Sync from SUSE:SLFO:Main arpwatch revision 450750ad69a798560f02c581780dc3c6

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

0001-Ignore-802.1Q-frames.patch

@@ -0,0 +1,48 @@
+From 5d852d6f81d4022d500ccfea3e9b84a1d3b07dd0 Mon Sep 17 00:00:00 2001
+From: Rob Leslie <rob@mars.org>
+Date: Sun, 10 Jun 2012 12:35:02 -0700
+Subject: [PATCH] Ignore 802.1Q frames
+
+Due to the way Linux packet filtering works, the pcap library will
+return ARP/RARP packets belonging to other VLANs when listening on the
+corresponding physical interface. This confuses arpwatch as it is not
+expecting such packets; the symptom is many "... sent bad hardware
+format ..." syslog messages.
+
+Since VLAN packets can be accessed via another interface and a separate
+arpwatch instance could be run there (if desired), we simply ignore all
+802.1Q frames.
+---
+ arpwatch.c |   12 ++++++++++++
+ 1 files changed, 12 insertions(+), 0 deletions(-)
+
+Index: arpwatch-3.1/arpwatch.c
+===================================================================
+--- arpwatch-3.1.orig/arpwatch.c
++++ arpwatch-3.1/arpwatch.c
+@@ -109,6 +109,10 @@ struct rtentry;
+ #define ETHERTYPE_APOLLO	0x8019
+ #endif
+ 
++#ifndef ETHERTYPE_VLAN
++#define	ETHERTYPE_VLAN		0x8100
++#endif
++
+ #ifndef IN_CLASSD_NET
+ #define IN_CLASSD_NET		0xf0000000
+ #endif
+@@ -619,6 +623,14 @@ sanity_ether(struct ether_header *eh, st
+ 		return(0);
+ 	}
+ 
++	/* ignore 802.1Q (VLAN) frames */
++	if (eh->ether_type == ETHERTYPE_VLAN) {
++		if (debug)
++			syslog(LOG_INFO, "ignoring 802.1Q frame from %s\n",
++			    e2str(shost));
++		return(0);
++	}
++
+ 	/* XXX sysv r4 seems to use hardware format 6 */
+ 	if (ea->arp_hrd != ARPHRD_ETHER && ea->arp_hrd != 6) {
+ 		lg(LOG_ERR, "%s sent bad hardware format 0x%x\n",

arp2ethers.patch

@@ -0,0 +1,62 @@
+Index: arpwatch-3.1/arp2ethers
+===================================================================
+--- arpwatch-3.1.orig/arp2ethers
++++ arpwatch-3.1/arp2ethers
+@@ -13,11 +13,50 @@
+ #	- sort
+ #
+ 
+-sort +2rn arp.dat |
++sort -k 2 -rn arp.dat | \
+     awk 'NF == 4 { print }' |
+-    awk -f p.awk |
+-    egrep -v '\.[0-9][0-9]*$' |
+-    sed -e 's/	.*	/	/' |
+-    awk -f d.awk |
+-    awk -f e.awk |
+-    sort
++    awk '
++{
++	e = $1
++	if (seen[e])
++		next
++	seen[e] = 1
++	print
++}' | egrep -v '\.[0-9][0-9]*$' | \
++     sed -e 's/	.*	/	/' | \
++    awk '
++BEGIN {
++	n = 0
++	sdecnet = "aa:0:4:"
++	ldecnet = length(sdecnet)
++}
++
++{
++	++n
++	e[n] = $1
++	h[n] = $2
++	if (sdecnet == substr($1, 1, ldecnet))
++		decnet[$2] = 1
++}
++
++END {
++	for (i = 1; i <= n; ++i) {
++		if (decnet[h[i]] && sdecnet != substr(e[i], 1, ldecnet))
++			h[i] = h[i] "-ip"
++		print e[i] "\t" h[i]
++	}
++}' | awk '
++{
++	if (!seen[$2]) {
++		seen[$2] = 1
++		print
++		next
++	}
++	h = $2 "-old"
++	s = h
++	for (n = 1; seen[h]; ++n)
++		h = s n
++	seen[h] = 1
++	print $1 "\t" h
++	next
++}' | sort

arpwatch-2.1a11-chrootbuild.diff

@@ -0,0 +1,20 @@
+Index: arpwatch-3.1/Makefile.in
+===================================================================
+--- arpwatch-3.1.orig/Makefile.in
++++ arpwatch-3.1/Makefile.in
+@@ -127,11 +127,14 @@ version.c: $(srcdir)/VERSION
+ install: $(ALL)
+ 	$(INSTALL) -v -m 555 $(PROG) $(DESTDIR)$(BINDEST)
+ 	$(INSTALL) -v -m 555 arpsnmp $(DESTDIR)$(BINDEST)
++	$(INSTALL) -d -m 755 $(DESTDIR)/var/lib/arpwatch
++	$(INSTALL) -d -m 755 $(DESTDIR)/usr/share/arpwatch
++	#$(INSTALL) -m 444 ethercodes.dat $(DESTDIR)/usr/share/arpwatch
+ 	@diff $(srcdir)/$(PROG).8 $(DESTDIR)$(MANDEST)/man8 >/dev/null 2>&1 || \
+ 	    $(INSTALL) -v -m 444 $(srcdir)/$(PROG).8 $(DESTDIR)$(MANDEST)/man8
+ 	@diff $(srcdir)/arpsnmp.8 $(DESTDIR)$(MANDEST)/man8 >/dev/null 2>&1 || \
+ 	    $(INSTALL) -v -m 444 $(srcdir)/arpsnmp.8 $(DESTDIR)$(MANDEST)/man8
+-@HAVE_FREEBSD_TRUE@	@$(INSTALL) -v -m 555 arpwatch.sh $(DESTDIR)$(prefix)/etc/rc.d/arpwatch
++#@HAVE_FREEBSD_TRUE@	@$(INSTALL) -v -m 555 arpwatch.sh $(DESTDIR)$(prefix)/etc/rc.d/arpwatch
+ 
+ clean:
+ 	rm -f $(CLEANFILES)

