SPECS: add arpwatch and msmtp.

SPECS/arpwatch/1000-arpwatch-3.1-man-references.patch

@@ -0,0 +1,79 @@
+From: Fedora Project
+Source: https://src.fedoraproject.org/rpms/arpwatch
+
+Fix section numbers in man page cross-references. With minor changes, this
+patch dates all the way back to arpwatch-2.1a4-man.patch, from RHBZ#15442.
+
+diff -Naur arpwatch-3.1-original/arpsnmp.8.in arpwatch-3.1/arpsnmp.8.in
+--- arpwatch-3.1-original/arpsnmp.8.in	2019-12-01 14:01:07.000000000 -0500
++++ arpwatch-3.1/arpsnmp.8.in	2020-11-05 15:13:01.296113145 -0500
+@@ -45,7 +45,7 @@
+ and reports certain changes via email.
+ .Nm
+ reads information from a file (usually generated by
+-.Xr snmpwalk 3 ) .
++.Xr snmpwalk 1 ) .
+ .Pp
+ The format of the input file is the same as
+ .Ar arp.dat ;
+@@ -119,9 +119,9 @@
+ .Pp
+ .Sh "REPORT MESSAGES"
+ See the
+-.Xr arpwatch 1
++.Xr arpwatch 8
+ man page for details on the report messages generated by
+-.Xr arpsnmp 1 .
++.Xr arpsnmp 8 .
+ .Sh FILES
+ .Bl -tag -width ".Pa /usr/local/arpwatch" -compact
+ .It Pa /usr/local/arpwatch
+@@ -132,7 +132,7 @@
+ vendor ethernet block list
+ .Sh "SEE ALSO"
+ .Xr arpwatch 8 ,
+-.Xr snmpwalk 8 ,
++.Xr snmpwalk 1 ,
+ .Xr arp 8 ,
+ .Sh AUTHORS
+ .An Craig Leres
+diff -Naur arpwatch-3.1-original/arpwatch.8.in arpwatch-3.1/arpwatch.8.in
+--- arpwatch-3.1-original/arpwatch.8.in	2019-12-01 14:01:07.000000000 -0500
++++ arpwatch-3.1/arpwatch.8.in	2020-11-05 15:14:12.117564292 -0500
+@@ -117,9 +117,9 @@
+ .Fl r
+ flag is used to specify a savefile
+ (perhaps created by
+-.Xr tcpdump 1
++.Xr tcpdump 8
+ or
+-.Xr pcapture 1 )
++.Xr pcapture 8 )
+ to read from instead
+ of reading from the network. In this case
+ .Nm
+@@ -163,9 +163,9 @@
+ .Pp
+ .Sh "REPORT MESSAGES"
+ Here's a quick list of the report messages generated by
+-.Xr arpwatch 1
++.Xr arpwatch 8
+ (and
+-.Xr arpsnmp 1 ) :
++.Xr arpsnmp 8 ) :
+ .Pp
+ .Bl -tag -width xxx
+ .It Ic "new activity"
+@@ -216,9 +216,9 @@
+ .Sh "SEE ALSO"
+ .Xr arpsnmp 8 ,
+ .Xr arp 8 ,
+-.Xr bpf 4 ,
+-.Xr tcpdump 1 ,
+-.Xr pcapture 1 ,
++.Xr bpf 2 ,
++.Xr tcpdump 8 ,
++.Xr pcapture 8 ,
+ .Xr pcap 3
+ .Sh AUTHORS
+ .An Craig Leres

