From 623361c79ce42b1332c8c40a66c38654eed445b0 Mon Sep 17 00:00:00 2001 From: Li Guan Date: Thu, 4 Jun 2026 09:32:03 +0800 Subject: [PATCH 1/2] SPECS: add msmtp. Signed-off-by: Li Guan --- SPECS/msmtp/msmtp.spec | 76 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 SPECS/msmtp/msmtp.spec diff --git a/SPECS/msmtp/msmtp.spec b/SPECS/msmtp/msmtp.spec new file mode 100644 index 0000000000..82e55a1dde --- /dev/null +++ b/SPECS/msmtp/msmtp.spec @@ -0,0 +1,76 @@ +# SPDX-FileCopyrightText: (C) 2026 Institute of Software, Chinese Academy of Sciences (ISCAS) +# SPDX-FileCopyrightText: (C) 2026 openRuyi Project Contributors +# SPDX-FileContributor: Li Guan +# +# SPDX-License-Identifier: MulanPSL-2.0 + +Name: msmtp +Version: 1.8.32 +Release: %autorelease +Summary: msmtp is an SMTP client +License: GPL-3.0-or-later +URL: https://marlam.de/msmtp/ +VCS: git:https://git.marlam.de/gitweb/?p=msmtp.git +#!RemoteAsset: sha256:20cd58b58dd007acf7b937fa1a1e21f3afb3e9ef5bbcfb8b4f5650deadc64db4 +Source0: https://marlam.de/msmtp/releases/%{name}-%{version}.tar.xz +BuildSystem: autotools + +BuildOption(conf): --disable-rpath +BuildOption(conf): --with-libsecret + +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +BuildRequires: make +BuildRequires: gettext-devel +BuildRequires: libsecret-devel +BuildRequires: pkgconfig(gnutls) +BuildRequires: pkgconfig(libidn2) + +Requires(post): %{_sbindir}/alternatives +Requires(postun): %{_sbindir}/alternatives + +Provides: %{_sbindir}/sendmail + +%description +msmtp is an SMTP client. +In the default mode, it transmits a mail to an SMTP server which +takes care of further delivery. To use this program with your mail +user agent (MUA), create a configuration file with your mail account(s) +and tell your MUA to call msmtp instead of /usr/sbin/sendmail. + +%conf -p +autoreconf -fiv + +%install -a +%find_lang %{name} +rm -f %{buildroot}%{_infodir}/dir +rm -f %{buildroot}%{_prefix}/lib/sendmail +rm -f %{buildroot}%{_sbindir}/sendmail +rm -f %{buildroot}%{_bindir}/newaliases +rm -f %{buildroot}%{_mandir}/man1/sendmail.1* +rm -f %{buildroot}%{_mandir}/man1/newaliases.1* + +%post +%{_sbindir}/alternatives --install %{_sbindir}/sendmail mta %{_bindir}/msmtp 40 \ + --slave %{_prefix}/lib/sendmail mta-sendmail %{_bindir}/msmtp \ + --slave %{_mandir}/man8/sendmail.8.gz mta-sendmailman %{_mandir}/man1/msmtp.1.gz + +%postun +if [ "$1" -eq 0 ] ; then + %{_sbindir}/alternatives --remove mta %{_bindir}/msmtp +fi + +%files -f %{name}.lang +%doc AUTHORS NEWS README THANKS +%doc doc/msmtprc-system.example doc/msmtprc-user.example +%license COPYING +%{_bindir}/msmtp* +%{_infodir}/msmtp.info* +%{_mandir}/man1/msmtp*.1* +%ghost %{_sbindir}/sendmail +%ghost %{_prefix}/lib/sendmail +%ghost %{_mandir}/man8/sendmail.8.gz + +%changelog +%autochangelog From e5886e4c624de8cbbec2047680d73249ea136445 Mon Sep 17 00:00:00 2001 From: Li Guan Date: Thu, 4 Jun 2026 13:13:52 +0800 Subject: [PATCH 2/2] SPECS: add arpwatch. Signed-off-by: Li Guan --- .../1000-arpwatch-3.1-man-references.patch | 79 +++++++++ .../1001-arpwatch-3.2-change-user.patch | 149 +++++++++++++++++ .../1002-arpwatch-3.9-no-usr-local-path.patch | 43 +++++ ...arpwatch-3.1-configure-no-local-pcap.patch | 18 ++ .../1004-arpwatch-3.1-all-zero-bogon.patch | 25 +++ .../arpwatch/1005-arpwatch-3.5-exitcode.patch | 18 ++ .../1006-arpwatch-3.5-devlookup.patch | 146 +++++++++++++++++ SPECS/arpwatch/1007-arpwatch-3.3-c99.patch | 26 +++ SPECS/arpwatch/arp2ethers.8 | 53 ++++++ SPECS/arpwatch/arpwatch.service | 26 +++ SPECS/arpwatch/arpwatch.spec | 154 ++++++++++++++++++ SPECS/arpwatch/arpwatch.sysconfig | 2 + SPECS/arpwatch/arpwatch.sysusers | 2 + SPECS/arpwatch/massagevendor.8 | 94 +++++++++++ 14 files changed, 835 insertions(+) create mode 100644 SPECS/arpwatch/1000-arpwatch-3.1-man-references.patch create mode 100644 SPECS/arpwatch/1001-arpwatch-3.2-change-user.patch create mode 100644 SPECS/arpwatch/1002-arpwatch-3.9-no-usr-local-path.patch create mode 100644 