arpwatch-2.1a11-drop-privs-manpage.dif

@@ -0,0 +1,24 @@
+Index: arpwatch-3.1/arpwatch.8.in
+===================================================================
+--- arpwatch-3.1.orig/arpwatch.8.in
++++ arpwatch-3.1/arpwatch.8.in
+@@ -43,6 +43,7 @@
+ .Op Fl n Ar net[/width]
+ .Op Fl x Ar net[/width]
+ .Op Fl r Ar file
++.Op Fl u Ar username
+ .Sh DESCRIPTION
+ .Nm
+ keeps track of ethernet/ip address pairings. It syslogs activity
+@@ -161,6 +162,11 @@ flag@MANZFLAG@ uses zero padded ethernet
+ .Ar arp.dat ,
+ e.g. 00:08:e1:01:02:d6.
+ .Pp
++The
++.Fl u
++flag allows to drop root privileges and change to the user ID 
++and group ID to that of the primary group of username.
++.Pp
+ .Sh "REPORT MESSAGES"
+ Here's a quick list of the report messages generated by
+ .Xr arpwatch 1

arpwatch-2.1a11-drop-privs.dif

@@ -0,0 +1,206 @@
+Index: arpwatch-3.1/arpwatch.c
+===================================================================
+--- arpwatch-3.1.orig/arpwatch.c
++++ arpwatch-3.1/arpwatch.c
+@@ -71,6 +71,8 @@ struct rtentry;
+ #include <string.h>
+ #include <syslog.h>
+ #include <unistd.h>
++#include <pwd.h>
++#include <grp.h>
+ 
+ #include <pcap.h>
+ 
+@@ -170,6 +172,66 @@ int	sanity_fddi(struct fddi_header *, st
+ int	toskip(u_int32_t);
+ void	usage(void) __attribute__((noreturn));
+ 
++void dropprivileges(const char* user)
++{
++	struct passwd* pw;
++	pw = getpwnam( user );
++	if ( pw ) {
++		char *arpfiledir;
++		char *lastslash;
++
++		arpfiledir = malloc(strlen(arpfile)+1);
++		if(arpfiledir == NULL) {
++			syslog(LOG_ERR, "Fatal: malloc().");
++			exit(1);
++		}
++		strcpy(arpfiledir, arpfile);
++		lastslash = strrchr(arpfiledir, '/');
++		if(lastslash == NULL) {
++			syslog(LOG_ERR, "Fatal: cannot determine directory of %s", arpfile);
++			exit(1);
++		}
++		lastslash[0]='\0';
++
++		if (!safe_base_path(arpfiledir)) {
++			syslog(LOG_ERR, "Fatal: directory structure %s not safe, can't operate here. Please make root owner of underlying directories and remove write access for other", arpfiledir);
++			exit(1);
++		}
++
++		// ensure we have a safe place to operate
++		if (lchown( arpfiledir, 0, 0) != 0 ) {
++			syslog(LOG_ERR, "Fatal: could not chown %s to root).", arpfiledir);
++			exit(1);
++		}
++		// change permissions of the file if it exists
++		if (!access(arpfile, F_OK) && lchown ( arpfile, pw->pw_uid, -1) != 0) {
++			syslog(LOG_ERR, "Fatal: could not chown %s to %d).", arpfile, pw->pw_uid);
++			exit(1);
++		}
++		/* files arp.dat.eth0- and arp.dat.eth0.new that are created
++			as backup/lastversion and for temporary storage are
++			deleted before created again, therefor the users needs
++			to control this directory . */
++		if ( lchown ( arpfiledir, pw->pw_uid, -1) != 0 ) {
++			syslog(LOG_ERR, "Fatal: could not chown %s to %d).",
++				arpfiledir, pw->pw_uid);
++			exit(1);
++		}
++		free(arpfiledir);
++		if ( initgroups(pw->pw_name, pw->pw_gid) != 0 || setgid(pw->pw_gid) != 0 ||
++				 setuid(pw->pw_uid) != 0 ) {
++			syslog(LOG_ERR, "Fatal: Couldn't change to user/group '%.32s' uid=%d gid=%d", user,
++						 pw->pw_uid, pw->pw_gid);
++			exit(1);
++		}
++	}
++	else {
++		syslog(LOG_ERR, "No such user: '%.32s'", user);
++		exit(1);
++	}
++	syslog(LOG_DEBUG, "arpwatch running as uid=%d gid=%d", getuid(), getgid());
++}
++
+ int
+ main(int argc, char **argv)
+ {
+@@ -181,6 +243,7 @@ main(int argc, char **argv)
+ 	char *interface, *rfilename;
+ 	struct bpf_program code;
+ 	char errbuf[PCAP_ERRBUF_SIZE];
++	char *serveruser = NULL;
+ 
+ 	if (argv[0] == NULL)
+ 		prog = "arpwatch";
+@@ -198,7 +261,7 @@ main(int argc, char **argv)
+ 	interface = NULL;
+ 	rfilename = NULL;
+ 	pd = NULL;
+-	while ((op = getopt(argc, argv, "CdD:Ff:i:n:NpP:qr:svw:W:x:zZ")) != EOF)
++	while ((op = getopt(argc, argv, "CdD:Ff:i:n:NpP:qr:svw:W:x:zZu:")) != EOF)
