import arpwatch-2.1a15-42.el8

.arpwatch.metadata

@@ -0,0 +1,2 @@
+9dffaec0f132e5bb7aedfc840c5c67068bfbce69 SOURCES/arpwatch-2.1a15.tar.gz
+cc6e8ac77f799dd09cd5ff7bf7db235788a0d942 SOURCES/ethercodes-20110707.dat.bz2

.gitignore

@@ -0,0 +1,2 @@
+SOURCES/arpwatch-2.1a15.tar.gz
+SOURCES/ethercodes-20110707.dat.bz2

SOURCES/arpwatch-2.1a10-man.patch

@@ -0,0 +1,33 @@
+diff -uNr arpwatch-2.1a10/arpsnmp.8 arpwatch-2.1a10.man/arpsnmp.8
+--- arpwatch-2.1a10/arpsnmp.8	Sun Sep 17 23:34:48 2000
++++ arpwatch-2.1a10.man/arpsnmp.8	Sun Dec 31 02:00:54 2000
+@@ -41,7 +41,7 @@
+ and reports certain changes via email.
+ .B Arpsnmp
+ reads information from a file (usually generated by
+-.BR snmpwalk (8)).
++.BR snmpwalk (1)).
+ .LP
+ The
+ .B -d
+@@ -62,9 +62,9 @@
+ .LP
+ .SH "REPORT MESSAGES"
+ (See the
+-.BR arpwatch (1)
++.BR arpwatch (8)
+ man page for details on the report messages generated by
+-.BR arpsnmp (1).)
++.BR arpsnmp (8).)
+ .SH FILES
+ .na
+ .nh
+@@ -79,7 +79,7 @@
+ .na
+ .nh
+ .BR arpwatch (8),
+-.BR snmpwalk (8),
++.BR snmpwalk (1),
+ .BR arp (8)
+ .ad
+ .hy

SOURCES/arpwatch-2.1a15-bogon.patch

@@ -0,0 +1,20 @@
+--- arpwatch-2.1a15/arpwatch.c.bogon	2007-08-09 13:53:47.000000000 +0200
++++ arpwatch-2.1a15/arpwatch.c	2007-08-09 13:58:17.000000000 +0200
+@@ -730,11 +730,12 @@ addnet(register const char *str)
+ 
+ 	/* XXX hack */
+ 	n = ntohl(inet_addr(tstr));
+-	while ((n & 0xff000000) == 0) {
+-		n <<= 8;
+-		if (n == 0)
+-			return (0);
+-	}
++	if (n || width != 32)
++		while ((n & 0xff000000) == 0) {
++			n <<= 8;
++			if (n == 0)
++				return (0);
++		}
+ 	n = htonl(n);
+ 
+ 	if (width != 0) {