SPECS/arpwatch/1003-arpwatch-3.1-configure-no-local-pcap.patch create mode 100644 SPECS/arpwatch/1004-arpwatch-3.1-all-zero-bogon.patch create mode 100644 SPECS/arpwatch/1005-arpwatch-3.5-exitcode.patch create mode 100644 SPECS/arpwatch/1006-arpwatch-3.5-devlookup.patch create mode 100644 SPECS/arpwatch/1007-arpwatch-3.3-c99.patch create mode 100644 SPECS/arpwatch/arp2ethers.8 create mode 100644 SPECS/arpwatch/arpwatch.service create mode 100644 SPECS/arpwatch/arpwatch.spec create mode 100644 SPECS/arpwatch/arpwatch.sysconfig create mode 100644 SPECS/arpwatch/arpwatch.sysusers create mode 100644 SPECS/arpwatch/massagevendor.8 diff --git a/SPECS/arpwatch/1000-arpwatch-3.1-man-references.patch b/SPECS/arpwatch/1000-arpwatch-3.1-man-references.patch new file mode 100644 index 0000000000..d1e841fb6a --- /dev/null +++ b/SPECS/arpwatch/1000-arpwatch-3.1-man-references.patch @@ -0,0 +1,79 @@ +From: Fedora Project +Source: https://src.fedoraproject.org/rpms/arpwatch + +Fix section numbers in man page cross-references. With minor changes, this +patch dates all the way back to arpwatch-2.1a4-man.patch, from RHBZ#15442. + +diff -Naur arpwatch-3.1-original/arpsnmp.8.in arpwatch-3.1/arpsnmp.8.in +--- arpwatch-3.1-original/arpsnmp.8.in 2019-12-01 14:01:07.000000000 -0500 ++++ arpwatch-3.1/arpsnmp.8.in 2020-11-05 15:13:01.296113145 -0500 +@@ -45,7 +45,7 @@ + and reports certain changes via email. + .Nm + reads information from a file (usually generated by +-.Xr snmpwalk 3 ) . ++.Xr snmpwalk 1 ) . + .Pp + The format of the input file is the same as + .Ar arp.dat ; +@@ -119,9 +119,9 @@ + .Pp + .Sh "REPORT MESSAGES" + See the +-.Xr arpwatch 1 ++.Xr arpwatch 8 + man page for details on the report messages generated by +-.Xr arpsnmp 1 . ++.Xr arpsnmp 8 . + .Sh FILES + .Bl -tag -width ".Pa /usr/local/arpwatch" -compact + .It Pa /usr/local/arpwatch +@@ -132,7 +132,7 @@ + vendor ethernet block list + .Sh "SEE ALSO" + .Xr arpwatch 8 , +-.Xr snmpwalk 8 , ++.Xr snmpwalk 1 , + .Xr arp 8 , + .Sh AUTHORS + .An Craig Leres +diff -Naur arpwatch-3.1-original/arpwatch.8.in arpwatch-3.1/arpwatch.8.in +--- arpwatch-3.1-original/arpwatch.8.in 2019-12-01 14:01:07.000000000 -0500 ++++ arpwatch-3.1/arpwatch.8.in 2020-11-05 15:14:12.117564292 -0500 +@@ -117,9 +117,9 @@ + .Fl r + flag is used to specify a savefile + (perhaps created by +-.Xr tcpdump 1 ++.Xr tcpdump 8 + or +-.Xr pcapture 1 ) ++.Xr pcapture 8 ) + to read from instead + of reading from the network. In this case + .Nm +@@ -163,9 +163,9 @@ + .Pp + .Sh "REPORT MESSAGES" + Here's a quick list of the report messages generated by +-.Xr arpwatch 1 ++.Xr arpwatch 8 + (and +-.Xr arpsnmp 1 ) : ++.Xr arpsnmp 8 ) : + .Pp + .Bl -tag -width xxx + .It Ic "new activity" +@@ -216,9 +216,9 @@ + .Sh "SEE ALSO" + .Xr arpsnmp 8 , + .Xr arp 8 , +-.Xr bpf 4 , +-.Xr tcpdump 1 , +-.Xr pcapture 1 , ++.Xr bpf 2 , ++.Xr tcpdump 8 , ++.Xr pcapture 8 , + .Xr pcap 3 + .Sh AUTHORS + .An Craig Leres diff --git a/SPECS/arpwatch/1001-arpwatch-3.2-change-user.patch b/SPECS/arpwatch/1001-arpwatch-3.2-change-user.patch new file mode 100644 index 0000000000..a1898bb698 --- /dev/null +++ b/SPECS/arpwatch/1001-arpwatch-3.2-change-user.patch @@ -0,0 +1,149 @@ +From: Fedora Project +Source: https://src.fedoraproject.org/rpms/arpwatch + +Add, and document, a -u argument to change to a specified unprivileged user +after establishing sockets. + +This patch rebases and combines arpwatch-drop.patch, which provided -u; +arpwatch-drop-man.patch, which documented it; and +arpwatch-2.1a15-dropgroup.patch, which fixed CVE-2012-2653 (RHBZ #825328) in +the original arpwatch-drop.patch, into a single combined patch. It also removes +an unnecessary and unchecked strdup() in the original patch that could have +theoretically led to a null pointer dereference. + +diff -Naur arpwatch-3.2-original/arpwatch.8.in arpwatch-3.2/arpwatch.8.in +--- arpwatch-3.2-original/arpwatch.8.in 2021-12-14 19:47:54.000000000 -0500 ++++ arpwatch-3.2/arpwatch.8.in 2021-12-16 