+ 		switch (op) {
+ 
+ 		case 'C':
+@@ -283,6 +346,16 @@ main(int argc, char **argv)
+ 			zeropad = 1;
+ 			break;
+ 
++		case 'u':
++			if ( optarg ) {
++				serveruser = strdup(optarg);
++			}
++			else {
++				fprintf(stderr, "%s: Need username after -u\n", prog);
++				usage();
++			}
++			break;
++
+ 		default:
+ 			usage();
+ 		}
+@@ -383,8 +456,9 @@ main(int argc, char **argv)
+ 	 * Revert to non-privileged user after opening sockets
+ 	 * (not needed on most systems).
+ 	 */
+-	setgid(getgid());
+-	setuid(getuid());
++	if ( serveruser ) {
++		dropprivileges( serveruser );
++	}
+ 
+ 	/* Must be ethernet or fddi */
+ 	linktype = pcap_datalink(pd);
+@@ -933,6 +1007,6 @@ usage(void)
+ 	    "usage: %s [-CdFNpqsvzZ] [-D arpdir] [-f datafile]"
+ 	    " [-i interface]\n\t"
+ 	    " [-P pidfile] [-w watcher@email] [-W watchee@email]\n\t"
+-	    " [-n net[/width]] [-x net[/width]] [-r file]\n", prog);
++	    " [-n net[/width]] [-x net[/width]] [-r file] [-u username]\n", prog);
+ 	exit(1);
+ }
+Index: arpwatch-3.1/util.c
+===================================================================
+--- arpwatch-3.1.orig/util.c
++++ arpwatch-3.1/util.c
+@@ -36,6 +36,7 @@ static const char rcsid[] =
+ 
+ #include <sys/types.h>
+ #include <sys/file.h>
++#include <sys/stat.h>
+ 
+ #include <errno.h>
+ #include <fcntl.h>
+@@ -212,3 +213,47 @@ savestr(const char *str)
+ 	strsize -= i;
+ 	return (cp);
+ }
++
++int safe_base_path(char *arpfiledir) {
++	// check directories below arpfiledir for safe ownwership/permissions
++	char *path_component;
++	char *lastslash = NULL;
++	int safe_path = 1;
++
++	if (!arpfiledir) {
++		syslog(LOG_ERR, "Fatal: safe_base_path invalid invocation.");
++		exit(1);
++	}
++
++	path_component = malloc(strlen(arpfiledir)+1);
++	if(path_component == NULL) {
++		syslog(LOG_ERR, "Fatal: malloc().");
++		exit(1);
++	}
++	strcpy(path_component, arpfiledir);
++
++	while ((lastslash = strrchr(path_component, '/'))) {
++		struct stat stats;
++
++		lastslash[0]='\0';
++		if ( lstat(path_component, &stats) ) {
++			/* on the last iteration the string will be empty and this fails,
++			   which is okay, if / is unsafe all is lost anyway and we can
++			   skip the check. Otherwise fail safe if lstat doesn't work */
++			if (strlen(path_component))
++				safe_path = 0;
++		} else {
++			if ( stats.st_uid != 0 ||
++			     stats.st_gid != 0 ||
++			     stats.st_mode & S_IWOTH
++			   ) {
++				 /* this is not a safe path to operate on with privileges because
++				    it isn't owned by root:root or others can write there */
++				safe_path = 0;
++			}
++		}
++	}
++
++	free(path_component);
++	return safe_path;
++}
+Index: arpwatch-3.1/util.h
+===================================================================
+--- arpwatch-3.1.orig/util.h
++++ arpwatch-3.1/util.h
+@@ -8,6 +8,7 @@ char	*intoa(u_int32_t);
+ void	lg(int, const char *, ...) __attribute__ ((format (printf, 2, 3)));
+ int	readdata(void);
+ char	*savestr(const char *);
++int safe_base_path(char *);
+ 
+ extern char *arpdir;
+ extern char *arpfile;

arpwatch-3.4-include-time.patch

@@ -0,0 +1,14 @@
+Index: arpwatch-3.4/report.c
+===================================================================
+--- arpwatch-3.4.orig/report.c
++++ arpwatch-3.4/report.c
+@@ -59,9 +59,7 @@ struct rtentry;
+ #include <stdlib.h>
+ #include <string.h>
+ #include <syslog.h>
+-#ifdef TIME_WITH_SYS_TIME
+ #include <time.h>
+-#endif
+ #include <unistd.h>
+ 
+ #include "gnuc.h"

arpwatch-exit.patch

@@ -0,0 +1,13 @@
+Index: arpwatch-3.5/arpwatch.c
+===================================================================
+--- arpwatch-3.5.orig/arpwatch.c
++++ arpwatch-3.5/arpwatch.c
+@@ -1012,7 +1012,7 @@ die(int signo)
+ {
+ 	lg(LOG_DEBUG, "exiting");
+ 	checkpoint(0);
+-	exit(1);
++	exit(0);
+ }
+ 
+ void