SOURCES/arpwatch-2.1a15-devlookup.patch

@@ -0,0 +1,118 @@
+--- arpwatch-2.1a15-dist/arpwatch.c	2012-07-23 09:55:35.832458313 +0200
++++ arpwatch-2.1a15-new/arpwatch.c	2012-07-24 11:36:59.013953071 +0200
+@@ -161,15 +161,63 @@ void dropprivileges(const char* user)
+ 	syslog(LOG_DEBUG, "Running as uid=%d gid=%d", getuid(), getgid());
+ }
+ 
++char *
++get_first_dev(pcap_t **pd, int *linktype, char *errbuf)
++{
++	static char interface[IF_NAMESIZE + 1];
++	register int snaplen, timeout;
++	pcap_if_t *alldevs;
++	pcap_if_t *dev;
++	char *ret = NULL;
++
++	snaplen = max(sizeof(struct ether_header),
++				  sizeof(struct fddi_header)) + sizeof(struct ether_arp);
++	timeout = 1000;
++
++	if (pcap_findalldevs(&alldevs, errbuf) == -1) {
++		(void)fprintf(stderr, "%s: lookup_device: %s\n",
++					  prog, errbuf);
++		exit(1);
++	}
++
++	for (dev = alldevs; dev; dev = dev->next) {
++		strncpy(interface, dev->name, strlen(dev->name)+1);
++
++		*pd = pcap_open_live(interface, snaplen, 1, timeout, errbuf);
++		if (*pd == NULL) {
++			syslog(LOG_ERR, "pcap open %s: %s, trying next...", interface, errbuf);
++			continue;
++			/* exit(1); */
++		}
++
++		*linktype = pcap_datalink(*pd);
++		/* Must be ethernet or fddi */
++		if (*linktype != DLT_EN10MB && *linktype != DLT_FDDI) {
++			syslog(LOG_ERR, "(%s) Link layer type %d not ethernet or fddi, trying next...",
++				   interface, *linktype);
++			pcap_close(*pd);
++		}
++		else {
++			/* First match, use it */
++			ret = interface;
++			break;
++		}
++
++	}
++	pcap_freealldevs(alldevs);
++	return (ret);
++}
++
+ int
+ main(int argc, char **argv)
+ {
+ 	register char *cp;
+-	register int op, pid, snaplen, timeout, linktype, status;
++	register int op, pid, status;
++	int linktype;
+ #ifdef TIOCNOTTY
+ 	register int fd;
+ #endif
+-	register pcap_t *pd;
++	pcap_t *pd;
+ 	register char *interface, *rfilename;
+ 	struct bpf_program code;
+ 	char errbuf[PCAP_ERRBUF_SIZE];
+@@ -189,6 +237,7 @@ main(int argc, char **argv)
+ 
+ 	opterr = 0;
+ 	interface = NULL;
++	linktype = -1;
+ 	rfilename = NULL;
+ 	pd = NULL;
+ 	while ((op = getopt(argc, argv, "df:i:n:Nr:u:e:s:")) != EOF)
+@@ -264,11 +313,12 @@ main(int argc, char **argv)
+ 		net = 0;
+ 		netmask = 0;
+ 	} else {
++
+ 		/* Determine interface if not specified */
+ 		if (interface == NULL &&
+-		    (interface = pcap_lookupdev(errbuf)) == NULL) {
+-			(void)fprintf(stderr, "%s: lookup_device: %s\n",
+-			    prog, errbuf);
++			(interface = get_first_dev(&pd, &linktype, errbuf)) == NULL) {
++			(void)fprintf(stderr, "%s: lookup_device: no suitable interface found\n",
++						  prog);
+ 			exit(1);
+ 		}
+ 
+@@ -317,10 +367,6 @@ main(int argc, char **argv)
+ 		}
+ 		swapped = pcap_is_swapped(pd);
+ 	} else {
+-		snaplen = max(sizeof(struct ether_header),
+-		    sizeof(struct fddi_header)) + sizeof(struct ether_arp);
+-		timeout = 1000;
+-		pd = pcap_open_live(interface, snaplen, 1, timeout, errbuf);
+ 		if (pd == NULL) {
+ 			syslog(LOG_ERR, "pcap open %s: %s", interface, errbuf);
+ 			exit(1);
+@@ -340,14 +386,6 @@ main(int argc, char **argv)
+ 		dropprivileges( serveruser );
+ 	}
+ 
+-	/* Must be ethernet or fddi */
+-	linktype = pcap_datalink(pd);
+-	if (linktype != DLT_EN10MB && linktype != DLT_FDDI) {
+-		syslog(LOG_ERR, "Link layer type %d not ethernet or fddi",
+-		    linktype);
+-		exit(1);
+-	}
+-
+ 	/* Compile and install filter */
+ 	if (pcap_compile(pd, &code, "arp or rarp", 1, netmask) < 0) {
+ 		syslog(LOG_ERR, "pcap_compile: %s", pcap_geterr(pd));

SOURCES/arpwatch-2.1a15-dropgroup.patch

@@ -0,0 +1,12 @@
+diff -up arpwatch-2.1a15/arpwatch.c.dropgroup arpwatch-2.1a15/arpwatch.c
+--- arpwatch-2.1a15/arpwatch.c.dropgroup	2012-05-31 11:47:13.327901902 +0200
++++ arpwatch-2.1a15/arpwatch.c	2012-05-31 11:48:04.859900061 +0200
+@@ -147,7 +147,7 @@ void dropprivileges(const char* user)
+ 	struct passwd* pw;
+ 	pw = getpwnam( user );
+ 	if ( pw ) {
+-		if ( initgroups(pw->pw_name, NULL) != 0 || setgid(pw->pw_gid) != 0 ||
++		if ( setgid(pw->pw_gid) != 0 || setgroups(0, NULL) != 0 ||
+ 				 setuid(pw->pw_uid) != 0 ) {
+ 			syslog(LOG_ERR, "Couldn't change to '%.32s' uid=%d gid=%d", user,
+ 						 pw->pw_uid, pw->pw_gid);