SPECS/arpwatch/1001-arpwatch-3.2-change-user.patch

@@ -0,0 +1,149 @@
+From: Fedora Project
+Source: https://src.fedoraproject.org/rpms/arpwatch
+
+Add, and document, a -u argument to change to a specified unprivileged user
+after establishing sockets.
+
+This patch rebases and combines arpwatch-drop.patch, which provided -u;
+arpwatch-drop-man.patch, which documented it; and
+arpwatch-2.1a15-dropgroup.patch, which fixed CVE-2012-2653 (RHBZ #825328) in
+the original arpwatch-drop.patch, into a single combined patch. It also removes
+an unnecessary and unchecked strdup() in the original patch that could have
+theoretically led to a null pointer dereference.
+
+diff -Naur arpwatch-3.2-original/arpwatch.8.in arpwatch-3.2/arpwatch.8.in
+--- arpwatch-3.2-original/arpwatch.8.in	2021-12-14 19:47:54.000000000 -0500
++++ arpwatch-3.2/arpwatch.8.in	2021-12-16 08:18:21.803266980 -0500
+@@ -43,6 +43,7 @@
+ .Op Fl n Ar net[/width]
+ .Op Fl x Ar net[/width]
+ .Op Fl r Ar file
++.Op Fl u Ar username
+ .Sh DESCRIPTION
+ .Nm
+ keeps track of ethernet/ip address pairings. It syslogs activity
+@@ -137,13 +138,30 @@
+ Note that an empty
+ .Ar arp.dat
+ file must be created before the first time you run
+-.Fl arpwatch .
++.Nm .
++Also, the default directory (where
++.Ar arp.dat
++is stored) must be owned by
++.Ar username
++if the
++.Fl u
++flag is used.
+ .Pp
+ The
+ .Fl s
+ flag suppresses reports sent by email.
+ .Pp
+ The
++.Fl u
++flag causes
++.Nm
++to drop root privileges and change user ID to
++.Ar username
++and group ID to that of the primary group of
++.Ar username .
++This is recommended for security reasons.
++.Pp
++The
+ .Fl v
+ flag disables the reporting of VRRP/CARP ethernet prefixes as
+ described in RFC5798 (@MACZERO@0:@MACZERO@0:5e:@MACZERO@0:@MACZERO@1:xx).
+diff -Naur arpwatch-3.2-original/arpwatch.c arpwatch-3.2/arpwatch.c
+--- arpwatch-3.2-original/arpwatch.c	2019-11-30 13:35:23.000000000 -0500
++++ arpwatch-3.2/arpwatch.c	2021-12-16 08:18:21.812267045 -0500
+@@ -72,6 +72,8 @@
+ #include <syslog.h>
+ #include <unistd.h>
+
++#include <grp.h>
++#include <pwd.h>
+ #include <pcap.h>
+
+ #include "gnuc.h"
+@@ -170,6 +172,24 @@
+ int	toskip(u_int32_t);
+ void	usage(void) __attribute__((noreturn));
+
++void dropprivileges(const char* user)
++{
++	struct passwd* const pw = getpwnam(user);
++	if (pw) {
++		if (setgid(pw->pw_gid) != 0 || setgroups(0, NULL) != 0 ||
++				setuid(pw->pw_uid) != 0) {
++			lg(LOG_ERR, "Couldn't change to '%.32s' uid=%d gid=%d",
++				       user, pw->pw_uid, pw->pw_gid);
++			exit(1);
++		}
++	} else {
++		lg(LOG_ERR, "Couldn't find user '%.32s' in /etc/passwd",
++			       user);
++		exit(1);
++	}
++	lg(LOG_DEBUG, "Running as uid=%d gid=%d", getuid(), getgid());
++}
++
+ int
+ main(int argc, char **argv)
+ {
+@@ -181,6 +201,7 @@
+ 	char *interface, *rfilename;
+ 	struct bpf_program code;
+ 	char errbuf[PCAP_ERRBUF_SIZE];
++	char* serveruser = NULL;
+
+ 	if (argv[0] == NULL)
+ 		prog = "arpwatch";
+@@ -198,7 +219,7 @@
+ 	interface = NULL;
+ 	rfilename = NULL;
+ 	pd = NULL;
+-	while ((op = getopt(argc, argv, "CdD:Ff:i:n:NpP:qr:svw:W:x:zZ")) != EOF)
++	while ((op = getopt(argc, argv, "CdD:Ff:i:n:NpP:qr:svw:W:x:zZu:")) != EOF)
+ 		switch (op) {
+
+ 		case 'C':
+@@ -283,6 +304,17 @@
+ 			zeropad = 1;
+ 			break;
+
++		case 'u':
++			if (optarg) {
++				/* no need to strdup() a pointer into the
++				 * original arguments vector */
++				serveruser = optarg;
++			} else {
++				fprintf(stderr, "%s: Need username after -u\n", prog);
++				usage();
++			}
++			break;
++
+ 		default:
+ 			usage();
+ 		}
+@@ -379,6 +411,11 @@
+ 		}
+ 	}
+
++	/* Explicit user change (privilege drop) with -u? */
++	if (serveruser) {
++		dropprivileges(serveruser);
++	}
++
+ 	/*
+ 	 * Revert to non-privileged user after opening sockets
+ 	 * (not needed on most systems).
+@@ -927,6 +964,7 @@
+ 	    "usage: %s [-CdFNpqsvzZ] [-D arpdir] [-f datafile]"
+ 	    " [-i interface]\n\t"
+ 	    " [-P pidfile] [-w watcher@email] [-W watchee@email]\n\t"
+-	    " [-n net[/width]] [-x net[/width]] [-r file]\n", prog);
++	    " [-n net[/width]] [-x net[/width]] [-r file] [-u username]\n",
++	    prog);
+ 	exit(1);
+ }