arpwatch-gcc14.patch

@@ -0,0 +1,13 @@
+Index: arpwatch-3.6/dns.c
+===================================================================
+--- arpwatch-3.6.orig/dns.c
++++ arpwatch-3.6/dns.c
+@@ -78,6 +78,8 @@ typedef union {
+ } querybuf;
+ #endif
+ 
++extern unsigned short _getshort(unsigned char*);
++
+ int
+ gethinfo(char *hostname, char *cpu, int cpulen, char *os, int oslen)
+ {

arpwatch-no-source-zero.dif

@@ -0,0 +1,19 @@
+--- a/arpwatch.c
++++ b/arpwatch.c
+@@ -481,6 +481,16 @@ process_ether(u_char *u, const struct pc
+ 	if (toskip(sia))
+ 		return;
+ 
++	/* dhcp broadcasts source from 0.0.0.0 - ignore */
++	if (sia == 0) {
++		static u_char old_sea[6];
++		if (memcmp(old_sea, sea, 6)) {
++			dosyslog(LOG_INFO, "0-source", sia, sea, sha);
++			memcpy(old_sea, sea, 6);
++		}
++		return;
++	}
++
+ 	/* Watch for bogons */
+ 	if (isbogon(sia)) {
+ 		if (!quiet)

arpwatch.ETHERCODES.patch

@@ -0,0 +1,23 @@
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -55,7 +55,7 @@ ALL = $(PROG) arpsnmp
+ CC = @CC@
+ CCOPT = @V_CCOPT@
+ INCLS = -I. @V_INCLS@
+-DEFS = @DEFS@ -DARPDIR=\"$(ARPDIR)\" -DPATH_SENDMAIL=\"$(SENDMAIL)\"
++DEFS = @DEFS@ -DARPDIR=\"$(ARPDIR)\" -DPATH_SENDMAIL=\"$(SENDMAIL)\" -DETHERCODES=\"$(ETHERCODES)\"
+ 
+ # Standard CFLAGS
+ CFLAGS = @CFLAGS@ @CPPFLAGS@ $(CCOPT) $(DEFS) $(INCLS)
+--- a/arpwatch.h
++++ b/arpwatch.h
+@@ -1,7 +1,9 @@
+ /* @(#) $Id: arpwatch.h 1197 2012-11-03 00:35:36Z leres $ (LBL) */
+ 
+ #define ARPFILE "arp.dat"
++#ifndef ETHERCODES
+ #define ETHERCODES "ethercodes.dat"
++#endif
+ #define CHECKPOINT (15*60)		/* Checkpoint time in seconds */
+ 
+ #ifdef ETHER_HEADER_HAS_EA