SOURCES/arpwatch-2.1a15-extraman.patch

@@ -0,0 +1,173 @@
+diff -up arpwatch-2.1a15/Makefile.in.extraman arpwatch-2.1a15/Makefile.in
+--- arpwatch-2.1a15/Makefile.in.extraman	2009-12-14 18:01:27.000000000 +0100
++++ arpwatch-2.1a15/Makefile.in	2010-03-30 15:11:30.000000000 +0200
+@@ -118,6 +118,10 @@ install-man: force
+ 	    $(DESTDIR)$(MANDEST)/man8
+ 	$(INSTALL) -m 644 $(srcdir)/arpsnmp.8 \
+ 	    $(DESTDIR)$(MANDEST)/man8
++	$(INSTALL) -m 644 $(srcdir)/arp2ethers.8 \
++	    $(DESTDIR)$(MANDEST)/man8
++	$(INSTALL) -m 644 $(srcdir)/massagevendor.8 \
++	    $(DESTDIR)$(MANDEST)/man8
+ 
+ lint:	$(GENSRC) force
+ 	lint -hbxn $(SRC) | \
+diff -up arpwatch-2.1a15/arp2ethers.8.extraman arpwatch-2.1a15/arp2ethers.8
+--- arpwatch-2.1a15/arp2ethers.8.extraman	2010-03-30 15:12:37.000000000 +0200
++++ arpwatch-2.1a15/arp2ethers.8	2010-03-30 15:53:01.000000000 +0200
+@@ -0,0 +1,60 @@
++.TH ARP2ETHERS 8
++.SH NAME
++arp2ethers \- convert arpwatch address database to ethers file format
++.SH SYNOPSIS
++.na
++.B arp2ethers
++.ad
++.SH "DESCRIPTION"
++.B arp2ethers
++converts file
++.IR arp.dat
++in the current directory into
++.BR ethers(5)
++format on
++.IR stdout .
++Usually
++.IR arp.dat
++is an ethernet/ip database file generated by
++.BR arpwatch(8) .
++The arpwatch daemon in Debian will create different 
++.IR arp.dat
++depending on its configuration. All of them will be available at 
++.IR /var/lib/arpwatch/ .
++.SH FILES
++.na
++.nh
++.nf
++/var/lib/arpwatch - default directory for arp.dat
++arp.dat - ethernet/ip address database
++.ad
++.hy
++.fi
++.SH "SEE ALSO"
++.na
++.nh
++.BR arpwatch (8),
++.BR ethers (5),
++.BR rarp (8),
++.BR arp (8),
++.ad
++.hy
++.SH BUGS
++Please send bug reports to arpwatch@ee.lbl.gov.
++.SH AUTHORS
++.LP
++Original version by Craig Leres of the Lawrence Berkeley
++National Laboratory Network Research Group, University of
++California, Berkeley, CA.
++.LP
++Modified for the Debian Project by Peter Kelemen, with
++additions from Erik Warmelink.
++.LP
++The current version is available via anonymous ftp:
++.LP
++.RS
++.I ftp://ftp.ee.lbl.gov/arpwatch.tar.gz
++.RE
++.LP
++This manual page was contributed by Hugo Graumann.
++
+diff -up arpwatch-2.1a15/massagevendor.8.extraman arpwatch-2.1a15/massagevendor.8
+--- arpwatch-2.1a15/massagevendor.8.extraman	2010-03-30 15:15:18.000000000 +0200
++++ arpwatch-2.1a15/massagevendor.8	2010-03-30 15:15:18.000000000 +0200
+@@ -0,0 +1,91 @@
++.TH MASSAGEVENDOR 8
++.SH NAME
++massagevendor \- convert the ethernet vendor codes master list to arpwatch format
++.SH SYNOPSIS
++.na
++massagevendor
++.I vendorfile
++.SH "DESCRIPTION"
++.B massagevendor
++is a program that converts a text file containing ethernet vendor codes
++into a format suitable for use by
++.B arpwatch(8)
++and
++.B arpsnmp(8).
++The input
++.I vendorfile
++is a master text file containing vendor codes. The output
++is sent to
++.I stdout.
++Each line of the
++.I vendorfile
++is expected to have a six digit hexadecimal vendor code
++followed by spaces followed by the name of the manufacturer.
++.LP
++All ethernet devices have a unique identifier which
++includes a vendor code specifying the manufacturer of the
++device. In normal operation
++.B arpwatch(8)
++and
++.B arpsnmp(8)
++use the file
++.I ethercodes.dat
++to report this vendor code.
++.B massagevendor
++is used to generate the
++.I ethercodes.dat
++file from text files containing these vendor codes.
++.LP
++Locations where an ethernet vendor codes master text file
++can be obtained are given below.
++.SH FILES
++.na
++.nh
++.nf
++/var/lib/arpwatch - default location of the ethernet vendor list
++ethercodes.dat - file containing the list of ethernet vendor codes
++.ad
++.hy
++.fi
++.SH "SEE ALSO"
++.na
++.nh
++.BR arpwatch(8),
++.BR arpsnmp(8)
++.ad
++.hy
++.SH NOTES
++Sources for ethernet vendor codes seen in the wild are
++.LP
++.na
++.nh
++.nf
++.RS
++.I http://map-ne.com/Ethernet/vendor.html
++.I ftp://ftp.cavebear.com/pub/Ethernet.txt
++.I http://www.cavebear.com/CaveBear/Ethernet/vendor.html
++.RE
++.ad
++.hy
++.LP
++Useful for comparison or completeness are the
++ethernet vendor codes as assigned
++by the IEEE which can be found at
++.LP
++.RS
++.I http://standards.ieee.org/regauth/oui/oui.txt
++.RE
++.SH BUGS
++Please send bug reports to arpwatch@ee.lbl.gov.
++.SH AUTHORS
++Craig Leres of the
++Lawrence Berkeley National Laboratory Network Research Group,
++University of California, Berkeley, CA.
++.LP
++The current version is available via anonymous ftp:
++.LP
++.RS
++.I ftp://ftp.ee.lbl.gov/arpwatch.tar.gz
++.RE
++.LP
++This manual page was contributed by Hugo Graumann.