08:18:21.803266980 -0500 +@@ -43,6 +43,7 @@ + .Op Fl n Ar net[/width] + .Op Fl x Ar net[/width] + .Op Fl r Ar file ++.Op Fl u Ar username + .Sh DESCRIPTION + .Nm + keeps track of ethernet/ip address pairings. It syslogs activity +@@ -137,13 +138,30 @@ + Note that an empty + .Ar arp.dat + file must be created before the first time you run +-.Fl arpwatch . ++.Nm . ++Also, the default directory (where ++.Ar arp.dat ++is stored) must be owned by ++.Ar username ++if the ++.Fl u ++flag is used. + .Pp + The + .Fl s + flag suppresses reports sent by email. + .Pp + The ++.Fl u ++flag causes ++.Nm ++to drop root privileges and change user ID to ++.Ar username ++and group ID to that of the primary group of ++.Ar username . ++This is recommended for security reasons. ++.Pp ++The + .Fl v + flag disables the reporting of VRRP/CARP ethernet prefixes as + described in RFC5798 (@MACZERO@0:@MACZERO@0:5e:@MACZERO@0:@MACZERO@1:xx). +diff -Naur arpwatch-3.2-original/arpwatch.c arpwatch-3.2/arpwatch.c +--- arpwatch-3.2-original/arpwatch.c 2019-11-30 13:35:23.000000000 -0500 ++++ arpwatch-3.2/arpwatch.c 2021-12-16 08:18:21.812267045 -0500 +@@ -72,6 +72,8 @@ + #include + #include + ++#include ++#include + #include + + #include "gnuc.h" +@@ -170,6 +172,24 @@ + int toskip(u_int32_t); + void usage(void) __attribute__((noreturn)); + ++void dropprivileges(const char* user) ++{ ++ struct passwd* const pw = getpwnam(user); ++ if (pw) { ++ if (setgid(pw->pw_gid) != 0 || setgroups(0, NULL) != 0 || ++ setuid(pw->pw_uid) != 0) { ++ lg(LOG_ERR, "Couldn't change to '%.32s' uid=%d gid=%d", ++ user, pw->pw_uid, pw->pw_gid); ++ exit(1); ++ } ++ } else { ++ lg(LOG_ERR, "Couldn't find user '%.32s' in /etc/passwd", ++ user); ++ exit(1); ++ } ++ lg(LOG_DEBUG, "Running as uid=%d gid=%d", getuid(), getgid()); ++} ++ + int + main(int argc, char **argv) + { +@@ -181,6 +201,7 @@ + char *interface, *rfilename; + struct bpf_program code; + char errbuf[PCAP_ERRBUF_SIZE]; ++ char* serveruser = NULL; + + if (argv[0] == NULL) + prog = "arpwatch"; +@@ -198,7 +219,7 @@ + interface = NULL; + rfilename = NULL; + pd = NULL; +- while ((op = getopt(argc, argv, "CdD:Ff:i:n:NpP:qr:svw:W:x:zZ")) != EOF) ++ while ((op = getopt(argc, argv, "CdD:Ff:i:n:NpP:qr:svw:W:x:zZu:")) != EOF) + switch (op) { + + case 'C': +@@ -283,6 +304,17 @@ + zeropad = 1; + break; + ++ case 'u': ++ if (optarg) { ++ /* no need to strdup() a pointer into the ++ * original arguments vector */ ++ serveruser = optarg; ++ } else { ++ fprintf(stderr, "%s: Need username after -u\n", prog); ++ usage(); ++ } ++ break; ++ + default: + usage(); + } +@@ -379,6 +411,11 @@ + } + } + ++ /* Explicit user change (privilege drop) with -u? */ ++ if (serveruser) { ++ dropprivileges(serveruser); ++ } ++ + /* + * Revert to non-privileged user after opening sockets + * (not needed on most systems). +@@ -927,6 +964,7 @@ + "usage: %s [-CdFNpqsvzZ] [-D arpdir] [-f datafile]" + " [-i interface]\n\t" + " [-P pidfile] [-w watcher@email] [-W watchee@email]\n\t" +- " [-n net[/width]] [-x net[/width]] [-r file]\n", prog); ++ " [-n net[/width]] [-x net[/width]] [-r file] [-u username]\n", ++ prog); + exit(1); + } diff --git a/SPECS/arpwatch/1002-arpwatch-3.9-no-usr-local-path.patch b/SPECS/arpwatch/1002-arpwatch-3.9-no-usr-local-path.patch new file mode 100644 index 0000000000..4d01f5749b --- /dev/null +++ b/SPECS/arpwatch/1002-arpwatch-3.9-no-usr-local-path.patch @@ -0,0 +1,43 @@ +From: Fedora Project +Source: https://src.fedoraproject.org/rpms/arpwatch + +Do not add /usr/local/bin or /usr/local/sbin to the PATH in any scripts. + +diff -Naur arpwatch-3.9-original/arpfetch arpwatch-3.9/arpfetch +--- arpwatch-3.9-original/arpfetch 2013-02-16 08:10:28.000000000 +0000 ++++ arpwatch-3.9/arpfetch 2025-10-23 23:27:24.285711332 +0100 +@@ -4,8 +4,6 @@ + # arpfetch - collect arp data from a cisco using net-snmp + # + +-export PATH="/usr/local/bin:${PATH}" +- + prog=`basename $0` + + if [ $# -ne 2 ]; then +diff -Naur arpwatch-3.9-original/bihourly.sh