arpwatch.changes

@@ -0,0 +1,409 @@
+-------------------------------------------------------------------
+Thu Jul 25 15:14:28 UTC 2024 - Marcus Meissner <meissner@suse.com>
+
+- arpwatch-gcc14.patch: fixed gcc14 issue
+
+-------------------------------------------------------------------
+Mon Jan 22 16:25:51 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- update to 3.6:
+  * Fix bug that prevented checkpoint() from being called until
+    after receiving a new arp/rarp packet
+  * Remove unconditional FreeBSD configure mandir hack
+
+-------------------------------------------------------------------
+Sat Jan  6 11:38:48 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- update to 3.5:
+  * Make SIGHUP checkpoint arp.dat
+  * Fix bug that prevented checkpoint() from being called until
+    after receiving a new arp/rarp packet
+
+-------------------------------------------------------------------
+Sun Oct 15 18:42:22 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- update to 3.4:
+  * build system maintenance (upgrade to autoconf 2.71)
+  * add arpwatch-3.4-include-time.patch to fix build broken by it
+
+-------------------------------------------------------------------
+Tue Dec  6 12:34:56 UTC 2022 - olaf@aepfle.de
+
+- Enable loading of ethercodes.dat with arpwatch.ETHERCODES.patch
+- Log useless 0-source only once for each MAC
+
+-------------------------------------------------------------------
+Wed Apr 27 11:06:26 UTC 2022 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Update to version 3.3:
+  + Fix direction of memmove() in sanity_fddi().
+
+-------------------------------------------------------------------
+Mon Mar 21 07:52:56 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 3.2:
+  - Change update-ethercodes to not clobber ethercodes.dat on failure.
+  - Add a configure option to specify the path to sendmail
+- use https, its 2022 after all
+
+-------------------------------------------------------------------
+Mon Jan 10 16:16:16 UTC 2022 - olaf@aepfle.de
+
+- remove instance units from post scripts, they can not be reloaded
+
+-------------------------------------------------------------------
+Fri Sep  3 13:31:51 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Remove accidentially checked in manpage (arpwatch.8) 
+
+-------------------------------------------------------------------
+Fri Sep  3 07:37:27 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 3.1 (bsc#1185939) 
+  * Dropped 
+    + arpwatch-2.1a11-emailaddr.dif, this is now supported upstream.
+      Incompatible change: Flags change from -e and -s to -w and -W
+    + arpwatch-2.1a11-hname-overflow.dif: included upstream
+    + arpwatch-2.1a11-tokenring.diff: Dropped token ring support
+    + arpwatch-2.1a15-massagevendor.patch: new python version
+      is available
+    + arpwatch-MAC.patch: Fix is upstream
+    + getnameinfo.patch
+  * Refreshed
+    + 0001-Ignore-802.1Q-frames.patch
+    + arp2ethers.patch
+  * Notable upstream changes:
+    + Add python 2 compatibility to massagevendor (for pfsense <= 2.4.4).
+    + Add -Z (zero pad) and -C (compact) flags to arpwatch and arpsnmp to allow
+      run time selection of zero padded or compact ethernet addresses in arp.dat.
+    + arpsnmp errors now go to stderr instead of syslog.
+    + Add arpwatch directory flag (-D)
+    + Added the -x flag which is like -n but excludes cidrs
+
+-------------------------------------------------------------------
+Wed Aug 11 13:47:36 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s). Modified:
+  * arpwatch.service
+  * arpwatch@.service
+
+-------------------------------------------------------------------
+Tue Jun 29 07:10:40 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Fixed local privilege escalation from runtime user to root
+  (bsc#1186240, CVE-2021-25321)
+- Added service_* calls for the @.service file
+
+-------------------------------------------------------------------
+Tue Feb  9 08:36:27 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Fix arp2ethers script (bsc#1181936). Added arp2ethers.patch to 
+  inline the awk fragments. I tried hard to do this in a script
+  but no matter if sed, awk or perl is used something always breaks
+
+-------------------------------------------------------------------
+Mon Feb  1 15:15:15 UTC 2021 - olaf@aepfle.de
+
+- exit cleanly on SIGTERM with arpwatch-exit.patch
+- refresh all patches for autosetup
+
+-------------------------------------------------------------------
+Thu Jan 28 17:17:17 UTC 2021 - olaf@aepfle.de
+
+- report MAC as HH:HH:HH:HH:HH:HH with arpwatch-MAC.patch
+- remove unused ARPWATCH_INTERFACE= from sysconfig template
+- schedule arpwatch.service after exim/postfix/sendmail
+- remove arpwatch@.service from postinstall scriptlets to avoid warning
+  in case no instance is configured
+- move service_add_post to end of script because the macro exit
+  the script early
+
+-------------------------------------------------------------------
+Thu Jan 28 10:22:41 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Include arp2ethers script (jsc#SLE-17224)
+
+-------------------------------------------------------------------
+Sat Oct 17 10:52:57 UTC 2020 - Hans-Peter Jansen <hpj@urpla.net>
+
+- add report-iface.patch to see, where the offending change happened
+
+-------------------------------------------------------------------
+Tue May  7 08:51:31 UTC 2019 - Stefan Seyfried <seife+obs@b1-systems.com>
+
+- add 0001-Ignore-802.1Q-frames.patch to fix log spam on networks
+  with configured VLANs. (deb#625796)
+
+-------------------------------------------------------------------
+Sat Mar 16 08:57:03 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
+
+- Use noun phrase in summary.
+
+-------------------------------------------------------------------
+Thu Feb  7 12:21:45 UTC 2019 - jsegitz@suse.com
+
+- One %service_* call for all service files
+
+-------------------------------------------------------------------
+Tue Feb  5 12:25:15 UTC 2019 - jsegitz@suse.com
+
+- added getnameinfo.patch to prevent memory leak in gethname
+  (bsc#1119851)
+- %service_* invocations for arpwatch@.service
+
+-------------------------------------------------------------------
+Thu Nov 23 13:44:03 UTC 2017 - rbrown@suse.com
+
+- Replace references to /var/adm/fillup-templates with new
+  %_fillupdir macro (boo#1069468)
+
+-------------------------------------------------------------------
+Sat Aug 12 16:09:14 UTC 2017 - tchvatal@suse.com
+
+- Remove initscript support. Fix the service initialization to\
+  either allow single full client or user has to symlink the instance
+  and make sure he can run only one of them. bsc#737527
+- Make sure rcarpwatch is working
+- Use install commands for installation of files
+- Format with spec-cleaner
+- Generate temp files using systemd
+
+-------------------------------------------------------------------
+Fri Jun 19 14:32:19 UTC 2015 - lmuelle@suse.com
+
+- Deal with added two whitespaces in more recent oui.txt versions.
+  + arpwatch-2.1a15-massagevendor.patch
+
+-------------------------------------------------------------------
+Fri Dec  5 13:26:33 UTC 2014 - lmuelle@suse.com
+
+- Removed executable permission bits from arpwatch@.service file.
+
+-------------------------------------------------------------------
+Wed May 14 14:36:51 UTC 2014 - meissner@suse.com
+
+- added missing %pre/%service_add_pre section
+
+-------------------------------------------------------------------
+Tue Jan  7 10:06:22 UTC 2014 - rmilasan@suse.com
+
+- Rework arpwatch.service file to properly support multiple network
