-+	if (pw) {
-+		if (setgid(pw->pw_gid) != 0 || setgroups(0, NULL) != 0 ||
-+				setuid(pw->pw_uid) != 0) {
-+			lg(LOG_ERR, "Couldn't change to '%.32s' uid=%d gid=%d",
-+				       user, pw->pw_uid, pw->pw_gid);
-+			exit(1);
-+		}
-+	} else {
-+		lg(LOG_ERR, "Couldn't find user '%.32s' in /etc/passwd",
-+			       user);
-+		exit(1);
-+	}
-+	lg(LOG_DEBUG, "Running as uid=%d gid=%d", getuid(), getgid());
-+}
-+
- int
- main(int argc, char **argv)
- {
-@@ -181,6 +201,7 @@
- 	char *interface, *rfilename;
- 	struct bpf_program code;
- 	char errbuf[PCAP_ERRBUF_SIZE];
-+	char* serveruser = NULL;
- 
- 	if (argv[0] == NULL)
- 		prog = "arpwatch";
-@@ -198,7 +219,7 @@
- 	interface = NULL;
- 	rfilename = NULL;
- 	pd = NULL;
--	while ((op = getopt(argc, argv, "CdD:Ff:i:n:NpP:qr:svw:W:x:zZ")) != EOF)
-+	while ((op = getopt(argc, argv, "CdD:Ff:i:n:NpP:qr:svw:W:x:zZu:")) != EOF)
- 		switch (op) {
- 
- 		case 'C':
-@@ -283,6 +304,17 @@
- 			zeropad = 1;
- 			break;
- 
-+		case 'u':
-+			if (optarg) {
-+				/* no need to strdup() a pointer into the
-+				 * original arguments vector */
-+				serveruser = optarg;
-+			} else {
-+				fprintf(stderr, "%s: Need username after -u\n", prog);
-+				usage();
-+			}
-+			break;
-+
- 		default:
- 			usage();
- 		}
-@@ -379,6 +411,11 @@
- 		}
- 	}
- 
-+	/* Explicit user change (privilege drop) with -u? */
-+	if (serveruser) {
-+		dropprivileges(serveruser);
-+	}
-+
- 	/*
- 	 * Revert to non-privileged user after opening sockets
- 	 * (not needed on most systems).
-@@ -927,6 +964,7 @@
- 	    "usage: %s [-CdFNpqsvzZ] [-D arpdir] [-f datafile]"
- 	    " [-i interface]\n\t"
- 	    " [-P pidfile] [-w watcher@email] [-W watchee@email]\n\t"
--	    " [-n net[/width]] [-x net[/width]] [-r file]\n", prog);
-+	    " [-n net[/width]] [-x net[/width]] [-r file] [-u username]\n",
-+	    prog);
- 	exit(1);
- }

arpwatch-3.3-c99.patch

@@ -1,17 +0,0 @@
-diff --git a/dns.c b/dns.c
-index 82106e1244f94aec..75cc27b6775649f7 100644
---- a/dns.c
-+++ b/dns.c
-@@ -115,10 +115,10 @@ gethinfo(char *hostname, char *cpu, int cpulen, char *os, int oslen)
- 		    (u_char *)cp, (char *)bp, buflen)) < 0)
- 			break;
- 		cp += n;
--		type = _getshort(cp);
-+		type = ns_get16(cp);
- 		cp += sizeof(u_short);			/* class */
- 		cp += sizeof(u_short) + sizeof(u_int32_t);
--		n = _getshort(cp);
-+		n = ns_get16(cp);
- 		cp += sizeof(u_short);
- 		if (type == T_HINFO) {
- 			/* Unpack */

arpwatch-3.5-devlookup.patch

@@ -1,138 +0,0 @@
-diff -Naur arpwatch-3.5-original/arpwatch.c arpwatch-3.5/arpwatch.c
---- arpwatch-3.5-original/arpwatch.c	2023-12-03 13:10:05.000000000 -0500
-+++ arpwatch-3.5/arpwatch.c	2023-12-03 20:06:32.694857659 -0500
-@@ -163,6 +163,8 @@
- void	hup(int);
- int	isbogon(u_int32_t);
- int	main(int, char **);
-+int     try_open_live(pcap_t ** pd_ptr, char const * interface_name,
-+	       int promiscuous_enable);
- void	process_ether(u_char *, const struct pcap_pkthdr *, const u_char *);
- void	process_fddi(u_char *, const struct pcap_pkthdr *, const u_char *);
- int	readsnmp(char *);
-@@ -179,7 +181,7 @@
- 	int op, snaplen, timeout, linktype, status;
- 	pcap_t *pd;
- 	FILE *fp;
--	pcap_if_t *alldevs;
-+	pcap_if_t *alldevs, *dev;
- 	char *interface, *rfilename;
- 	struct bpf_program code;
- 	char errbuf[PCAP_ERRBUF_SIZE];
-@@ -311,13 +313,18 @@
- 				    "%s: pcap_findalldevs: %s\n", prog, errbuf);
- 				exit(1);
- 			}
--			if (alldevs == NULL) {
-+			for (dev = alldevs; dev; dev = dev->next) {
-+				if (try_open_live(&pd, dev->name, promisc)) {
-+					interface = savestr(alldevs->name);
-+					break;
-+				}
-+			}
-+			pcap_freealldevs(alldevs);
-+			if (interface == NULL) {
- 				(void)fprintf(stderr, "%s: pcap_findalldevs:"
- 				    " no suitable devices found\n", prog);
- 				exit(1);
- 			}
--			interface = savestr(alldevs->name);
--			pcap_freealldevs(alldevs);
- #else
- 			if (interface = pcap_lookupdev(errbuf)) == NULL) {
- 				(void)fprintf(stderr,
-@@ -356,15 +363,12 @@
- 		}
- 		swapped = pcap_is_swapped(pd);
- 	} else {
--		snaplen = max(sizeof(struct ether_header),
--		    sizeof(struct fddi_header)) + sizeof(struct ether_arp);
--		timeout = 1000;
--		pd = pcap_open_live(interface, snaplen, promisc, timeout,
--		    errbuf);
- 		if (pd == NULL) {
--			lg(LOG_ERR, "pcap open %s: %s", interface, errbuf);
--			exit(1);
-+			if (!try_open_live(&pd, interface, promisc)) {
-+				exit(1);
-+			}
- 		}
-+		/* else pd was already opened based on pcap_findalldevs */
- #ifdef WORDS_BIGENDIAN
- 		swapped = 1;
- #endif
-@@ -454,6 +458,74 @@
- 	exit(0);
- }
- 
-+int
-+try_open_live(pcap_t ** pd_ptr, char const * interface_name, int promiscuous_enable) {
-+	/* Attempt to open an interface and set up a supported datalink type;
-+	 * return nonzero on success and zero on failure (and log a message).
-+	 */
-+	int snaplen, timeout, n_datalinks, datalink_i;
-+	int * datalinks, datalink;
-+	char errbuf[PCAP_ERRBUF_SIZE];
-+
-+	snaplen = max(sizeof(struct ether_header),
-+	    sizeof(struct fddi_header)) + sizeof(struct ether_arp);
-+	timeout = 1000;
-+	datalinks = NULL;
-+
-+	/* Just in case... */
-+	if (*pd_ptr != NULL) {
-+		pcap_close(*pd_ptr);
-+		*pd_ptr = NULL;
-+	}
-+
-+	*pd_ptr = pcap_open_live(interface_name, snaplen, promiscuous_enable,
-+	    timeout, errbuf);
-+	if (*pd_ptr == NULL) {
-+		lg(LOG_ERR, "pcap open %s: %s", interface_name, errbuf);
-+		goto fail;
-+	}
-+
-+	/* Must be able to select an ethernet or fddi datalink */
-+	n_datalinks = pcap_list_datalinks(*pd_ptr, &datalinks);
-+	if (n_datalinks < 0) {
-+		lg(LOG_ERR, "pcap_list_datalinks %s: %s", interface_name,
-+		    pcap_geterr(*pd_ptr));
-+		goto fail;
-+	}
-+	for (datalink_i = 0; datalink_i < n_datalinks; ++datalink_i) {
-+		switch (datalinks[datalink_i]) {
-+		case DLT_EN10MB:
-+		case DLT_FDDI:
-+			break;
-+		default:
-+			continue; /* unsupported; try the next datalink */
-+		}
-+		if (pcap_set_datalink(*pd_ptr, datalinks[datalink_i]) != 0) {
-+			lg(LOG_ERR, "pcap_set_datalink %s %d: %s",
-+			    interface_name, datalinks[datalink_i],
-+			    pcap_geterr(*pd_ptr));
-+			continue;
-+		}
-+		break; /* success */
-+	}
-+	if (datalink_i >= n_datalinks) {
-+		lg(LOG_ERR, "no ethernet or fddi datalink for %s",
-+		    interface_name);
-+		goto fail;
-+	}
-+
-+	free(datalinks);
-+	return 1; /* success */
-+
-+fail:
-+	if (*pd_ptr != NULL) {
-+		pcap_close(*pd_ptr);
-+		*pd_ptr = NULL;
-+	}
-+	free(datalinks);
-+	return 0; /* failure */
-+}
-+
- /* Process an ethernet arp/rarp packet */
- void
- process_ether(u_char *u, const struct pcap_pkthdr *h, const u_char *p)