SOURCES/arpwatch-2.1a15-lookupiselect.patch

@@ -0,0 +1,103 @@
+Note by jsynacek:
+This patch should be rewritten. There's no reason to be using a static variable
+and returning its content from a function (in iterate_dev()). Also, some things
+should be simplified (like iterate_dev()).
+
+diff -up ./arpwatch.c.iselect ./arpwatch.c
+--- ./arpwatch.c.iselect	2012-10-15 16:01:24.701335291 +0200
++++ ./arpwatch.c	2012-10-15 16:07:18.626322639 +0200
+@@ -162,50 +162,52 @@ void dropprivileges(const char* user)
+ }
+ 
+ char *
+-get_first_dev(pcap_t **pd, int *linktype, char *errbuf)
++try_dev(char *interface, pcap_t **pd, int *linktype, char *errbuf)
+ {
+-	static char interface[IF_NAMESIZE + 1];
+ 	register int snaplen, timeout;
+-	pcap_if_t *alldevs;
+-	pcap_if_t *dev;
+-	char *ret = NULL;
+ 
+ 	snaplen = max(sizeof(struct ether_header),
+ 				  sizeof(struct fddi_header)) + sizeof(struct ether_arp);
+ 	timeout = 1000;
+ 
+-	if (pcap_findalldevs(&alldevs, errbuf) == -1) {
+-		(void)fprintf(stderr, "%s: lookup_device: %s\n",
+-					  prog, errbuf);
+-		exit(1);
++	*pd = pcap_open_live(interface, snaplen, 1, timeout, errbuf);
++	if (NULL == *pd) {
++		syslog(LOG_ERR, "pcap open %s: %s", interface,  errbuf);
++		return NULL;
+ 	}
++	*linktype = pcap_datalink(*pd);
++	/* Must be ethernet or fddi */
++	if (*linktype != DLT_EN10MB && *linktype != DLT_FDDI) {
++		syslog(LOG_ERR, "(%s) Link layer type %d not ethernet or fddi",
++			   interface, *linktype);
++		pcap_close(*pd);
++		return NULL;
++	}
++	return interface;
++}
+ 
+-	for (dev = alldevs; dev; dev = dev->next) {
+-		strncpy(interface, dev->name, strlen(dev->name)+1);
+-
+-		*pd = pcap_open_live(interface, snaplen, 1, timeout, errbuf);
+-		if (*pd == NULL) {
+-			syslog(LOG_ERR, "pcap open %s: %s, trying next...", interface, errbuf);
+-			continue;
+-			/* exit(1); */
+-		}
++char *
++iterate_dev(char *arginterface, pcap_t **pd, int *linktype, char *errbuf)
++{
++	static char interface[64 + 1];
++	pcap_if_t *alldevs;
++	pcap_if_t *dev;
+ 
+-		*linktype = pcap_datalink(*pd);
+-		/* Must be ethernet or fddi */
+-		if (*linktype != DLT_EN10MB && *linktype != DLT_FDDI) {
+-			syslog(LOG_ERR, "(%s) Link layer type %d not ethernet or fddi, trying next...",
+-				   interface, *linktype);
+-			pcap_close(*pd);
++	if (NULL != arginterface) {
++		return try_dev(arginterface, pd, linktype, errbuf);
++	} else {
++		if (pcap_findalldevs(&alldevs, errbuf) == -1) {
++			(void)fprintf(stderr, "%s: lookup_device: %s\n",
++						  prog, errbuf);
++			exit(1);
+ 		}
+-		else {
+-			/* First match, use it */
+-			ret = interface;
+-			break;
++		for (dev = alldevs; dev && (arginterface == NULL); dev = dev->next) {
++			strncpy(interface, dev->name, strlen(dev->name)+1);
++			arginterface = try_dev(interface, pd, linktype, errbuf);
+ 		}
+-
++		pcap_freealldevs(alldevs);
++		return arginterface;
+ 	}
+-	pcap_freealldevs(alldevs);
+-	return (ret);
+ }
+ 
+ int
+@@ -315,8 +317,8 @@ main(int argc, char **argv)
+ 	} else {
+ 
+ 		/* Determine interface if not specified */
+-		if (interface == NULL &&
+-			(interface = get_first_dev(&pd, &linktype, errbuf)) == NULL) {
++		interface = iterate_dev(interface, &pd, &linktype, errbuf);
++		if (interface == NULL) {
+ 			(void)fprintf(stderr, "%s: lookup_device: no suitable interface found\n",
+ 						  prog);
+ 			exit(1);