+  interfaces and arpwatch sysconfig file. (bnc#853384).
+
+-------------------------------------------------------------------
+Thu Mar 14 11:33:23 UTC 2013 - p.drouand@gmail.com
+
+- Drop sysvinit support and add systemd support for opensuse > 11.4
+
+-------------------------------------------------------------------
+Wed Jul 18 05:56:13 CEST 2012 - draht@suse.de
+
+- arpwatch-2.1a11-drop-privs.dif: call initgroups() with pw->pw_gid,
+  not NULL, to not have groupid 0 initialized. [bnc#764521]
+
+-------------------------------------------------------------------
+Sat Sep 17 12:17:44 UTC 2011 - jengelh@medozas.de
+
+- Remove redundant tags/sections from specfile
+
+-------------------------------------------------------------------
+Fri Nov 27 13:33:41 UTC 2009 - mseben@novell.com
+
+- added ARPDIR to build section in spec file, to fix error message 
+  in logs
+
+-------------------------------------------------------------------
+Wed Nov 12 14:33:57 CET 2008 - draht@suse.de
+
+- arpwatch-2.1a11-emailaddr.dif for flexibility in sender and
+  recipient addresses on commandline.
+- arpwatch-2.1a11-drop-privs.dif to run arpwatch as different user
+- arpwatch-2.1a11-drop-privs-manpage.dif for the manpage
+
+-------------------------------------------------------------------
+Wed Nov 12 11:22:54 CET 2008 - draht@suse.de
+
+- start script tuned for multiple interface support and independent
+  databases. #149003
+
+-------------------------------------------------------------------
+Thu Jul 26 16:52:52 CEST 2007 - prusnak@suse.cz
+
+- changed libpcap to libpcap-devel in BuildRequires
+
+-------------------------------------------------------------------
+Mon May 14 22:58:55 CEST 2007 - lrupp@suse.de
+
+- update to 2.1a15
+  + let the database files belong to the package
+  + build parallel
+  + use rpm macros for configure and make
+
+-------------------------------------------------------------------
+Wed Jan 25 21:34:23 CET 2006 - mls@suse.de
+
+- converted neededforbuild to BuildRequires
+
+-------------------------------------------------------------------
+Mon Apr 18 11:56:52 CEST 2005 - meissner@suse.de
+
+- Use RPM_OPT_FLAGS.
+
+-------------------------------------------------------------------
+Fri Nov 12 00:22:36 CET 2004 - lmuelle@suse.de
+
+- Add %insserv_prereq %fillup_prereq to prereq.
+- Add missing call to %stop_on_removal (%preun), %restart_on_update, and
+  %insserv_cleanup (%postun).
+
+-------------------------------------------------------------------
+Sat Nov  6 20:11:32 CET 2004 - lmuelle@suse.de
+
+- Split off massagevendor script and required files as we only need them at
+  build time to create the ethercodes.dat file from the IEEE.org meta data.
+
+-------------------------------------------------------------------
+Sat Nov  6 15:53:57 CET 2004 - lmuelle@suse.de
+
+- Add files needed by massagevendor script, [#48005].
+
+-------------------------------------------------------------------
+Fri Jun 25 23:07:25 CEST 2004 - lmuelle@suse.de
+
+- Update to version 2.1a13.
+- Add sysconfig file to allow additional options in the init script.
+- Compress source tar ball with bzip2.
+- Move IEEE OUI and Company_id file to ethercodes sub package.
+
+-------------------------------------------------------------------
+Thu Mar 25 16:45:57 CET 2004 - mmj@suse.de
+
+- Add postfix to # neededforbuild
+
+-------------------------------------------------------------------
+Mon Jan 12 13:43:11 CET 2004 - adrian@suse.de
+
+- fix build as user
+
+-------------------------------------------------------------------
+Mon Jan 12 09:28:57 CET 2004 - adrian@suse.de
+
+- add %defattr
+
+-------------------------------------------------------------------
+Tue Jul 29 15:10:25 CEST 2003 - aj@suse.de
+
+- Fix for chown changes.
+
+-------------------------------------------------------------------
+Thu Jun 12 16:32:53 CEST 2003 - mmj@suse.de
+
+- Forgot to comment in a line
+
+-------------------------------------------------------------------
+Thu Jun 12 14:50:36 CEST 2003 - mmj@suse.de
+
+- Use BuildRoot
+
+-------------------------------------------------------------------
+Wed Feb 26 15:30:01 CET 2003 - draht@suse.de
+
+- added /usr/sbin/rcarpwatch symlink (#24163)
+
+-------------------------------------------------------------------
+Wed Sep 18 09:15:17 MEST 2002 - draht@suse.de
+
+- added fileutils to PreReq (#19782)
+
+-------------------------------------------------------------------
+Tue Sep 17 17:34:28 CEST 2002 - ro@suse.de
+
+- removed bogus self-provides 
+
+-------------------------------------------------------------------
+Thu Aug 22 14:12:22 CEST 2002 - draht@suse.de
+
+- minor buffer overflow with dns query results, fixed by
+  arpwatch-2.1a11-hname-overflow.dif (#18149)
+
+-------------------------------------------------------------------
+Mon Jul  8 15:41:39 MEST 2002 - draht@suse.de
+
+- do not source /etc/rc.config any more.
+
+-------------------------------------------------------------------
+Mon Mar 18 14:01:45 MET 2002 - draht@suse.de
+
+- minor correction to ethercodes.dat
+
+-------------------------------------------------------------------
+Thu Mar 14 19:17:50 MET 2002 - draht@suse.de
+
+- added init script (bugzilla #12548)
+- fix support for token ring interfaces. Thanks to Bjoern Jacke,
+  fixes bugzilla #14504.
+- update of vendor table (ethercodes.dat)
+
+-------------------------------------------------------------------
+Mon Oct 15 17:26:40 MEST 2001 - draht@suse.de
+
+- upgrade to version 2.1a11
+  syslog(3), but do not send mail for packets from IP 0.0.0.0
+
+-------------------------------------------------------------------
+Wed Aug  8 15:33:50 CEST 2001 - sgf@suse.de
+
+- removed libpcapn from neededforbuild and added libpcap 
+
+-------------------------------------------------------------------
+Thu Jan 11 02:29:47 MET 2001 - draht@suse.de
+
+- New version 2.1a10 fixes tmp file race (security).
+
+-------------------------------------------------------------------
+Tue Aug  8 20:46:11 CEST 2000 - olh@suse.de
+
+- add /usr/share/arpwatch to file list, ethercodes.dat was missing
+
+-------------------------------------------------------------------
+Thu Jun  1 09:47:41 CEST 2000 - kukuk@suse.de
+
+- Use doc macro 
+
+-------------------------------------------------------------------
+Fri Feb 18 14:09:29 CET 2000 - dipa@suse.de
+
+- Changed path for manuals to /usr/share/man and /usr/lib/arpwatch
+  to /var/lib/arpwatch for arp.dat and /usr/share/arpwatch for
+  ethercodes.dat 
+
+-------------------------------------------------------------------                                 
+Fri Sep 17 11:28:09 MEST 1999 - kettner@suse.de
+
+- Reinserted old # Commandline: line.
+
+-------------------------------------------------------------------
+Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de
+
+- ran old prepare_spec on spec file to switch to new prepare_spec.
+
+-------------------------------------------------------------------
+Thu Jul 22 13:10:27 MEST 1999 - msrex@suse.de
+
+- Fixed postinstall
+
+
+-------------------------------------------------------------------
+Mon Jul 12 01:48:03 MEST 1999 - ro@suse.de
+
+- libpcap is an extra package now
+
+-------------------------------------------------------------------
+Fri Jun 11 23:17:27 CEST 1999 - msrex@suse.de
+
+ - Spec file created from arpwatch-2.1a4.tar.gz by autospec
+
+-------------------------------------------------------------------
+Fri Jun 11 22:37:49 CEST 1999 - msrex@suse.de
+
+ - Spec file created from arpwatch-2.1a4.tar.gz by autospec