arpwatch-3.5-exitcode.patch

@@ -1,12 +0,0 @@
-diff -Naur arpwatch-3.5-original/arpwatch.c arpwatch-3.5/arpwatch.c
---- arpwatch-3.5-original/arpwatch.c	2023-12-03 13:10:05.000000000 -0500
-+++ arpwatch-3.5/arpwatch.c	2023-12-03 20:04:01.834691097 -0500
-@@ -915,7 +915,7 @@
- {
- 	lg(LOG_DEBUG, "exiting");
- 	checkpoint(0);
--	exit(1);
-+	exit(0);
- }
- 
- void

arpwatch-3.9-no-usr-local-path.patch

@@ -1,40 +0,0 @@
-Do not add /usr/local/bin or /usr/local/sbin to the PATH in any scripts.
-
-diff -Naur arpwatch-3.9-original/arpfetch arpwatch-3.9/arpfetch
---- arpwatch-3.9-original/arpfetch	2013-02-16 08:10:28.000000000 +0000
-+++ arpwatch-3.9/arpfetch	2025-10-23 23:27:24.285711332 +0100
-@@ -4,8 +4,6 @@
- # arpfetch - collect arp data from a cisco using net-snmp
- #
- 
--export PATH="/usr/local/bin:${PATH}"
--
- prog=`basename $0`
- 
- if [ $# -ne 2 ]; then
-diff -Naur arpwatch-3.9-original/bihourly.sh arpwatch-3.9/bihourly.sh
---- arpwatch-3.9-original/bihourly.sh	2016-09-17 03:40:54.000000000 +0100
-+++ arpwatch-3.9/bihourly.sh	2025-10-23 23:27:24.285849999 +0100
-@@ -3,9 +3,6 @@
- #
- #  bihourly arpwatch job
- #
--PATH=${PATH}:/usr/local/sbin
--export PATH
--#
- cd /usr/local/arpwatch
- #
- list="`cat list`"
-diff -Naur arpwatch-3.9-original/update-ethercodes.sh.in arpwatch-3.9/update-ethercodes.sh.in
---- arpwatch-3.9-original/update-ethercodes.sh.in	2025-10-23 20:32:08.000000000 +0100
-+++ arpwatch-3.9/update-ethercodes.sh.in	2025-10-23 23:27:50.579194300 +0100
-@@ -6,9 +6,6 @@
- 
- prog="`basename $0`"
- 
--PATH=/usr/local/bin:${PATH}
--export PATH
--
- t1=`mktemp /tmp/${prog}.1.XXXXXX`
- 
- trap 'rm -f ${t1}; exit 1' 1 2 3 15 EXIT

arpwatch-addr.patch

@@ -0,0 +1,232 @@
+--- arpwatch-2.1a11/addresses.h.in.addr	Wed Jun  5 00:40:29 1996
++++ arpwatch-2.1a11/addresses.h.in	Wed Jul 31 17:39:38 2002
+@@ -1,2 +1,4 @@
+ #define WATCHER "root"
+-#define WATCHEE "arpwatch (Arpwatch)"
++#define WATCHEE "root (Arpwatch)"
++extern char *watcher;
++extern char *watchee;
+--- arpwatch-2.1a11/arpsnmp.8.addr	Sun Sep 17 15:34:48 2000
++++ arpwatch-2.1a11/arpsnmp.8	Fri Aug  2 15:15:31 2002
+@@ -30,6 +30,12 @@
+ ] [
+ .B -f
+ .I datafile
++] [
++.B -e
++.I username
++] [
++.B -s
++.I username
+ ]
+ .I file
+ [
+@@ -59,6 +65,27 @@
+ .I arp.dat
+ file must be created before the first time you run
+ .BR arpsnmp .
++.LP
++If the
++.B -e 
++flag is used, 
++.B arpsnmp
++sends e-mail messages to
++.I username
++rather than the default (root).
++If a single `-' character is given for the username,
++sending of e-mail is suppressed,
++but logging via syslog is still done as usual.
++(This can be useful during initial runs, to collect data
++without being flooded with messages about new stations.)
++.LP
++If the
++.B -s 
++flag is used, 
++.B arpsnmp
++sends e-mail messages with
++.I username
++as the return address, rather than the default (root).
+ .LP
+ .SH "REPORT MESSAGES"
+ (See the
+--- arpwatch-2.1a11/arpsnmp.c.addr	Sun Jan 17 19:47:40 1999
++++ arpwatch-2.1a11/arpsnmp.c	Fri Aug  2 15:17:16 2002
+@@ -59,6 +59,7 @@
+ #include "file.h"
+ #include "machdep.h"
+ #include "util.h"
++#include "addresses.h"
+ 
+ /* Forwards */
+ int	main(int, char **);
+@@ -90,7 +91,7 @@
+ 	}
+ 
+ 	opterr = 0;
+-	while ((op = getopt(argc, argv, "df:")) != EOF)
++	while ((op = getopt(argc, argv, "df:e:s:")) != EOF)
+ 		switch (op) {
+ 
+ 		case 'd':
+@@ -105,6 +106,24 @@
+ 			arpfile = optarg;
+ 			break;
+ 
++		case 'e':
++			if ( optarg ) {
++				watcher = strdup(optarg);
++			} else {
++				(void)fprintf(stderr, "%s: Need recipient username/e-mail address after -e\n", prog);
++				usage();
++			}
++			break;
++
++		case 's':
++			if ( optarg ) {
++				watchee = strdup(optarg);
++			} else {
++				(void)fprintf(stderr, "%s: Need sender username/e-mail address after -s\n", prog);
++				usage();
++			}
++			break;
++
+ 		default:
+ 			usage();
+ 		}
+@@ -184,6 +203,6 @@
+ 
+ 	(void)fprintf(stderr, "Version %s\n", version);
+ 	(void)fprintf(stderr,
+-	    "usage: %s [-d] [-f datafile] file [...]\n", prog);
++	    "usage: %s [-d] [-f datafile] [-e username] [-s username] file [...]\n", prog);
+ 	exit(1);
+ }
+--- arpwatch-2.1a11/arpwatch.8.addr	Thu Aug  1 13:45:36 2002
++++ arpwatch-2.1a11/arpwatch.8	Thu Aug  1 14:08:05 2002
+@@ -46,6 +46,12 @@
+ ] [
+ .B -u
+ .I username
++] [
++.B -e
++.I username
++] [
++.B -s
++.I username
+ ]
+ .ad
+ .SH DESCRIPTION
+@@ -106,6 +112,27 @@
+ and group ID to that of the primary group of 
+ .IR username .
+ This is recommended for security reasons.
++.LP
++If the
++.B -e 
++flag is used, 
++.B arpwatch
++sends e-mail messages to
++.I username
++rather than the default (root).
++If a single `-' character is given for the username,
++sending of e-mail is suppressed,
++but logging via syslog is still done as usual.
++(This can be useful during initial runs, to collect data
++without being flooded with messages about new stations.)
++.LP
++If the
++.B -s 
++flag is used, 
++.B arpwatch
++sends e-mail messages with
++.I username
++as the return address, rather than the default (root).
+ .LP
+ Note that an empty
+ .I arp.dat
+--- arpwatch-2.1a11/arpwatch.c.addr	Thu Aug  1 13:45:36 2002
++++ arpwatch-2.1a11/arpwatch.c	Thu Aug  1 13:47:35 2002
+@@ -78,6 +78,7 @@
+ #include "machdep.h"
+ #include "setsignal.h"
+ #include "util.h"
++#include "addresses.h"
+ 
+ /* Some systems don't define these */
+ #ifndef ETHERTYPE_REVARP
+@@ -190,7 +191,7 @@
+ 	interface = NULL;
+ 	rfilename = NULL;
+ 	pd = NULL;
+-	while ((op = getopt(argc, argv, "df:i:n:Nr:u:")) != EOF)
++	while ((op = getopt(argc, argv, "df:i:n:Nr:u:e:s:")) != EOF)
+ 		switch (op) {
+ 
+ 		case 'd':
+@@ -232,6 +233,26 @@
+ 			}
+ 			break;
+ 
++		case 'e':
++			if ( optarg ) {
++				watcher = strdup(optarg);
++			}
++			else {
++				fprintf(stderr, "%s: Need recipient username/e-mail address after -e\n", prog);
++				usage();
++			}
++			break;
++
++		case 's':
++			if ( optarg ) {
++				watchee = strdup(optarg);
++			}
++			else {
++				fprintf(stderr, "%s: Need sender username/e-mail address after -s\n", prog);
++				usage();
++			}
++			break;
++
+ 		default:
+ 			usage();
+ 		}
+@@ -784,6 +805,7 @@
+ 
+ 	(void)fprintf(stderr, "Version %s\n", version);
+ 	(void)fprintf(stderr, "usage: %s [-dN] [-f datafile] [-i interface]"
+-	    " [-n net[/width]] [-r file] [-u username]\n", prog);
++	    " [-n net[/width]] [-r file] [-u username]"
++	    " [-e username] [-s username]\n", prog);
+ 	exit(1);
+ }
+--- arpwatch-2.1a11/report.c.addr	Sat Sep 30 18:41:10 2000
++++ arpwatch-2.1a11/report.c	Thu Aug  1 14:16:43 2002
+@@ -70,6 +70,9 @@
+ 
+ #define PLURAL(n) ((n) == 1 || (n) == -1 ? "" : "s")
+ 
++char *watcher = WATCHER;
++char *watchee = WATCHEE;
++
+ static int cdepth;	/* number of outstanding children */
+ 
+ static char *fmtdate(time_t);
+@@ -240,8 +243,6 @@
+ 	register FILE *f;
+ 	char tempfile[64], cpu[64], os[64];
+ 	char *fmt = "%20s: %s\n";
+-	char *watcher = WATCHER;
+-	char *watchee = WATCHEE;
+ 	char *sendmail = PATH_SENDMAIL;
+ 	char *unknown = "<unknown>";
+ 	char buf[132];
+@@ -258,6 +259,9 @@
+ 		}
+ 		f = stdout;
+ 		(void)putc('\n', f);
++	} else if (watcher == NULL || *watcher == NULL || *watcher == '-') {
++		dosyslog(LOG_NOTICE, title, a, e1, e2);
++		return;
+ 	} else {
+ 		/* Setup child reaper if we haven't already */
+ 		if (!init) {