arpwatch-3.9/bihourly.sh +--- arpwatch-3.9-original/bihourly.sh 2016-09-17 03:40:54.000000000 +0100 ++++ arpwatch-3.9/bihourly.sh 2025-10-23 23:27:24.285849999 +0100 +@@ -3,9 +3,6 @@ + # + # bihourly arpwatch job + # +-PATH=${PATH}:/usr/local/sbin +-export PATH +-# + cd /usr/local/arpwatch + # + list="`cat list`" +diff -Naur arpwatch-3.9-original/update-ethercodes.sh.in arpwatch-3.9/update-ethercodes.sh.in +--- arpwatch-3.9-original/update-ethercodes.sh.in 2025-10-23 20:32:08.000000000 +0100 ++++ arpwatch-3.9/update-ethercodes.sh.in 2025-10-23 23:27:50.579194300 +0100 +@@ -6,9 +6,6 @@ + + prog="`basename $0`" + +-PATH=/usr/local/bin:${PATH} +-export PATH +- + t1=`mktemp /tmp/${prog}.1.XXXXXX` + + trap 'rm -f ${t1}; exit 1' 1 2 3 15 EXIT diff --git a/SPECS/arpwatch/1003-arpwatch-3.1-configure-no-local-pcap.patch b/SPECS/arpwatch/1003-arpwatch-3.1-configure-no-local-pcap.patch new file mode 100644 index 0000000000..282cfe6baf --- /dev/null +++ b/SPECS/arpwatch/1003-arpwatch-3.1-configure-no-local-pcap.patch @@ -0,0 +1,18 @@ +From: Fedora Project +Source: https://src.fedoraproject.org/rpms/arpwatch + +Do not attempt to search for local libpcap libraries lying around in the parent +of the build directory, or anywhere else random. This is not expected to +succeed anyway, but it is better to be sure. + +diff -Naur arpwatch-3.1-original/configure arpwatch-3.1/configure +--- arpwatch-3.1-original/configure 2020-04-05 20:22:04.000000000 -0400 ++++ arpwatch-3.1/configure 2020-11-07 11:59:40.114550004 -0500 +@@ -5437,6 +5437,7 @@ + places=`ls .. | sed -e 's,/$,,' -e 's,^,../,' | \ + egrep '/libpcap-[0-9]*\.[0-9]*(\.[0-9]*)?([ab][0-9]*)?$'` + for dir in $places ../libpcap libpcap ; do ++ break + basedir=`echo $dir | sed -e 's/[ab][0-9]*$//'` + if test $lastdir = $basedir ; then + continue; diff --git a/SPECS/arpwatch/1004-arpwatch-3.1-all-zero-bogon.patch b/SPECS/arpwatch/1004-arpwatch-3.1-all-zero-bogon.patch new file mode 100644 index 0000000000..3a8def6690 --- /dev/null +++ b/SPECS/arpwatch/1004-arpwatch-3.1-all-zero-bogon.patch @@ -0,0 +1,25 @@ +From: Fedora Project +Source: https://src.fedoraproject.org/rpms/arpwatch + +RHBZ #244606: Correctly handle -n 0/32 to allow the user to disable reporting +bogons from 0.0.0.0. + +diff -Naur arpwatch-3.1-original/arpwatch.c arpwatch-3.1/arpwatch.c +--- arpwatch-3.1-original/arpwatch.c 2019-11-30 13:35:23.000000000 -0500 ++++ arpwatch-3.1/arpwatch.c 2020-11-07 12:10:53.357839069 -0500 +@@ -814,10 +814,12 @@ + + /* XXX hack */ + n = ntohl(inet_addr(tstr)); +- while ((n & 0xff000000) == 0) { +- n <<= 8; +- if (n == 0) +- return (0); ++ if (n || width != 32) { ++ while ((n & 0xff000000) == 0) { ++ n <<= 8; ++ if (n == 0) ++ return (0); ++ } + } + n = htonl(n); diff --git a/SPECS/arpwatch/1005-arpwatch-3.5-exitcode.patch b/SPECS/arpwatch/1005-arpwatch-3.5-exitcode.patch new file mode 100644 index 0000000000..f5934982d4 --- /dev/null +++ b/SPECS/arpwatch/1005-arpwatch-3.5-exitcode.patch @@ -0,0 +1,18 @@ +From: Fedora Project +Source: https://src.fedoraproject.org/rpms/arpwatch + +When arpwatch is terminated cleanly by a signal (INT/TERM/HUP) handler, the +exit code should be zero for success instead of nonzero for failure. + +diff -Naur arpwatch-3.5-original/arpwatch.c arpwatch-3.5/arpwatch.c +--- arpwatch-3.5-original/arpwatch.c 2023-12-03 13:10:05.000000000 -0500 ++++ arpwatch-3.5/arpwatch.c 2023-12-03 20:04:01.834691097 -0500 +@@ -915,7 +915,7 @@ + { + lg(LOG_DEBUG, "exiting"); + checkpoint(0); +- exit(1); ++ exit(0); + } + + void diff --git a/SPECS/arpwatch/1006-arpwatch-3.5-devlookup.patch b/SPECS/arpwatch/1006-arpwatch-3.5-devlookup.patch new file mode 100644 index 0000000000..6588891efc --- /dev/null +++ b/SPECS/arpwatch/1006-arpwatch-3.5-devlookup.patch @@ -0,0 +1,146 @@ +From: Fedora Project +Source: https://src.fedoraproject.org/rpms/arpwatch + +When -i is not given, do not just try the first device found, but keep +checking devices until a usable one is found, if any