arpwatch.service

@@ -0,0 +1,31 @@
+[Unit]
+Description=Arpwatch daemon which keeps track of ethernet/ip address pairings
+After=network.target
+After=exim.service
+After=postfix.service
+After=sendmail.service
+Conflicts=arpwatch.target
+
+[Service]
+Type=forking
+Environment=ARPWATCH_ARGS=
+EnvironmentFile=-/etc/sysconfig/arpwatch
+PrivateTmp=yes
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
+ExecStartPre=/usr/bin/touch /var/lib/arpwatch/arp.dat
+ExecStart=/usr/sbin/arpwatch $ARPWATCH_ARGS -f /var/lib/arpwatch/arp.dat
+
+[Install]
+WantedBy=multi-user.target

arpwatch.spec

@@ -0,0 +1,135 @@
+#
+# spec file for package arpwatch
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+#Compat macro for new _fillupdir macro introduced in Nov 2017
+%if ! %{defined _fillupdir}
+  %define _fillupdir %{_localstatedir}/adm/fillup-templates
+%endif
+Name:           arpwatch
+Version:        3.6
+Release:        0
+Summary:        Tool to keep track of Ethernet<->IP address pairings
+License:        BSD-3-Clause
+Group:          Productivity/Networking/Diagnostic
+URL:            https://ee.lbl.gov/nrg.html
+Source:         https://ee.lbl.gov/downloads/arpwatch/%{name}-%{version}.tar.gz
+Source10:       arpwatch@.service
+Source11:       sysconfig.arpwatch
+Source12:       arpwatch.service
+Patch0:         arpwatch-2.1a11-chrootbuild.diff
+Patch1:         arpwatch-no-source-zero.dif
+Patch2:         arpwatch.ETHERCODES.patch
+Patch5:         arpwatch-2.1a11-drop-privs-manpage.dif
+Patch6:         arpwatch-2.1a11-drop-privs.dif
+# PATCH-Fix-Upstream -- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625796#20 -- seife+obs@b1-systems.com
+Patch10:        0001-Ignore-802.1Q-frames.patch
+Patch11:        report-iface.patch
+Patch13:        arpwatch-exit.patch
+Patch14:        arp2ethers.patch
+Patch15:        arpwatch-3.4-include-time.patch
+Patch16:        arpwatch-gcc14.patch
+BuildRequires:  libpcap-devel
+BuildRequires:  postfix
+BuildRequires:  systemd-rpm-macros
+Requires:       arpwatch-ethercodes
+Requires(post): %fillup_prereq
+Requires(post): coreutils
+
+%description
+Arpwatch keeps track of Ethernet and IP address pairings. It logs
+activity to syslog and reports certain changes via e-mail.
+
+%package ethercodes-build
+Summary:        Tool to create ethercodes.dat from IEEE.org meta data
+Group:          Productivity/Networking/Diagnostic
+
+%description ethercodes-build
+Tool and required files to create the ethercodes.dat file from the OUI
+and company ID data as provided by IEEE.org.  This package is only
+needed if you want to build the arpwatch-ethercodes package.
+
+%prep
+%autosetup -p1
+
+%build
+%configure
+%make_build \
+	ARPDIR=%{_localstatedir}/lib/arpwatch \
+	ETHERCODES=%{_datadir}/arpwatch/ethercodes.dat \
+	%{nil}
+
+%install
+mkdir -p \
+    %{buildroot}/%{_tmpfilesdir} \
+    %{buildroot}/%{_sbindir} \
+    %{buildroot}/%{_datadir}/arpwatch \
+    %{buildroot}/%{_mandir}/man8 \
+    %{buildroot}%{_fillupdir}
+%make_install
+# ethercodes.dat is in the arpwatch-ethercodes package
+rm -f %{buildroot}/%{_datadir}/arpwatch/ethercodes.dat
+for file in euppertolower.awk duplicates.awk p.awk; do
+	cp -p ${file} %{buildroot}/%{_datadir}/arpwatch
+done
+install -Dm 0644 %{SOURCE10} %{buildroot}/%{_unitdir}/arpwatch@.service
+install -Dm 0644 %{SOURCE12} %{buildroot}/%{_unitdir}/arpwatch.service
+ln -s service %{buildroot}%{_sbindir}/rcarpwatch
+install -Dm 0644 %{SOURCE11} \
+    %{buildroot}%{_fillupdir}/sysconfig.arpwatch
+# own the database files
+cat > %{buildroot}%{_tmpfilesdir}/arpwatch.conf <<EOF
+# See tmpfiles.d(5) for details
+d %{_localstatedir}/lib/arpwatch - - - -
+f %{_localstatedir}/lib/arpwatch/arp.dat - - - -
+EOF
+mkdir %{buildroot}%{_bindir}
+install -m 0755 arp2ethers %{buildroot}%{_bindir}
+
+%pre
+%service_add_pre arpwatch.service
+
+%preun
+%service_del_preun arpwatch.service
+
+%post
+%fillup_only
+%tmpfiles_create %{_tmpfilesdir}/arpwatch.conf
+%service_add_post arpwatch.service
+
+%postun
+%service_del_postun arpwatch.service
+
+%files
+%{_unitdir}/arpwatch.service
+%{_unitdir}/arpwatch@.service
+%{_tmpfilesdir}/arpwatch.conf
+%{_sbindir}/rcarpwatch
+%{_sbindir}/arpsnmp
+%{_sbindir}/arpwatch
+%{_bindir}/arp2ethers
+%ghost %dir %{_localstatedir}/lib/arpwatch
+%ghost %{_localstatedir}/lib/arpwatch/arp.dat
+%{_fillupdir}/sysconfig.arpwatch
+%{_mandir}/man8/arpsnmp.8%{?ext_man}
+%{_mandir}/man8/arpwatch.8%{?ext_man}
+%doc CHANGES FILES README
+
+%files ethercodes-build
+%{_datadir}/arpwatch
+
+%changelog