arpwatch-dir-man.patch

@@ -0,0 +1,22 @@
+--- arpwatch-2.1a15/arpsnmp.8.dirman	2006-11-02 17:00:58.000000000 +0100
++++ arpwatch-2.1a15/arpsnmp.8	2006-11-02 17:23:58.000000000 +0100
+@@ -96,7 +96,7 @@
+ .na
+ .nh
+ .nf
+-/usr/operator/arpwatch - default directory
++/var/lib/arpwatch - default directory
+ arp.dat - ethernet/ip address database
+ ethercodes.dat - vendor ethernet block list
+ .ad
+--- arpwatch-2.1a15/arpwatch.8.dirman	2006-11-02 17:00:58.000000000 +0100
++++ arpwatch-2.1a15/arpwatch.8	2006-11-02 17:24:07.000000000 +0100
+@@ -198,7 +198,7 @@
+ .na
+ .nh
+ .nf
+-/usr/operator/arpwatch - default directory
++/var/lib/arpwatch - default directory
+ arp.dat - ethernet/ip address database
+ ethercodes.dat - vendor ethernet block list
+ .ad

arpwatch-drop-man.patch

@@ -0,0 +1,48 @@
+--- arpwatch.8.orig	Sun Oct  8 23:31:28 2000
++++ arpwatch.8	Mon Oct 16 16:46:19 2000
+@@ -36,13 +36,16 @@
+ .I interface
+ ]
+ .br
+-.ti +8
++.ti +9
+ [
+ .B -n
+ .IR net [/ width
+ ]] [
+ .B -r
+ .I file
++] [
++.B -u
++.I username
+ ]
+ .ad
+ .SH DESCRIPTION
+@@ -94,10 +97,26 @@
+ .B arpwatch
+ does not fork.
+ .LP
++If 
++.B -u 
++flag is used, 
++.B arpwatch
++drops root privileges and changes user ID to
++.I username
++and group ID to that of the primary group of 
++.IR username .
++This is recommended for security reasons.
++.LP
+ Note that an empty
+ .I arp.dat
+ file must be created before the first time you run
+-.BR arpwatch .
++.BR arpwatch . 
++Also, the default directory (where arp.dat is stored) must be owned
++by 
++.I username
++if 
++.BR -u
++flag is used.
+ .LP
+ .SH "REPORT MESSAGES"
+ Here's a quick list of the report messages generated by

arpwatch-drop.patch

@@ -0,0 +1,93 @@
+--- arpwatch-2.1a10/arpwatch.c	Sat Oct 14 05:07:35 2000
++++ arpwatch-2.1a10/arpwatch.c	Sun Jun 10 16:22:57 2001
+@@ -62,7 +62,7 @@
+ #include <string.h>
+ #include <syslog.h>
+ #include <unistd.h>
+-
++#include <pwd.h>
+ #include <pcap.h>
+ 
+ #include "gnuc.h"
+@@ -141,6 +141,25 @@
+ int	sanity_fddi(struct fddi_header *, struct ether_arp *, int);
+ __dead	void usage(void) __attribute__((volatile));
+ 
++void dropprivileges(const char* user)
++{
++	struct passwd* pw;
++	pw = getpwnam( user );
++	if ( pw ) {
++		if ( initgroups(pw->pw_name, NULL) != 0 || setgid(pw->pw_gid) != 0 ||
++				 setuid(pw->pw_uid) != 0 ) {
++			syslog(LOG_ERR, "Couldn't change to '%.32s' uid=%d gid=%d", user,
++						 pw->pw_uid, pw->pw_gid);
++			exit(1);
++		}
++	}
++	else {
++		syslog(LOG_ERR, "Couldn't find user '%.32s' in /etc/passwd", user);
++		exit(1);
++	}
++	syslog(LOG_DEBUG, "Running as uid=%d gid=%d", getuid(), getgid());
++}
++
+ int
+ main(int argc, char **argv)
+ {
+@@ -153,6 +172,7 @@
+ 	register char *interface, *rfilename;
+ 	struct bpf_program code;
+ 	char errbuf[PCAP_ERRBUF_SIZE];
++	char* serveruser = NULL;
+ 
+ 	if (argv[0] == NULL)
+ 		prog = "arpwatch";
+@@ -170,7 +190,7 @@
+ 	interface = NULL;
+ 	rfilename = NULL;
+ 	pd = NULL;
+-	while ((op = getopt(argc, argv, "df:i:n:Nr:")) != EOF)
++	while ((op = getopt(argc, argv, "df:i:n:Nr:u:")) != EOF)
+ 		switch (op) {
+ 
+ 		case 'd':
+@@ -202,6 +222,16 @@
+ 			rfilename = optarg;
+ 			break;
+ 
++		case 'u':
++			if ( optarg ) {
++				serveruser = strdup(optarg);
++			}
++			else {
++				fprintf(stderr, "%s: Need username after -u\n", prog);
++				usage();
++			}
++			break;
++
+ 		default:
+ 			usage();
+ 		}
+@@ -283,8 +313,11 @@
+ 	 * Revert to non-privileged user after opening sockets
+ 	 * (not needed on most systems).
+ 	 */
+-	setgid(getgid());
+-	setuid(getuid());
++	/*setgid(getgid());*/
++	/*setuid(getuid());*/
++	if ( serveruser ) {
++		dropprivileges( serveruser );
++	}
+ 
+ 	/* Must be ethernet or fddi */
+ 	linktype = pcap_datalink(pd);
+@@ -751,6 +784,6 @@
+ 
+ 	(void)fprintf(stderr, "Version %s\n", version);
+ 	(void)fprintf(stderr, "usage: %s [-dN] [-f datafile] [-i interface]"
+-	    " [-n net[/width]] [-r file]\n", prog);
++	    " [-n net[/width]] [-r file] [-u username]\n", prog);
+ 	exit(1);
+ }

arpwatch-exitcode.patch

@@ -0,0 +1,12 @@
+diff -up arpwatch-2.1a15/arpwatch.c.exitcode arpwatch-2.1a15/arpwatch.c
+--- arpwatch-2.1a15/arpwatch.c.exitcode	2011-07-08 15:35:28.758414483 +0200
++++ arpwatch-2.1a15/arpwatch.c	2011-07-08 15:35:31.539417016 +0200
+@@ -782,7 +782,7 @@ die(int signo)
+ 
+ 	syslog(LOG_DEBUG, "exiting");
+ 	checkpoint(0);
+-	exit(1);
++	exit(0);
+ }
+ 
+ RETSIGTYPE

arpwatch-pie.patch

@@ -0,0 +1,18 @@
+--- arpwatch-2.1a15/Makefile.in	2013-04-23 11:17:51.994488347 +0200
++++ arpwatch-2.1a15/Makefile.in.new	2013-04-23 11:17:24.000000000 +0200
+@@ -48,12 +48,12 @@
+ DEFS = -DDEBUG @DEFS@ -DARPDIR=\"$(ARPDIR)\" -DPATH_SENDMAIL=\"$(SENDMAIL)\"
+ 
+ # Standard CFLAGS
+-CFLAGS = $(CCOPT) $(DEFS) $(INCLS)
++CFLAGS = $(CCOPT) $(DEFS) $(INCLS) -pie
+ 
+ # Standard LIBS
+-LIBS = @LIBS@
++LIBS = @LIBS@ -pie -Wl,-z,relro,-z,now
+ # Standard LIBS without libpcap.a
+-SLIBS = @LBL_LIBS@
++SLIBS = @LBL_LIBS@ -pie -Wl,-z,relro,-z,now
+ 
+ INSTALL = @INSTALL@
+ SENDMAIL = @V_SENDMAIL@