is available. +Additionally, handle the case where a device provides both supported and +unsupported datalink types. + +diff -Naur arpwatch-3.5-original/arpwatch.c arpwatch-3.5/arpwatch.c +--- arpwatch-3.5-original/arpwatch.c 2023-12-03 13:10:05.000000000 -0500 ++++ arpwatch-3.5/arpwatch.c 2023-12-03 20:06:32.694857659 -0500 +@@ -163,6 +163,8 @@ + void hup(int); + int isbogon(u_int32_t); + int main(int, char **); ++int try_open_live(pcap_t ** pd_ptr, char const * interface_name, ++ int promiscuous_enable); + void process_ether(u_char *, const struct pcap_pkthdr *, const u_char *); + void process_fddi(u_char *, const struct pcap_pkthdr *, const u_char *); + int readsnmp(char *); +@@ -179,7 +181,7 @@ + int op, snaplen, timeout, linktype, status; + pcap_t *pd; + FILE *fp; +- pcap_if_t *alldevs; ++ pcap_if_t *alldevs, *dev; + char *interface, *rfilename; + struct bpf_program code; + char errbuf[PCAP_ERRBUF_SIZE]; +@@ -311,13 +313,18 @@ + "%s: pcap_findalldevs: %s\n", prog, errbuf); + exit(1); + } +- if (alldevs == NULL) { ++ for (dev = alldevs; dev; dev = dev->next) { ++ if (try_open_live(&pd, dev->name, promisc)) { ++ interface = savestr(alldevs->name); ++ break; ++ } ++ } ++ pcap_freealldevs(alldevs); ++ if (interface == NULL) { + (void)fprintf(stderr, "%s: pcap_findalldevs:" + " no suitable devices found\n", prog); + exit(1); + } +- interface = savestr(alldevs->name); +- pcap_freealldevs(alldevs); + #else + if (interface = pcap_lookupdev(errbuf)) == NULL) { + (void)fprintf(stderr, +@@ -356,15 +363,12 @@ + } + swapped = pcap_is_swapped(pd); + } else { +- snaplen = max(sizeof(struct ether_header), +- sizeof(struct fddi_header)) + sizeof(struct ether_arp); +- timeout = 1000; +- pd = pcap_open_live(interface, snaplen, promisc, timeout, +- errbuf); + if (pd == NULL) { +- lg(LOG_ERR, "pcap open %s: %s", interface, errbuf); +- exit(1); ++ if (!try_open_live(&pd, interface, promisc)) { ++ exit(1); ++ } + } ++ /* else pd was already opened based on pcap_findalldevs */ + #ifdef WORDS_BIGENDIAN + swapped = 1; + #endif +@@ -454,6 +458,74 @@ + exit(0); + } + ++int ++try_open_live(pcap_t ** pd_ptr, char const * interface_name, int promiscuous_enable) { ++ /* Attempt to open an interface and set up a supported datalink type; ++ * return nonzero on success and zero on failure (and log a message). ++ */ ++ int snaplen, timeout, n_datalinks, datalink_i; ++ int * datalinks, datalink; ++ char errbuf[PCAP_ERRBUF_SIZE]; ++ ++ snaplen = max(sizeof(struct ether_header), ++ sizeof(struct fddi_header)) + sizeof(struct ether_arp); ++ timeout = 1000; ++ datalinks = NULL; ++ ++ /* Just in case... */ ++ if (*pd_ptr != NULL) { ++ pcap_close(*pd_ptr); ++ *pd_ptr = NULL; ++ } ++ ++ *pd_ptr = pcap_open_live(interface_name, snaplen, promiscuous_enable, ++ timeout, errbuf); ++ if (*pd_ptr == NULL) { ++ lg(LOG_ERR, "pcap open %s: %s", interface_name, errbuf); ++ goto fail; ++ } ++ ++ /* Must be able to select an ethernet or fddi datalink */ ++ n_datalinks = pcap_list_datalinks(*pd_ptr, &datalinks); ++ if (n_datalinks < 0) { ++ lg(LOG_ERR, "pcap_list_datalinks %s: %s", interface_name, ++ pcap_geterr(*pd_ptr)); ++ goto fail; ++ } ++ for (datalink_i = 0; datalink_i < n_datalinks; ++datalink_i) { ++ switch (datalinks[datalink_i]) { ++ case DLT_EN10MB: ++ case DLT_FDDI: ++ break; ++ default: ++ continue; /* unsupported; try the next datalink */ ++ } ++ if (pcap_set_datalink(*pd_ptr, datalinks[datalink_i]) != 0) { ++ lg(LOG_ERR, "pcap_set_datalink %s %d: %s", ++ interface_name, datalinks[datalink_i], ++ pcap_geterr(*pd_ptr)); ++ continue; ++ } ++ break; /* success */ ++ } ++ if (datalink_i >= n_datalinks) { ++ lg(LOG_ERR, "no ethernet or fddi datalink for %s", ++ interface_name); ++ goto fail; ++ } ++ ++ free(datalinks); ++ return 1; /* success */ ++ ++fail: ++ if (*pd_ptr != NULL) { ++ pcap_close(*pd_ptr); ++ *pd_ptr = NULL; ++ } ++ free(datalinks); ++ return 0; /* failure */ ++} ++ + /* Process an ethernet arp/rarp packet */ + void + process_ether(u_char *u, const struct pcap_pkthdr *h, const u_char *p) diff --git a/SPECS/arpwatch/1007-arpwatch-3.3-c99.patch b/SPECS/arpwatch/1007-arpwatch-3.3-c99.patch new file mode 100644 index 0000000000..c2b6c35c7a --- /dev/null +++ b/SPECS/arpwatch/1007-arpwatch-3.3-c99.patch @@ -0,0 +1,26 @@ +From: Fedora Project +Source: https://src.fedoraproject.org/rpms/arpwatch +Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2166336 + +Replace _getshort(), “a glibc function that hasn't been declared in the +installed headers for many, many years,” with ns_get16(). Fixes C99 +compatibility (https://bugzilla.redhat.com/show_bug.cgi?id=2166336). Sent +upstream by email 2023-02-01. + +diff --git a/dns.c b/dns.c +index 82106e1244f94aec..75cc27b6775649f7 100644 +--- a/dns.c ++++ b/dns.c +@@ -115,10 +115,10 @@ gethinfo(char *hostname, char *cpu, int cpulen, char *os, int oslen) + (u_char *)cp, (char *)bp, buflen)) < 0) + break; + cp += n; +- type = _getshort(cp); ++ type = ns_get16(cp); + cp += sizeof(u_short); /* class */ + cp += sizeof(u_short) + sizeof(u_int32_t); +- n = _getshort(cp); ++ n = ns_get16(cp); + cp += sizeof(u_short); + if (type == T_HINFO) { + /* Unpack */ diff --git a/SPECS/arpwatch/arp2ethers.8 b/SPECS/arpwatch/arp2ethers.8 new file mode 100644 index 0000000000..06fd34432d --- /dev/null +++ b/SPECS/arpwatch/arp2ethers.8 @@ -0,0 +1,53 @@ +.Dd 8 November 2020 +.Dt ARP2ETHERS 8 +.Sh NAME +.Nm arp2ethers +.Nd convert arpwatch address database to ethers file format +.Sh SYNOPSIS +.Nm +.Sh DESCRIPTION +.Nm +converts file +.Ar arp.dat +in the current directory into +.Xr ethers 5 +format on +.Ar stdout . +Usually +.Ar arp.dat +is an ethernet/ip database file generated by +.Xr arpwatch 8 . +The +.Xr arpwatch 8 +daemon will create different +.Ar arp.dat +depending on its configuration, i.e., the +.Fl f +flag. +All of them will be available at +.Ar /var/lib/arpwatch . +.Sh FILES +.Bl -tag -width ".Pa /var/lib/arpwatch" -compact +.It Pa /var/lib/arpwatch +default directory +.It Pa arp.dat +default ethernet/ip address database +.Sh "SEE ALSO" +.Xr arpwatch 8 , +.Xr ethers 5 , +.Xr rarp 8 , +.Xr arp 8 +.Sh AUTHORS +.An Craig Leres +of the Lawrence Berkeley National Laboratory Network Research Group, +University of California, Berkeley, CA. +.Pp +The current version is available via anonymous ftp: +.Pp +.Dl Ar ftp://ftp.ee.lbl.gov/arpwatch.tar.gz +.Pp +This manual page was contributed by Hugo Graumann and modified by Benjamin +Beasley. +.Sh BUGS +Please send bug reports to +.Aq arpwatch@ee.lbl.gov . diff --git a/SPECS/arpwatch/arpwatch.service b/SPECS/arpwatch/arpwatch.service new file mode 100644 index 0000000000..be36861191 --- /dev/null +++ b/SPECS/arpwatch/arpwatch.service @@ -0,0 +1,26 @@ +[Unit] +Description=Arpwatch daemon which keeps track of ethernet/ip address pairings +After=syslog.target network-online.target +Wants=network-online.target +Documentation=man:arpwatch(8) +[Service] +Type=simple +PrivateTmp=yes +EnvironmentFile=-/etc/sysconfig/arpwatch +ExecStart=/usr/sbin/arpwatch -u arpwatch -F $OPTIONS +Restart=on-failure + +ProtectProc=invisible +CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN CAP_SETGID CAP_SETUID +ProtectSystem=full +ProtectHome=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectControlGroups=true +RestrictSUIDSGID=true +SystemCallFilter=@system-service +SystemCallFilter=~@aio @chown @clock @ipc @keyring @memlock @resources +SystemCallArchitectures=native +[Install] +WantedBy=multi-user.target diff --git a/SPECS/arpwatch/arpwatch.spec b/SPECS/arpwatch/arpwatch.spec new file mode 100644 index 0000000000..a7749edced --- /dev/null +++ b/SPECS/arpwatch/arpwatch.spec @@ -0,0 +1,154 @@ +# SPDX-FileCopyrightText: (C) 2026 Institute of Software, Chinese Academy of Sciences (ISCAS) +# SPDX-FileCopyrightText: (C) 2026 openRuyi Project Contributors +# SPDX-FileContributor: Li Guan +# +# SPDX-License-Identifier: MulanPSL-2.0 + +%global pkgstatedir %{_localstatedir}/lib/arpwatch + +Name: arpwatch +Version: 3.9 +Release: %autorelease +Summary: Network monitoring tools for tracking IP addresses on a network +License: BSD-3-Clause +URL: https://ee.lbl.gov/ +#!RemoteAsset: sha256:832d20a5a508d9694a84a17e2627de3b3aa8b42b19ebdd97e264c511168f6eb4 +Source0: https://ee.lbl.gov/downloads/arpwatch/arpwatch-%{version}.tar.gz +Source1: arpwatch.service +Source2: arpwatch.sysconfig +Source3: arp2ethers.8 +Source4: massagevendor.8 +Source5: arpwatch.sysusers +BuildSystem: autotools + +BuildOption(conf): --with-sendmail=msmtp PYTHON=%{python3} +BuildOption(conf): CPPFLAGS="${CPPFLAGS-} +BuildOption(conf): -DTIME_WITH_SYS_TIME=1" +BuildOption(build): ARPDIR=%{pkgstatedir} + +Patch1000: 1000-arpwatch-3.1-man-references.patch +Patch1001: 1001-arpwatch-3.2-change-user.patch +Patch1002: 1002-arpwatch-3.9-no-usr-local-path.patch +Patch1003: 1003-arpwatch-3.1-configure-no-local-pcap.patch +Patch1004: 1004-arpwatch-3.1-all-zero-bogon.patch +Patch1005: 1005-arpwatch-3.5-exitcode.patch +Patch1006: 1006-arpwatch-3.5-devlookup.patch +Patch1007: 1007-arpwatch-3.3-c99.patch + +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +BuildRequires: make +BuildRequires: msmtp +BuildRequires: systemd-rpm-macros +BuildRequires: pkgconfig(python3) +BuildRequires: pkgconfig(libpcap) + +Requires: msmtp +Requires: python3 +Requires(pre): systemd + +%description +arpwatch is a tool for monitoring Address Resolution Protocol (ARP) +traffic on a network. It tracks IP addresses and their associated MAC addresses, +providing alerts when changes occur. This can help network administrators detect +potential security issues, such as ARP spoofing or unauthorized devices on the network. + +%prep -a +sed --regexp-extended --in-place 's|(-f *)([^[:blank:]+]\.awk)|\1%{_datadir}/arpwatch/\2|' arp2ethers +sed --regexp-extended --in-place 's|/usr/local/arpwatch|%{pkgstatedir}|g' *.8.in *.sh.in *.sh +awk '/^ \* / { print substr($0, 4); } /^ \*\// { exit }' arpwatch.c | tee LICENSE + +%conf -p +autoreconf -fiv + +%install +install -D --preserve-timestamps --mode 0644 %{SOURCE5} \ + '%{buildroot}%{_sysusersdir}/arpwatch.conf' + +# The upstream Makefile does not create the directories it requires, so we must +# do it manually. Additionally, it attempts to comment out the installation of +# the init script on non-FreeBSD platforms, but this does not quite work as +# intended. We just let it install the file, then remove it afterwards. +install --directory \ + %{buildroot}%{_datadir}/arpwatch \ + %{buildroot}%{_mandir}/man8 \ + %{buildroot}%{_prefix}/etc/rc.d \ + %{buildroot}%{_sbindir} \ + %{buildroot}%{_unitdir} \ + %{buildroot}%{pkgstatedir} + +%make_install +# Make install uses mode 0555, which is unconventional, and which can interfere +# with debuginfo generation since the file is not writable by its owner. +chmod --verbose 0755 %{buildroot}%{_sbindir}/arp{snmp,watch} + +install --preserve-timestamps --mode 0644 \ + --target %{buildroot}%{_datadir}/arpwatch *.awk +install --preserve-timestamps \ + --target %{buildroot}%{_sbindir} arp2ethers +install --preserve-timestamps massagevendor.py \ + %{buildroot}%{_sbindir}/massagevendor + +touch %{buildroot}%{pkgstatedir}/arp.dat \ + %{buildroot}%{pkgstatedir}/arp.dat- \ + %{buildroot}%{pkgstatedir}/arp.dat.new + +install --preserve-timestamps --mode 0644 \ + --target %{buildroot}%{_unitdir} %{SOURCE1} + +# Add an environment/sysconfig file: +install --directory %{buildroot}%{_sysconfdir}/sysconfig +install --preserve-timestamps --mode 0644 \ + %{SOURCE2} %{buildroot}%{_sysconfdir}/sysconfig/arpwatch + +# Add extra man pages not provided upstream: +install --preserve-timestamps --mode 0644 \ + --target %{buildroot}%{_mandir}/man8 %{SOURCE3} %{SOURCE4} + +# Remove legacy init scripts: +rm --recursive --verbose %{buildroot}%{_prefix}/etc/rc.d + +# No tests. +%check + +%pre +%sysusers_create_package %{name} %{SOURCE5} + +%post +%systemd_post arpwatch.service + +%preun +%systemd_preun arpwatch.service + +%postun +%systemd_postun_with_restart arpwatch.service + +%files +%doc README CHANGES arpfetch +%license LICENSE + +%{_sbindir}/arpwatch +%{_sbindir}/arpsnmp +# manually-installed scripts +%{_sbindir}/arp2ethers +%{_sbindir}/massagevendor + +%dir %{_datadir}/arpwatch +%{_datadir}/arpwatch/{d,duplicates,e,euppertolower,p}.awk + +# make install uses mode 0444, which is unconventional +%attr(0644,-,-) %{_mandir}/man8/arp{2ethers,snmp,watch}.8* +%attr(0644,-,-) %{_mandir}/man8/massagevendor.8* + +%{_unitdir}/arpwatch.service +%{_sysusersdir}/arpwatch.conf +%config(noreplace) %{_sysconfdir}/sysconfig/arpwatch + +%attr(1775,-,arpwatch) %dir %{pkgstatedir} +%attr(0644,arpwatch,arpwatch) %verify(not md5 size mtime) %config(noreplace) %{pkgstatedir}/arp.dat +%attr(0644,arpwatch,arpwatch) %verify(not md5 size mtime) %config(noreplace) %{pkgstatedir}/arp.dat- +%attr(0600,arpwatch,arpwatch) %verify(not md5 size mtime) %ghost %{pkgstatedir}/arp.dat.new + +%changelog +%autochangelog diff --git a/SPECS/arpwatch/arpwatch.sysconfig b/SPECS/arpwatch/arpwatch.sysconfig new file mode 100644 index 0000000000..1dfdb3d855 --- /dev/null +++ b/SPECS/arpwatch/arpwatch.sysconfig @@ -0,0 +1,2 @@ +# See arpwatch(8) for more information on available options. +OPTIONS=-C diff --git a/SPECS/arpwatch/arpwatch.sysusers b/SPECS/arpwatch/arpwatch.sysusers new file mode 100644 index 0000000000..d66468b35a --- /dev/null +++ b/SPECS/arpwatch/arpwatch.sysusers @@ -0,0 +1,2 @@ +#Type Name ID GECOS Home directory Shell +u arpwatch - "Service user for arpwatch" /var/lib/arpwatch /sbin/nologin diff --git a/SPECS/arpwatch/massagevendor.8 b/SPECS/arpwatch/massagevendor.8 new file mode 100644 index 0000000000..07770cb0af --- /dev/null +++ b/SPECS/arpwatch/massagevendor.8 @@ -0,0 +1,94 @@ +.Dd 8 November 2020 +.Dt MASSAGEVENDOR 8 +.Sh NAME +.Nm massagevendor +.Nd convert the ethernet vendor codes master list to arpwatch format +.Sh SYNOPSIS +.Nm +.Op Fl CdhvZ +.Op Fl -vendor +.Op Ar csv +.Sh DESCRIPTION +.Nm +is a program that converts a text file containing ethernet vendor codes into a +format suitable for use by +.Xr arpwatch 8 +and +.Xr arpsnmp 8 . +The input +.Ar csv +is a master CSV (comma-separated-value) file containing vendor codes. +The output is sent to +.Ar stdout . +.Pp +All ethernet devices have a unique identifier which includes a vendor code +specifying the manufacturer of the device. +In normal operation +.Xr arpwatch 8 +and +.Xr arpsnmp 8 +use the file +.Ar ethercodes.dat +to report this vendor code. +.Nm +is used to generate the +.Ar ethercodes.dat +file from CSV files containing these vendor codes. +.Pp +Locations where an ethernet vendor codes master text file can be obtained are +given below. +.Pp +The +.Fl C +flag (default) uses compact padded ethernet addresses in +.Ar ethercodes.dat , +e.g. 0:8:e1:1:2:d6; this is the default. +.Pp +The +.Fl d +flag is used to enable debugging. +.Pp +The +.Fl v +flag is used to enable verbose messages. +.Pp +The +.Fl Z +flag uses zero padded ethernet addresses in +.Ar ethercodes.dat , +e.g. 00:08:e1:01:02:d6. +.Pp +The +.Fl h +flag shows a help message and exits. +.Pp +The +.Fl -version +option shows the program version number and exits. +.Sh FILES +.Bl -tag -width ".Pa /var/lib/arpwatch" -compact +.It Pa /var/lib/arpwatch +default location of the ethernet vendor list +.It Pa ethercodes.dat +file containing the list of ethernet vendor codes +.Sh "SEE ALSO" +.Xr arpwatch 8 , +.Xr arpsnmp 8 +.Sh NOTES +The ethernet vendor codes as assigned by the IEEE can be found at: +.Pp +.Dl Ar https://standards-oui.ieee.org/oui/oui.csv +.Sh AUTHORS +.An Craig Leres +of the Lawrence Berkeley National Laboratory Network Research Group, +University of California, Berkeley, CA. +.Pp +The current version is available via anonymous ftp: +.Pp +.Dl Ar ftp://ftp.ee.lbl.gov/arpwatch.tar.gz +.Pp +This manual page was contributed by Hugo Graumann and updated by Benjamin +Beasley. +.Sh BUGS +Please send bug reports to +.Aq arpwatch@ee.lbl.gov .