SPECS/arpwatch/1002-arpwatch-3.9-no-usr-local-path.patch

@@ -0,0 +1,43 @@
+From: Fedora Project
+Source: https://src.fedoraproject.org/rpms/arpwatch
+
+Do not add /usr/local/bin or /usr/local/sbin to the PATH in any scripts.
+
+diff -Naur arpwatch-3.9-original/arpfetch arpwatch-3.9/arpfetch
+--- arpwatch-3.9-original/arpfetch	2013-02-16 08:10:28.000000000 +0000
++++ arpwatch-3.9/arpfetch	2025-10-23 23:27:24.285711332 +0100
+@@ -4,8 +4,6 @@
+ # arpfetch - collect arp data from a cisco using net-snmp
+ #
+
+-export PATH="/usr/local/bin:${PATH}"
+-
+ prog=`basename $0`
+
+ if [ $# -ne 2 ]; then
+diff -Naur arpwatch-3.9-original/bihourly.sh arpwatch-3.9/bihourly.sh
+--- arpwatch-3.9-original/bihourly.sh	2016-09-17 03:40:54.000000000 +0100
++++ arpwatch-3.9/bihourly.sh	2025-10-23 23:27:24.285849999 +0100
+@@ -3,9 +3,6 @@
+ #
+ #  bihourly arpwatch job
+ #
+-PATH=${PATH}:/usr/local/sbin
+-export PATH
+-#
+ cd /usr/local/arpwatch
+ #
+ list="`cat list`"
+diff -Naur arpwatch-3.9-original/update-ethercodes.sh.in arpwatch-3.9/update-ethercodes.sh.in
+--- arpwatch-3.9-original/update-ethercodes.sh.in	2025-10-23 20:32:08.000000000 +0100
++++ arpwatch-3.9/update-ethercodes.sh.in	2025-10-23 23:27:50.579194300 +0100
+@@ -6,9 +6,6 @@
+
+ prog="`basename $0`"
+
+-PATH=/usr/local/bin:${PATH}
+-export PATH
+-
+ t1=`mktemp /tmp/${prog}.1.XXXXXX`
+
+ trap 'rm -f ${t1}; exit 1' 1 2 3 15 EXIT

SPECS/arpwatch/1003-arpwatch-3.1-configure-no-local-pcap.patch

@@ -0,0 +1,18 @@
+From: Fedora Project
+Source: https://src.fedoraproject.org/rpms/arpwatch
+
+Do not attempt to search for local libpcap libraries lying around in the parent
+of the build directory, or anywhere else random. This is not expected to
+succeed anyway, but it is better to be sure.
+
+diff -Naur arpwatch-3.1-original/configure arpwatch-3.1/configure
+--- arpwatch-3.1-original/configure	2020-04-05 20:22:04.000000000 -0400
++++ arpwatch-3.1/configure	2020-11-07 11:59:40.114550004 -0500
+@@ -5437,6 +5437,7 @@
+     places=`ls .. | sed -e 's,/$,,' -e 's,^,../,' | \
+ 	egrep '/libpcap-[0-9]*\.[0-9]*(\.[0-9]*)?([ab][0-9]*)?$'`
+     for dir in $places ../libpcap libpcap ; do
++	    break
+ 	    basedir=`echo $dir | sed -e 's/[ab][0-9]*$//'`
+ 	    if test $lastdir = $basedir ; then
+ 		    		    continue;

SPECS/arpwatch/1004-arpwatch-3.1-all-zero-bogon.patch

@@ -0,0 +1,25 @@
+From: Fedora Project
+Source: https://src.fedoraproject.org/rpms/arpwatch
+
+RHBZ #244606: Correctly handle -n 0/32 to allow the user to disable reporting
+bogons from 0.0.0.0.
+
+diff -Naur arpwatch-3.1-original/arpwatch.c arpwatch-3.1/arpwatch.c
+--- arpwatch-3.1-original/arpwatch.c	2019-11-30 13:35:23.000000000 -0500
++++ arpwatch-3.1/arpwatch.c	2020-11-07 12:10:53.357839069 -0500
+@@ -814,10 +814,12 @@
+
+ 	/* XXX hack */
+ 	n = ntohl(inet_addr(tstr));
+-	while ((n & 0xff000000) == 0) {
+-		n <<= 8;
+-		if (n == 0)
+-			return (0);
++	if (n || width != 32) {
++		while ((n & 0xff000000) == 0) {
++			n <<= 8;
++			if (n == 0)
++				return (0);
++		}
+ 	}
+ 	n = htonl(n);

SPECS/arpwatch/1005-arpwatch-3.5-exitcode.patch

@@ -0,0 +1,18 @@
+From: Fedora Project
+Source: https://src.fedoraproject.org/rpms/arpwatch
+
+When arpwatch is terminated cleanly by a signal (INT/TERM/HUP) handler, the
+exit code should be zero for success instead of nonzero for failure.
+
+diff -Naur arpwatch-3.5-original/arpwatch.c arpwatch-3.5/arpwatch.c
+--- arpwatch-3.5-original/arpwatch.c	2023-12-03 13:10:05.000000000 -0500
++++ arpwatch-3.5/arpwatch.c	2023-12-03 20:04:01.834691097 -0500
+@@ -915,7 +915,7 @@
+ {
+ 	lg(LOG_DEBUG, "exiting");
+ 	checkpoint(0);
+-	exit(1);
++	exit(0);
+ }
+
+ void