arpwatch-promisc.patch

@@ -0,0 +1,106 @@
+--- a/arpwatch.8	2016-01-26 10:13:58.344326599 +0100
++++ b/arpwatch.8	2016-01-26 09:59:46.620048949 +0100
+@@ -27,7 +27,7 @@ arpwatch - keep track of ethernet/ip add
+ .na
+ .B arpwatch
+ [
+-.B -dN
++.B -dNp
+ ] [
+ .B -f
+ .I datafile
+@@ -70,6 +70,10 @@ background and emailing the reports. Ins
+ .IR stderr .
+ .LP
+ The
++.B -p
++flag disables promiscous mode.
++.LP
++The
+ .B -f
+ flag is used to set the ethernet/ip address database filename.
+ The default is
+diff -rup arpwatch-2.1a15/arpwatch.c arpwatch-2.1a15-new/arpwatch.c
+--- a/arpwatch.c	2016-01-26 10:13:58.356326563 +0100
++++ b/arpwatch.c	2016-01-26 10:13:37.273390029 +0100
+@@ -162,7 +162,7 @@ void dropprivileges(const char* user)
+ }
+ 
+ char *
+-try_dev(char *interface, pcap_t **pd, int *linktype, char *errbuf)
++try_dev(char *interface, pcap_t **pd, int *linktype, int promisc, char *errbuf)
+ {
+ 	register int snaplen, timeout;
+ 
+@@ -170,7 +170,7 @@ try_dev(char *interface, pcap_t **pd, in
+ 				  sizeof(struct fddi_header)) + sizeof(struct ether_arp);
+ 	timeout = 1000;
+ 
+-	*pd = pcap_open_live(interface, snaplen, 1, timeout, errbuf);
++	*pd = pcap_open_live(interface, snaplen, promisc, timeout, errbuf);
+ 	if (NULL == *pd) {
+ 		syslog(LOG_ERR, "pcap open %s: %s", interface,  errbuf);
+ 		return NULL;
+@@ -187,14 +187,14 @@ try_dev(char *interface, pcap_t **pd, in
+ }
+ 
+ char *
+-iterate_dev(char *arginterface, pcap_t **pd, int *linktype, char *errbuf)
++iterate_dev(char *arginterface, pcap_t **pd, int *linktype, int promisc, char *errbuf)
+ {
+ 	static char interface[64 + 1];
+ 	pcap_if_t *alldevs;
+ 	pcap_if_t *dev;
+ 
+ 	if (NULL != arginterface) {
+-		return try_dev(arginterface, pd, linktype, errbuf);
++		return try_dev(arginterface, pd, linktype, promisc, errbuf);
+ 	} else {
+ 		if (pcap_findalldevs(&alldevs, errbuf) == -1) {
+ 			(void)fprintf(stderr, "%s: lookup_device: %s\n",
+@@ -203,7 +203,7 @@ iterate_dev(char *arginterface, pcap_t *
+ 		}
+ 		for (dev = alldevs; dev && (arginterface == NULL); dev = dev->next) {
+ 			strncpy(interface, dev->name, strlen(dev->name)+1);
+-			arginterface = try_dev(interface, pd, linktype, errbuf);
++			arginterface = try_dev(interface, pd, linktype, promisc, errbuf);
+ 		}
+ 		pcap_freealldevs(alldevs);
+ 		return arginterface;
+@@ -224,6 +224,7 @@ main(int argc, char **argv)
+ 	struct bpf_program code;
+ 	char errbuf[PCAP_ERRBUF_SIZE];
+ 	char* serveruser = NULL;
++	int promisc = 1;
+ 
+ 	if (argv[0] == NULL)
+ 		prog = "arpwatch";
+@@ -242,7 +243,7 @@ main(int argc, char **argv)
+ 	linktype = -1;
+ 	rfilename = NULL;
+ 	pd = NULL;
+-	while ((op = getopt(argc, argv, "df:i:n:Nr:u:e:s:")) != EOF)
++	while ((op = getopt(argc, argv, "df:i:n:Nr:u:e:s:p")) != EOF)
+ 		switch (op) {
+ 
+ 		case 'd':
+@@ -304,6 +305,10 @@ main(int argc, char **argv)
+ 			}
+ 			break;
+ 
++		case 'p':
++			promisc = 0;
++			break;
++
+ 		default:
+ 			usage();
+ 		}
+@@ -317,7 +322,7 @@ main(int argc, char **argv)
+ 	} else {
+ 
+ 		/* Determine interface if not specified */
+-		interface = iterate_dev(interface, &pd, &linktype, errbuf);
++		interface = iterate_dev(interface, &pd, &linktype, promisc, errbuf);
+ 		if (interface == NULL) {
+ 			(void)fprintf(stderr, "%s: lookup_device: no suitable interface found\n",
+ 						  prog);

arpwatch-scripts.patch

@@ -0,0 +1,27 @@
+--- arpwatch-2.1a15/arp2ethers.scripts	2002-01-05 20:40:48.000000000 +0100
++++ arpwatch-2.1a15/arp2ethers	2006-11-09 14:34:42.000000000 +0100
+@@ -13,7 +13,7 @@
+ #	- sort
+ #
+ 
+-sort +2rn arp.dat | \
++sort -k 2 -rn arp.dat | \
+     awk 'NF == 4 { print }' | \
+     awk -f p.awk | \
+     egrep -v '\.[0-9][0-9]*$' | \
+--- arpwatch-2.1a15/arpfetch.scripts	2006-07-28 20:10:30.000000000 +0200
++++ arpwatch-2.1a15/arpfetch	2006-11-09 14:37:05.000000000 +0100
+@@ -4,8 +4,6 @@
+ # arpfetch - collect arp data from a cisco using net-snmp
+ #
+ 
+-export PATH="/usr/local/bin:${PATH}"
+-
+ prog=`basename $0`
+ 
+ if [ $# -ne 2 ]; then
+@@ -30,4 +28,3 @@
+ 	    print ea "\t" ip
+     }'
+ 
+-rm -f ${t1}

arpwatch.rpmlintrc

@@ -1,10 +0,0 @@
-# These are not real spelling errors...
-addFilter(r' spelling-error .* en_US (arpsnmp) ')
-# The sticky bit on this directory protects root-owned files from unlinking or
-# renaming by members of the arpwatch group.
-addFilter(r' non-standard-dir-perm /var/lib/arpwatch 1775')
-# Known zero-length files
-addFilter(r' zero-length /var/lib/arpwatch/arp.dat-?')
-# This is beyond what we want to rewrite downstream, and is not necessarily a
-# serious problem.
-addFilter(r' binary-or-shlib-calls-gethostbyname ')

arpwatch.service

@@ -1,28 +1,12 @@
 [Unit]
 Description=Arpwatch daemon which keeps track of ethernet/ip address pairings
 After=syslog.target network-online.target
-Wants=network-online.target
-Documentation=man:arpwatch(8)
+Documentation=man:arpwatch
 
 [Service]
-Type=simple
+Type=forking
 PrivateTmp=yes
-EnvironmentFile=-/etc/sysconfig/arpwatch
-ExecStart=/usr/sbin/arpwatch -u arpwatch -F $OPTIONS
-Restart=on-failure
-
-ProtectProc=invisible
-CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN CAP_SETGID CAP_SETUID
-ProtectSystem=full
-ProtectHome=true
-ProtectClock=true
-ProtectKernelTunables=true
-ProtectKernelModules=true
-ProtectControlGroups=true
-RestrictSUIDSGID=true
-SystemCallFilter=@system-service
-SystemCallFilter=~@aio @chown @clock @ipc @keyring @memlock @resources
-SystemCallArchitectures=native
+ExecStart=/usr/sbin/arpwatch -u arpwatch -e root -s 'root (Arpwatch)'
 
 [Install]
 WantedBy=multi-user.target

arpwatch.spec

@@ -1,255 +1,314 @@
-%bcond autoreconf 1
-
-Name:           arpwatch
-Epoch:          14
-Version:        3.9
-Release:        %autorelease
-Summary:        Network monitoring tools for tracking IP addresses on a network
-
-# SPDX matching with BSD-3-Clause confirmed at
-# https://gitlab.com/fedora/legal/fedora-license-data/-/issues/49
-License:        BSD-3-Clause
-# Any files under different licenses are part of the build system and do not
-# contribute to the license of the binary RPM:
-#   - config.guess and config.sub are GPL-3.0-or-later
-#   - configure is FSFUL
-#   - install-sh is X11
-#   - mkdep is BSD-4.3RENO
-SourceLicense:  %{shrink:
-                %{license} AND
-                BSD-4.3RENO AND
-                FSFUL AND
-                GPL-3.0-or-later AND
-                X11
-                }
-URL:            https://ee.lbl.gov/
-
-Requires:       /usr/sbin/sendmail
-Requires:       python3
+%global _vararpwatch %{_localstatedir}/lib/arpwatch
+%global _hardened_build 1
 
+Name: arpwatch
+Epoch: 14
+Version: 2.1a15
+Release: 48%{?dist}
+Summary: Network monitoring tools for tracking IP addresses on a network
+License: BSD with advertising
+URL: http://ee.lbl.gov/
+Requires(pre): shadow-utils
+Requires(post): systemd
+Requires(preun): systemd
+Requires(postun): systemd
+Requires: /usr/sbin/sendmail
 BuildRequires:  gcc
-BuildRequires:  make
-%if %{with autoreconf}
-BuildRequires:  autoconf
-%endif
+BuildRequires: /usr/sbin/sendmail libpcap-devel perl-interpreter systemd
 