arpwatch@.service

@@ -0,0 +1,32 @@
+# vim: syntax=systemd
+[Unit]
+Description=Arpwatch daemon which keeps track of ethernet/ip address pairings
+After=network.target
+After=exim.service
+After=postfix.service
+After=sendmail.service
+PartOf=arpwatch.target
+
+[Service]
+Type=forking
+Environment=ARPWATCH_ARGS=
+EnvironmentFile=-/etc/sysconfig/arpwatch
+PrivateTmp=yes
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
+ExecStartPre=/usr/bin/touch /var/lib/arpwatch/arp.dat.%i
+ExecStart=/usr/sbin/arpwatch $ARPWATCH_ARGS -i %i -f /var/lib/arpwatch/arp.dat.%i
+
+[Install]
+WantedBy=multi-user.target

report-iface.patch

@@ -0,0 +1,55 @@
+Index: arpwatch-3.1/arpsnmp.c
+===================================================================
+--- arpwatch-3.1.orig/arpsnmp.c
++++ arpwatch-3.1/arpsnmp.c
+@@ -77,6 +77,7 @@ void	usage(void) __attribute__((noreturn
+ 
+ /* Globals */
+ char *prog;
++char *interface;
+ int quiet;
+ int suppress;
+ const char *watcher = WATCHER;
+Index: arpwatch-3.1/arpwatch.c
+===================================================================
+--- arpwatch-3.1.orig/arpwatch.c
++++ arpwatch-3.1/arpwatch.c
+@@ -123,6 +123,7 @@ struct rtentry;
+ 
+ /* Globals */
+ char *prog;
++char *interface;
+ int quiet;
+ int suppress;
+ const char *watcher = WATCHER;
+@@ -244,7 +245,7 @@ main(int argc, char **argv)
+ 	pcap_t *pd;
+ 	FILE *fp;
+ 	pcap_if_t *alldevs;
+-	char *interface, *rfilename;
++	char *rfilename;
+ 	struct bpf_program code;
+ 	char errbuf[PCAP_ERRBUF_SIZE];
+ 	char *serveruser = NULL;
+Index: arpwatch-3.1/report.c
+===================================================================
+--- arpwatch-3.1.orig/report.c
++++ arpwatch-3.1/report.c
+@@ -78,6 +78,8 @@ struct rtentry;
+ 
+ #define PLURAL(n) ((n) == 1 || (n) == -1 ? "" : "s")
+ 
++extern char *interface;
++
+ static int cdepth;	/* number of outstanding children */
+ 
+ static char *fmtdate(time_t);
+@@ -354,6 +356,8 @@ report(const char *title, u_int32_t a, c
+ 		(void)fprintf(f, fmt, "previous timestamp", fmtdate(*t2p));
+ 	if (t1p && t2p && *t1p && *t2p)
+ 		(void)fprintf(f, fmt, "delta", fmtdelta(*t1p - *t2p));
++	if (interface)
++		(void)fprintf(f, fmt, "interface", interface);
+ 
+ 	if (debug) {
+ 		fflush(f);

sysconfig.arpwatch

@@ -0,0 +1,10 @@
+## Type:           string
+## Default:        ""
+## ServiceRestart: arpwatch
+#
+# Additional arguments when starting arpwatch with the init script
+# /etc/init.d/arpwatch or rcarpwatch.
+#
+# See man 8 arpwatch for all available commandline options.
+#
+ARPWATCH_ARGS=""