-BuildRequires:  /usr/sbin/sendmail
-BuildRequires:  systemd-rpm-macros
-%{?sysuser_requires_compat}
-BuildRequires:  python3-devel
-BuildRequires:  libpcap-devel
-
-# Note that https://ee.lbl.gov/ may not link to the latest version; the
-# directory listing at https://ee.lbl.gov/downloads/arpwatch/ shows all
-# available versions.
-Source0:        https://ee.lbl.gov/downloads/arpwatch/arpwatch-%{version}.tar.gz
-# This file comes from https://standards-oui.ieee.org/oui/oui.csv; it is used
-# to generate ethercodes.dat. Because it is unversioned (and frequently
-# updated), we store the file directly in the repository with the spec file;
-# see the update-oui-csv script.
-#
-# File oui.csv last fetched 2025-12-11T07:07:44+00:00.
-Source1:        oui.csv
-Source2:        arpwatch.service
-Source3:        arpwatch.sysconfig
-Source4:        arp2ethers.8
-Source5:        massagevendor.8
-Source6:        arpwatch.sysusers
-
-# The latest versions of all “arpwatch-3.1-*” patches were sent upstream by
-# email 2021-04-24.
-
-# Fix section numbers in man page cross-references. With minor changes, this
-# patch dates all the way back to arpwatch-2.1a4-man.patch, from RHBZ #15442.
-Patch:          arpwatch-3.1-man-references.patch
-# Add, and document, a -u argument to change to a specified unprivileged user
-# after establishing sockets. This combines and improves multiple previous
-# patches; see patch header and changelog for notes.
-Patch:          arpwatch-3.2-change-user.patch
-# Fix nonstandard sort flags in arp2ethers script.
-Patch:          arpwatch-3.1-arp2ethers-sort-invocation.patch
-# Fix stray rm (of an undefined variable) in example arpfetch script.
-Patch:          arpwatch-3.1-arpfetch-stray-rm.patch
-# Do not add /usr/local/bin or /usr/local/sbin to the PATH in any scripts
-Patch:          arpwatch-3.9-no-usr-local-path.patch
-# Do not attempt to search for local libpcap libraries lying around in the
-# parent of the build directory, or anywhere else random. This is not expected
-# to succeed anyway, but it is better to be sure.
-Patch:          arpwatch-3.1-configure-no-local-pcap.patch
-# RHBZ #244606: Correctly handle -n 0/32 to allow the user to disable reporting
-# bogons from 0.0.0.0.
-Patch:          arpwatch-3.1-all-zero-bogon.patch
-# When arpwatch is terminated cleanly by a signal (INT/TERM/HUP) handler, the
-# exit code should be zero for success instead of nonzero for failure.
-Patch:          arpwatch-3.5-exitcode.patch
-# When -i is not given, do not just try the first device found, but keep
-# checking devices until a usable one is found, if any is available.
-# Additionally, handle the case where a device provides both supported and
-# unsupported datalink types.
-Patch:          arpwatch-3.5-devlookup.patch
-
-# Replace _getshort(), “a glibc function that hasn't been declared in the
-# installed headers for many, many years,” with ns_get16(). Fixes C99
-# compatibility (https://bugzilla.redhat.com/show_bug.cgi?id=2166336). Sent
-# upstream by email 2023-02-01.
-Patch:          arpwatch-3.3-c99.patch
-
-# https://fedoraproject.org/wiki/Changes/EncourageI686LeafRemoval
-ExcludeArch:    %{ix86}
-
-%global pkgstatedir %{_sharedstatedir}/arpwatch
+Source0: ftp://ftp.ee.lbl.gov/arpwatch-%{version}.tar.gz
+Source1: arpwatch.service
+# created by:
+# wget -O- http://standards.ieee.org/regauth/oui/oui.txt | \
+# iconv -f iso8859-1 -t utf8 | massagevendor | bzip2
+Source3: ethercodes-20110707.dat.bz2
+Patch1: arpwatch-2.1a4-fhs.patch
+Patch2: arpwatch-2.1a10-man.patch
+Patch3: arpwatch-drop.patch
+Patch4: arpwatch-drop-man.patch
+Patch5: arpwatch-addr.patch
+Patch6: arpwatch-dir-man.patch
+Patch7: arpwatch-scripts.patch
+Patch8: arpwatch-2.1a15-nolocalpcap.patch
+Patch9: arpwatch-2.1a15-bogon.patch
+Patch10: arpwatch-2.1a15-extraman.patch
+Patch11: arpwatch-exitcode.patch
+Patch12: arpwatch-2.1a15-dropgroup.patch
+Patch13: arpwatch-2.1a15-devlookup.patch
+Patch14: arpwatch-2.1a15-lookupiselect.patch
+Patch16: arpwatch-201301-ethcodes.patch
+Patch17: arpwatch-pie.patch
+Patch18: arpwatch-aarch64.patch
+Patch19: arpwatch-promisc.patch
+# From arpwatch 3.1, backport the fix for the potentially-exploitable buffer
+# overflow reported in https://bugzilla.redhat.com/show_bug.cgi?id=1563939.
+Patch20: arpwatch-2.1a15-buffer-overflow-bz1563939.patch
 
 %description
-The arpwatch package contains arpwatch and arpsnmp. Arpwatch and arpsnmp are
-both network monitoring tools. Both utilities monitor Ethernet or FDDI network
-traffic and build databases of Ethernet/IP address pairs, and can report
-certain changes via email.
-
-Install the arpwatch package if you need networking monitoring devices which
-will automatically keep track of the IP addresses on your network.
+The arpwatch package contains arpwatch and arpsnmp.  Arpwatch and
+arpsnmp are both network monitoring tools.  Both utilities monitor
+Ethernet or FDDI network traffic and build databases of Ethernet/IP
+address pairs, and can report certain changes via email.
 
+Install the arpwatch package if you need networking monitoring devices
+which will automatically keep track of the IP addresses on your
+network.
 
 %prep
-%autosetup -p1
-
-# Substitute absolute paths to awk scripts in shell scripts
-sed -r -i 's|(-f *)([^[:blank:]+]\.awk)|\1%{_datadir}/arpwatch/\2|' arp2ethers
-
-# Fix default directory in man pages to match ARPDIR in build section. This was
-# formerly done by arpwatch-dir-man.patch. For thoroughness, do the same
-# replacement in update-ethercodes.sh.in and bihourly.sh, even though they are
-# not installed.
-sed -r -i 's|/usr/local/arpwatch|%{pkgstatedir}|g' *.8.in *.sh.in *.sh
-
-# Fix Python interpreter path (but note that this script is not installed)
-sed -r -i 's|/usr/local/bin/python|%{python3}|g' update-ethercodes.sh.in
-
-# Emailed upstream requesting a separate LICENSE/COPYING file 2022-07-30.
-# For now, we extract it from the main source file’s “header” comment.
-awk '/^ \* / { print substr($0, 4); } /^ \*\// { exit }' arpwatch.c |
-  tee LICENSE
-
-
-%conf
-%if %{with autoreconf}
-autoreconf --force --install --verbose
-%endif
-
-# Prior to version 3.4, this was handled by the configure script. If it is not
-# defined, the build fails because time.h is not included in report.c. This
-# regregression was reported upstream by email to arpwatch@ee.lbl.gov on
-# 2023-09-06.
-export CPPFLAGS="${CPPFLAGS-} -DTIME_WITH_SYS_TIME=1"
-
-%configure --with-sendmail=/usr/sbin/sendmail PYTHON=%{python3}
+%setup -q
 
+%patch1 -p1 -b .fhs
+%patch2 -p1 -b .arpsnmpman
+%patch3 -p1 -b .droproot
+%patch4 -p0 -b .droprootman
+%patch5 -p1 -b .mailuser
+%patch6 -p1 -b .dirman
+%patch7 -p1 -b .scripts
+%patch8 -p1 -b .nolocalpcap
+%patch9 -p1 -b .bogon
+%patch10 -p1 -b .extraman
+%patch11 -p1 -b .exitcode
+%patch12 -p1 -b .dropgroup
+%patch13 -p1 -b .devlookup
+%patch14 -p1 -b .iselect
+%patch16 -p1 -b .ethcode
+%patch17 -p1 -b .pie
+%patch18 -p1 -b .aarch64
+%patch19 -p1 -b .promisc
+%patch20 -p1 -b .overflow
 
 %build
-%make_build ARPDIR=%{pkgstatedir}
-
+%configure
+make ARPDIR=%{_vararpwatch}
 
 %install
-install -p -D -m 0644 %{SOURCE6} '%{buildroot}%{_sysusersdir}/arpwatch.conf'
 
-# The upstream Makefile does not create the directories it requires, so we must
-# do it manually. Additionally, it attempts to comment out the installation of
-# the init script on non-FreeBSD platforms, but this does not quite work as
-# intended. We just let it install the file, then remove it afterwards.
-install -d %{buildroot}%{_mandir}/man8 \
-    %{buildroot}%{_sbindir} \
-    %{buildroot}%{_datadir}/arpwatch \
-    %{buildroot}%{pkgstatedir} \
-    %{buildroot}%{_unitdir} \
-    %{buildroot}%{_prefix}/etc/rc.d
+mkdir -p $RPM_BUILD_ROOT%{_mandir}/man8
+mkdir -p $RPM_BUILD_ROOT%{_sbindir}
+mkdir -p $RPM_BUILD_ROOT%{_vararpwatch}
+mkdir -p $RPM_BUILD_ROOT%{_unitdir}
+touch $RPM_BUILD_ROOT%{_vararpwatch}/arp.dat-
+make DESTDIR=$RPM_BUILD_ROOT install install-man
 
-%make_install
+# prepare awk scripts
+perl -pi -e "s/\'/\'\\\'\'/g" *.awk
 
-# Make install uses mode 0555, which is unconventional, and which can interfere
-# with debuginfo generation since the file is not writable by its owner.
-chmod -v 0755 %{buildroot}%{_sbindir}/arpwatch %{buildroot}%{_sbindir}/arpsnmp
+# and embed them
+for i in arp2ethers massagevendor massagevendor-old; do
+	cp -f $i $RPM_BUILD_ROOT%{_sbindir}
+	for j in *.awk; do
+		sed "s/-f\ *\(\<$j\>\)/\'\1\n\' /g" \
+			< $RPM_BUILD_ROOT%{_sbindir}/$i \
+			| sed "s/$j\$//;tx;b;:x;r$j" \
+			> $RPM_BUILD_ROOT%{_sbindir}/$i.x
+		mv -f $RPM_BUILD_ROOT%{_sbindir}/$i{.x,}
+	done
+	chmod 755 $RPM_BUILD_ROOT%{_sbindir}/$i
+done
 
-install -p -t %{buildroot}%{_datadir}/arpwatch -m 0644 *.awk
-install -p -t %{buildroot}%{_sbindir} arp2ethers
-install -p massagevendor.py %{buildroot}%{_sbindir}/massagevendor
-
-install -p -t %{buildroot}%{pkgstatedir} -m 0644 *.dat
-touch %{buildroot}%{pkgstatedir}/arp.dat- \
-    %{buildroot}%{pkgstatedir}/arp.dat.new
-
-install -p -t %{buildroot}%{_unitdir} -m 0644 %{SOURCE2}
-%{python3} massagevendor.py < %{SOURCE1} \
-    > %{buildroot}%{pkgstatedir}/ethercodes.dat
-touch -r %{SOURCE1} ethercodes.dat
-
-# Add an environment/sysconfig file:
-install -d %{buildroot}%{_sysconfdir}/sysconfig
-install -p -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/arpwatch
-
-# Add extra man pages not provided upstream:
-install -p -t %{buildroot}%{_mandir}/man8 -m 0644 %{SOURCE4} %{SOURCE5}
-
-# Remove legacy init scripts:
-rm -rvf %{buildroot}%{_prefix}/etc/rc.d
-
-
-%check
-# Verify the sed script in the prep section did not miss fixing the ARPDIR
-# anywhere
-if grep -FrnI '/usr/local/arpwatch' .
-then
-  echo 'Missed fixing ARPDIR in at least one file' 1>&2
-  exit 1
-fi
-
-# Verify we did not miss any PATH alterations in
-# arpwatch-no-usr-local-path.patch.
-if grep -ErnI --exclude=mkdep --exclude='config.*' '^[^#].*/usr/local/s?bin' .
-then
-  echo 'Probably missed an uncommented PATH alteration with /usr/local' 1>&2
-  exit 1
-fi
+install -p -m644 *.dat $RPM_BUILD_ROOT%{_vararpwatch}
+install -p -m644 %{SOURCE1} $RPM_BUILD_ROOT%{_unitdir}/arpwatch.service
+install -p -m644 %{SOURCE3} $RPM_BUILD_ROOT%{_vararpwatch}/ethercodes.dat.bz2
+bzip2 -df $RPM_BUILD_ROOT%{_vararpwatch}/ethercodes.dat.bz2
 
+rm -f $RPM_BUILD_ROOT%{_sbindir}/massagevendor-old
 
 %post
 %systemd_post arpwatch.service
 
+%pre
+if ! getent group arpwatch &> /dev/null; then
+	getent group pcap 2> /dev/null | grep -q 77 &&
+		/usr/sbin/groupmod -n arpwatch pcap 2> /dev/null ||
+		/usr/sbin/groupadd -g 77 arpwatch 2> /dev/null
+fi
+if ! getent passwd arpwatch &> /dev/null; then
+	getent passwd pcap 2> /dev/null | grep -q 77 &&
+		/usr/sbin/usermod -l arpwatch -g 77 \
+			-d %{_vararpwatch} pcap 2> /dev/null ||
+		/usr/sbin/useradd -u 77 -g 77 -s /sbin/nologin \
+			-M -r -d %{_vararpwatch} arpwatch 2> /dev/null
+fi
+:
 
 %postun
 %systemd_postun_with_restart arpwatch.service
 
-
 %preun
 %systemd_preun arpwatch.service
 
-
 %files
-%license LICENSE
-%doc README
-%doc CHANGES
-%doc arpfetch
-
+%doc README CHANGES arpfetch
 %{_sbindir}/arpwatch
 %{_sbindir}/arpsnmp
-# manually-installed scripts
 %{_sbindir}/arp2ethers
 %{_sbindir}/massagevendor
-
-%dir %{_datadir}/arpwatch
-%{_datadir}/arpwatch/*.awk
-
-# make install uses mode 0444, which is unconventional
-%attr(0644,-,-) %{_mandir}/man8/*.8*
-
+%{_mandir}/man8/*.8*
 %{_unitdir}/arpwatch.service
-%{_sysusersdir}/arpwatch.conf
-%config(noreplace) %{_sysconfdir}/sysconfig/arpwatch
-
-%attr(1775,-,arpwatch) %dir %{pkgstatedir}
-%attr(0644,arpwatch,arpwatch) %verify(not md5 size mtime) %config(noreplace) %{pkgstatedir}/arp.dat
-%attr(0644,arpwatch,arpwatch) %verify(not md5 size mtime) %config(noreplace) %{pkgstatedir}/arp.dat-
-%attr(0600,arpwatch,arpwatch) %verify(not md5 size mtime) %ghost %{pkgstatedir}/arp.dat.new
-%attr(0644,-,arpwatch) %verify(not md5 size mtime) %config(noreplace) %{pkgstatedir}/ethercodes.dat
-
+%attr(1775,-,arpwatch) %dir %{_vararpwatch}
+%attr(0644,arpwatch,arpwatch) %verify(not md5 size mtime) %config(noreplace) %{_vararpwatch}/arp.dat
+%attr(0644,arpwatch,arpwatch) %verify(not md5 size mtime) %config(noreplace) %{_vararpwatch}/arp.dat-
+%attr(0600,arpwatch,arpwatch) %verify(not md5 size mtime) %ghost %{_vararpwatch}/arp.dat.new
+%attr(0644,-,arpwatch) %verify(not md5 size mtime) %config(noreplace) %{_vararpwatch}/ethercodes.dat
 
 %changelog
-%autochangelog
+* Tue Oct 27 2020 Benjamin A. Beasley <code@musicinmybrain.net> - 14:2.1a15-48
+- fix arpwatch buffer overflow (#1563939)
+
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-47
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-46
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-45
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-44
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-43
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Mon Mar  5 2018 Jan Synáček <jsynacek@redhat.com> - 14:2.1a15-42
+- make sure arpwatch starts after network devices are up (#1551431)
+
+* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-41
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-40
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-39
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Mon Feb 20 2017 Jan Synáček <jsynacek@redhat.com> - 14:2.1a15-38
+- fix FTBFS (#1423238)
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-37
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-36
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Tue Jan 26 2016 Jan Synáček <jsynacek@redhat.com> - 14:2.1a15-35
+- fix arpwatch buffer overflow (#1301880)
+- add -p option that disables promiscuous mode (#1301853)
+
+* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-34
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Fri Aug 15 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-33
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-32
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Mon Feb  3 2014 Jan Synáček <jsynacek@redhat.com> 14:2.1a15-31
+- reference documentation in the service file
+- remove redundant sysconfig-related stuff
+
+* Sun Aug  4 2013 Peter Robinson <pbrobinson@fedoraproject.org> 14:2.1a15-30
+- Fix FTBFS
+
+* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-29
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Tue Apr 23 2013 Jan Synáček <jsynacek@redhat.com> 14:2.1a15-28
+- harden the package (#954336)
+- support aarch64 (#925027)
+
+* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-27
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Thu Jan 17 2013 Ales Ledvinka <aledvink@redhat.com> - 14:2.1a15-26
+- fix permissions related to collected database
+- update ethcodes defaults to current public IEEE OUI-32
+
+* Mon Oct 15 2012 Ales Ledvinka <aledvink@redhat.com> - 14:2.1a15-25
+- fix -i with invalid interface specified (#842660)
+
+* Mon Oct 15 2012 Ales Ledvinka <aledvink@redhat.com> - 14:2.1a15-24
+- fix devlookup to start with -i interface specified (#842660)
+
+* Wed Aug 22 2012 Jan Synáček <jsynacek@redhat.com> - 14:2.1a15-23
+- Add system-rpm macros (#850032)
+
+* Tue Jul 24 2012 Jan Synáček <jsynacek@redhat.com> - 14:2.1a15-22
+- add devlookup patch: search for suitable default interface, if -i is not
+  specified (#842660)
+
+* Thu Jul 19 2012 Jan Synáček <jsynacek@redhat.com> - 14:2.1a15-21
+- make spec slightly more fedora-review-friendly
+
+* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-21
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Thu May 31 2012 Aleš Ledvinka <aledvink@redhat.com> 14:2.1a15-20
+- fix supplementary group list (#825328) (CVE-2012-2653)
+
+* Thu Jan 19 2012 Jan Synáček <jsynacek@redhat.com> 14:2.1a15-19
+- Turn on PrivateTmp=true in service file (#782477)
+
+* Thu Jan 05 2012 Jan Synáček <jsynacek@redhat.com> 14:2.1a15-18
+- Rebuilt for GCC 4.7
+
+* Fri Jul 08 2011 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-17
+- exit with zero error code (#699285)
+- change service type to forking (#699285)
+
+* Thu Jul 07 2011 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-16
+- replace SysV init script with systemd service (#699285)
+- update ethercodes.dat
+
+* Mon Mar 28 2011 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-15
+- update ethercodes.dat (#690948)
+
+* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Tue Mar 30 2010 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-13
+- update ethercodes.dat (#577552)
+- mark ethercodes.dat as noreplace
+- fix init script LSB compliance
+- include Debian arp2ethers and massagevendor man pages (#526160)
+- don't include massagevendor-old script anymore
+
+* Wed Sep 02 2009 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-12
+- update ethercodes.dat
+
+* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Mon Feb 23 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Tue Sep 16 2008 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-9
+- update ethercodes.dat (#462364)
+
+* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 14:2.1a15-8
+- Autorebuild for GCC 4.3
+
+* Wed Aug 22 2007 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-7
+- rebuild
+
+* Thu Aug 09 2007 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-6
+- improve init script (#246869)
+- allow -n 0/32 to disable reporting bogons from 0.0.0.0 (#244606)
+- update license tag
+- update ethercodes.dat
+
+* Wed Jun 13 2007 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-5
+- update ethercodes.dat
+
+* Thu May 24 2007 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-4
+- fix return codes in init script (#237781)
+
+* Mon Jan 15 2007 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-3
+- rename pcap user to arpwatch
+
+* Tue Nov 28 2006 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-2
+- split from tcpdump package (#193657)
+- update to 2.1a15
+- clean up files in /var
+- force linking with system libpcap

arpwatch.sysconfig

@@ -1,2 +0,0 @@
-# See arpwatch(8) for more information on available options.
-OPTIONS=-C

arpwatch.sysusers

@@ -1,2 +0,0 @@
-#Type Name      ID  GECOS                         Home directory     Shell
-u     arpwatch  -   "Service user for arpwatch"   /var/lib/arpwatch  /sbin/nologin

changelog

@@ -1,292 +0,0 @@
-* Fri Jul 09 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 14:3.1-14
-- generate ethercodes.dat from latest oui.csv
-
-* Mon May 03 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 14:3.1-13
-- Fix systemd sandboxing syntax in unit file
-- generate ethercodes.dat from latest oui.csv
-
-* Sat Apr 24 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 14:3.1-12
-- Fix an error in arpwatch-devlookup.patch that could cause a null pointer
-  dereference on startup. Implements the suggestion of PR#1, “Update
-  arpwatch-devlookup.patch to correctly open a named interface”.
-- generate ethercodes.dat from latest oui.csv
-
-* Tue Apr 06 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 14:3.1-11
-- Do not use %%exclude for unpackaged files (RPM 4.17 compatibility)
-- generate ethercodes.dat from latest oui.csv
-
-* Mon Mar 29 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 14:3.1-10
-- generate ethercodes.dat from latest oui.csv
-
-* Wed Mar 17 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 14:3.1-9
-- generate ethercodes.dat from latest oui.csv
-
-* Tue Mar 09 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 14:3.1-8
-- generate ethercodes.dat from latest oui.csv
-
-* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 14:3.1-7
-- Rebuilt for updated systemd-rpm-macros
-  See https://pagure.io/fesco/issue/2583.
-
-* Sun Jan 31 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 14:3.1-6
-- generate ethercodes.dat from latest oui.csv
-
-* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 14:3.1-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
-
-* Sun Jan 10 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 14:3.1-4
-- Fix changelog date
-
-* Sat Jan  9 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 14:3.1-3
-- Generate ethercodes.dat from latest oui.csv
-- Change systemd BR to systemd-rpm-macros
-- Drop Requires on systemd for scriptlets per current guidelines
-
-* Wed Dec 16 2020 Benjamin A. Beasley <code@musicinmybrain.net> - 14:3.1-2
-- Add BR on make for
-  https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot
-- generate ethercodes.dat from latest oui.csv
-
-* Wed Nov 11 2020 Benjamin A. Beasley <code@musicinmybrain.net> - 14:3.1-1
-- new upstream version 3.1
-- generate ethercodes.dat from latest oui.csv
-- improve systemd unit file, including hardening
-- add sysconfig (environment) file
-- drop arpwatch-2.1a4-fhs.patch: version 3.1 no longer attempts to set
-  user/group for installed binaries, and permissions for binaries and man pages
-  are now adjusted in the files section of the spec file
-- rebase arpwatch-2.1a10-man.patch against version 3.1 as
-  arpwatch-man-references.patch, fixing some additional cross-references
-- rebase against version 3.1 and combine arpwatch-drop.patch, which provided
-  -u; arpwatch-drop-man.patch, which documented it; and
-  arpwatch-2.1a15-dropgroup.patch, which fixed CVE-2012-2653 (RHBZ #825328) in
-  the original arpwatch-drop.patch, into a single combined
-  arpwatch-change-user.patch; remove an unnecessary and unchecked strdup() in
-  the original patch that could have theoretically led to a null pointer
-  dereference
-- drop arpwatch-addr.patch; the -e and -s arguments are now present in upstream
-  version 3.1 as -w and -W, respectively
-- replace arpwatch-dir-man.patch with a sed invocation
-- replace arpwatch-2.1a15-extraman.patch with additional source files
-  arp2ethers.8 and massagevendor.8; reformat the contents to match the upstream
-  arpwatch.8 and arpsnmp.8 man pages; remove references to Debian; and rewrite
-  massagevendor.8 to match the new Python-based massagevendor script
-- split arpwatch-scripts.patch into arpwatch-arp2ethers-sort-invocation.patch,
-  arpwatch-arpfetch-stray-rm.patch, and arpwatch-no-usr-local-path.patch,
-  removing some additional PATH alterations in the last
-- rebase arpwatch-2.1a15-nolocalpcap.patch against the version 3.1 configure script
-  and rename it as arpwatch-configure-no-local-pcap.patch
-- rebase arpwatch-2.1a15-bogon.patch against version 3.1 and rename it as
-  arpwatch-all-zero-bogon.patch
-- rebase arpwatch-exitcode.patch against version 3.1
-- rewrite, combine, and simplify arpwatch-2.1a15-devlookup.patch and
-  arpwatch-2.1a15-lookupiselect.patch, which fixed RHBZ #842660, as
-  arpwatch-devlookup.patch; upstream version 3.1 will now try the first
-  interface when -i is not given, but we still need a patch to search for
-  another usable interface if the first one is not usable; additionally, the
-  patch now handles the case where a device provides both supported and
-  unsupported datalink types.
-- drop arpwatch-201301-ethcodes.patch; upstream no longer distributes
-  ethercodes.dat anyway, and we are generating it from oui.csv
-- drop arpwatch-pie.patch; we are passing in hardened CFLAGS/LDFLAGS the normal
-  way
-- drop arpwatch-aarch64.patch, as upstream now has a more up-to-date
-  config.guess
-- drop arpwatch-promisc.patch; the -p flag is now upstream
-- drop arpwatch-2.1a15-buffer-overflow-bz1563939.patch, which was a backport
-  from this version
-
-* Sat Oct 31 2020 Benjamin A. Beasley <code@musicinmybrain.net> - 14:2.1a15-52
-- add rpmlintrc file to suppress expected rpmlint errors
-
-* Sat Oct 31 2020 Benjamin A. Beasley <code@musicinmybrain.net> - 14:2.1a15-51
-- touch ghost file arp.dat.new (ghost files should exist in the buildroot)
-
-* Sat Oct 31 2020 Benjamin A. Beasley <code@musicinmybrain.net> - 14:2.1a15-50
-- use autosetup macro to apply patches
-
-* Fri Oct 30 2020 Benjamin A. Beasley <code@musicinmybrain.net> - 14:2.1a15-49
-- drop explicit _hardened_build macro (default in all current Fedora releases)
-- replace _vararpwatch macro with pkgstatedir, and define in terms of
-  _sharedstatedir instead of _localstatedir
-- use buildroot macro instead of RPM_BUILD_ROOT variable
-- use package name macro more widely
-- create macros for unprivileged service user and group names
-- adjust whitespace throughout the spec file
-- update URLs
-- remove unnecessary BR on systemd
-- use make_build and make_install macros; as a consequence, we now preserve
-  timestamps when installing files (install -p)
-- since we do not package the massagevendor-old script, do not prep it with the
-  others
-- instead of embedding awk scripts in the shell scripts that use them, install
-  the awk scripts and use their absolute paths in the shell scripts; drop BR on
-  perl, which was used to quote the awk scripts
-- tidy up manual install steps
-- remove user/group renaming code from pre-install script, and replace it with
-  the suggested implementation for soft static allocation from
-  https://fedoraproject.org/wiki/Packaging:UsersAndGroups;
-  the pcap user and group were renamed to arpwatch in 2007
-  (https://src.fedoraproject.org/rpms/arpwatch/c/f1b7b51), and we have no need
-  to handle such ancient installations anymore
-
-* Tue Oct 27 2020 Benjamin A. Beasley <code@musicinmybrain.net> - 14:2.1a15-48
-- fix arpwatch buffer overflow (#1563939)
-
-* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-47
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-46
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-45
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-44
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-43
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Mon Mar  5 2018 Jan Synáček <jsynacek@redhat.com> - 14:2.1a15-42
-- make sure arpwatch starts after network devices are up (#1551431)
-
-* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-41
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-
-* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-40
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
-
-* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-39
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
-
-* Mon Feb 20 2017 Jan Synáček <jsynacek@redhat.com> - 14:2.1a15-38
-- fix FTBFS (#1423238)
-
-* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-37
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
-
-* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-36
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
-
-* Tue Jan 26 2016 Jan Synáček <jsynacek@redhat.com> - 14:2.1a15-35
-- fix arpwatch buffer overflow (#1301880)
-- add -p option that disables promiscuous mode (#1301853)
-
-* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-34
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
-
-* Fri Aug 15 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-33
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
-
-* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-32
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
-
-* Mon Feb  3 2014 Jan Synáček <jsynacek@redhat.com> 14:2.1a15-31
-- reference documentation in the service file
-- remove redundant sysconfig-related stuff
-
-* Sun Aug  4 2013 Peter Robinson <pbrobinson@fedoraproject.org> 14:2.1a15-30
-- Fix FTBFS
-
-* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-29
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
-
-* Tue Apr 23 2013 Jan Synáček <jsynacek@redhat.com> 14:2.1a15-28
-- harden the package (#954336)
-- support aarch64 (#925027)
-
-* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-27
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
-
-* Thu Jan 17 2013 Ales Ledvinka <aledvink@redhat.com> - 14:2.1a15-26
-- fix permissions related to collected database
-- update ethcodes defaults to current public IEEE OUI-32
-
-* Mon Oct 15 2012 Ales Ledvinka <aledvink@redhat.com> - 14:2.1a15-25
-- fix -i with invalid interface specified (#842660)
-
-* Mon Oct 15 2012 Ales Ledvinka <aledvink@redhat.com> - 14:2.1a15-24
-- fix devlookup to start with -i interface specified (#842660)
-
-* Wed Aug 22 2012 Jan Synáček <jsynacek@redhat.com> - 14:2.1a15-23
-- Add system-rpm macros (#850032)
-
-* Tue Jul 24 2012 Jan Synáček <jsynacek@redhat.com> - 14:2.1a15-22
-- add devlookup patch: search for suitable default interface, if -i is not
-  specified (#842660)
-
-* Thu Jul 19 2012 Jan Synáček <jsynacek@redhat.com> - 14:2.1a15-21
-- make spec slightly more fedora-review-friendly
-
-* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-21
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
-
-* Thu May 31 2012 Aleš Ledvinka <aledvink@redhat.com> 14:2.1a15-20
-- fix supplementary group list (#825328) (CVE-2012-2653)
-
-* Thu Jan 19 2012 Jan Synáček <jsynacek@redhat.com> 14:2.1a15-19
-- Turn on PrivateTmp=true in service file (#782477)
-
-* Thu Jan 05 2012 Jan Synáček <jsynacek@redhat.com> 14:2.1a15-18
-- Rebuilt for GCC 4.7
-
-* Fri Jul 08 2011 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-17
-- exit with zero error code (#699285)
-- change service type to forking (#699285)
-
-* Thu Jul 07 2011 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-16
-- replace SysV init script with systemd service (#699285)
-- update ethercodes.dat
-
-* Mon Mar 28 2011 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-15
-- update ethercodes.dat (#690948)
-
-* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-14
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
-
-* Tue Mar 30 2010 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-13
-- update ethercodes.dat (#577552)
-- mark ethercodes.dat as noreplace
-- fix init script LSB compliance
-- include Debian arp2ethers and massagevendor man pages (#526160)
-- don't include massagevendor-old script anymore
-
-* Wed Sep 02 2009 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-12
-- update ethercodes.dat
-
-* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-11
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
-
-* Mon Feb 23 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-10
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
-
-* Tue Sep 16 2008 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-9
-- update ethercodes.dat (#462364)
-
-* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 14:2.1a15-8
-- Autorebuild for GCC 4.3
-
-* Wed Aug 22 2007 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-7
-- rebuild
-
-* Thu Aug 09 2007 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-6
-- improve init script (#246869)
-- allow -n 0/32 to disable reporting bogons from 0.0.0.0 (#244606)
-- update license tag
-- update ethercodes.dat
-
-* Wed Jun 13 2007 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-5
-- update ethercodes.dat
-
-* Thu May 24 2007 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-4
-- fix return codes in init script (#237781)
-
-* Mon Jan 15 2007 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-3
-- rename pcap user to arpwatch
-
-* Tue Nov 28 2006 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-2
-- split from tcpdump package (#193657)
-- update to 2.1a15
-- clean up files in /var
-- force linking with system libpcap

massagevendor.8

@@ -1,94 +0,0 @@
-.Dd 8 November 2020
-.Dt MASSAGEVENDOR 8
-.Sh NAME
-.Nm massagevendor
-.Nd convert the ethernet vendor codes master list to arpwatch format
-.Sh SYNOPSIS
-.Nm
-.Op Fl CdhvZ
-.Op Fl -vendor
-.Op Ar csv
-.Sh DESCRIPTION
-.Nm
-is a program that converts a text file containing ethernet vendor codes into a
-format suitable for use by
-.Xr arpwatch 8
-and
-.Xr arpsnmp 8 .
-The input
-.Ar csv
-is a master CSV (comma-separated-value) file containing vendor codes.
-The output is sent to
-.Ar stdout .
-.Pp
-All ethernet devices have a unique identifier which includes a vendor code
-specifying the manufacturer of the device.
-In normal operation
-.Xr arpwatch 8
-and
-.Xr arpsnmp 8
-use the file
-.Ar ethercodes.dat
-to report this vendor code.
-.Nm
-is used to generate the
-.Ar ethercodes.dat
-file from CSV files containing these vendor codes.
-.Pp
-Locations where an ethernet vendor codes master text file can be obtained are
-given below.
-.Pp
-The
-.Fl C
-flag (default) uses compact padded ethernet addresses in
-.Ar ethercodes.dat ,
-e.g. 0:8:e1:1:2:d6; this is the default.
-.Pp
-The
-.Fl d
-flag is used to enable debugging.
-.Pp
-The
-.Fl v
-flag is used to enable verbose messages.
-.Pp
-The
-.Fl Z
-flag uses zero padded ethernet addresses in
-.Ar ethercodes.dat ,
-e.g. 00:08:e1:01:02:d6.
-.Pp
-The
-.Fl h
-flag shows a help message and exits.
-.Pp
-The
-.Fl -version
-option shows the program version number and exits.
-.Sh FILES
-.Bl -tag -width ".Pa /var/lib/arpwatch" -compact
-.It Pa /var/lib/arpwatch
-default location of the ethernet vendor list
-.It Pa ethercodes.dat
-file containing the list of ethernet vendor codes
-.Sh "SEE ALSO"
-.Xr arpwatch 8 ,
-.Xr arpsnmp 8
-.Sh NOTES
-The ethernet vendor codes as assigned by the IEEE can be found at:
-.Pp
-.Dl Ar https://standards-oui.ieee.org/oui/oui.csv
-.Sh AUTHORS
-.An Craig Leres
-of the Lawrence Berkeley National Laboratory Network Research Group,
-University of California, Berkeley, CA.
-.Pp
-The current version is available via anonymous ftp:
-.Pp
-.Dl Ar ftp://ftp.ee.lbl.gov/arpwatch.tar.gz
-.Pp
-This manual page was contributed by Hugo Graumann and updated by Benjamin
-Beasley.
-.Sh BUGS
-Please send bug reports to
-.Aq arpwatch@ee.lbl.gov .

sources

@@ -1 +1,2 @@
-SHA512 (arpwatch-3.9.tar.gz) = b6fdda79caf6c79d78d629b28987d381981d8ac9150dd95c44ba0ed634d905446a8b64d73cdacca89d42a77965e0710d0a60184010440fed19168dae4e3dd4bd
+cebfeb99c4a7c2a6cee2564770415fe7  arpwatch-2.1a15.tar.gz
+01f3c7d622269404b08696f3c4a5737e  ethercodes-20110707.dat.bz2

update-oui-csv

@@ -1,41 +0,0 @@
-#!/bin/sh
-set -o errexit
-set -o nounset
-
-URL='https://standards-oui.ieee.org/oui/oui.csv'
-DATA='oui.csv'
-SPEC='arpwatch.spec'
-
-cd "$(dirname "$0")"
-
-echo "==> Fetching ${URL}..." 1>&2
-newfile="$(mktemp out.csv.XXXXXXXXXX)"
-# shellcheck disable=SC2064
-trap "rm -f '${newfile}'" INT TERM EXIT
-chmod 0644 "${newfile}"
-curl --output "${newfile}" "${URL}"
-
-echo '==> Comparing data...' 1>&2
-newhash="$(sha256sum < "${newfile}")"
-oldhash="$(sha256sum < "${DATA}")"
-if [ "${newhash}" = "${oldhash}" ]
-then
-  echo '==> Local file is up to date' 1>&2
-  exit 0
-fi
-
-env TZ=UTC stat --format='Old file %s bytes, modified %y' "${DATA}"
-env TZ=UTC stat --format='New file %s bytes, modified %y' "${newfile}"
-mv "${newfile}" "${DATA}"
-
-ISOMTIME="$(
-  env TZ=UTC date --iso-8601=seconds --date="$(stat --format='@%Y' "${DATA}")"
-)"
-sed -r -i 's/(oui\.csv last fetched )[^[:blank:]]+\./\1'"${ISOMTIME}./" "${SPEC}"
-
-echo "==> Updated ${DATA}" 1>&2
-
-git add "${DATA}"
-fedpkg commit -m 'Generate ethercodes.dat from latest oui.csv'
-
-# vim: set tw=78 ts=2 sw=2 sts=2 et ai cin nojs :