SOURCES/arpwatch-2.1a15-nolocalpcap.patch

@@ -0,0 +1,10 @@
+--- arpwatch-2.1a15/configure.nolocalpcap	2006-06-21 22:32:38.000000000 +0200
++++ arpwatch-2.1a15/configure	2006-11-09 15:04:35.000000000 +0100
+@@ -4956,6 +4956,7 @@
+     places=`ls .. | sed -e 's,/$,,' -e 's,^,../,' | \
+ 	egrep '/libpcap-[0-9]*\.[0-9]*(\.[0-9]*)?([ab][0-9]*)?$'`
+     for dir in $places ../libpcap libpcap ; do
++	    break
+ 	    basedir=`echo $dir | sed -e 's/[ab][0-9]*$//'`
+ 	    if test $lastdir = $basedir ; then
+ 		    		    continue;

SOURCES/arpwatch-2.1a4-fhs.patch

@@ -0,0 +1,20 @@
+--- arpwatch-2.1a4/Makefile.in.fhs	Sun Jun 18 08:26:28 2000
++++ arpwatch-2.1a4/Makefile.in	Sun Jun 18 08:27:21 2000
+@@ -109,13 +109,13 @@
+ 	$(CC) $(CFLAGS) -o $@ zap.o intoa.o -lutil
+ 
+ install: force
+-	$(INSTALL) -m 555 -o bin -g bin arpwatch $(DESTDIR)$(BINDEST)
+-	$(INSTALL) -m 555 -o bin -g bin arpsnmp $(DESTDIR)$(BINDEST)
++	$(INSTALL) -m 755 arpwatch $(DESTDIR)$(BINDEST)
++	$(INSTALL) -m 755 arpsnmp $(DESTDIR)$(BINDEST)
+ 
+ install-man: force
+-	$(INSTALL) -m 444 -o bin -g bin $(srcdir)/arpwatch.8 \
++	$(INSTALL) -m 644 $(srcdir)/arpwatch.8 \
+ 	    $(DESTDIR)$(MANDEST)/man8
+-	$(INSTALL) -m 444 -o bin -g bin $(srcdir)/arpsnmp.8 \
++	$(INSTALL) -m 644 $(srcdir)/arpsnmp.8 \
+ 	    $(DESTDIR)$(MANDEST)/man8
+ 
+ lint:	$(GENSRC) force

SOURCES/arpwatch-addr.patch

@@ -0,0 +1,232 @@
+--- arpwatch-2.1a11/addresses.h.in.addr	Wed Jun  5 00:40:29 1996
++++ arpwatch-2.1a11/addresses.h.in	Wed Jul 31 17:39:38 2002
+@@ -1,2 +1,4 @@
+ #define WATCHER "root"
+-#define WATCHEE "arpwatch (Arpwatch)"
++#define WATCHEE "root (Arpwatch)"
++extern char *watcher;
++extern char *watchee;
+--- arpwatch-2.1a11/arpsnmp.8.addr	Sun Sep 17 15:34:48 2000
++++ arpwatch-2.1a11/arpsnmp.8	Fri Aug  2 15:15:31 2002
+@@ -30,6 +30,12 @@
+ ] [
+ .B -f
+ .I datafile
++] [
++.B -e
++.I username
++] [
++.B -s
++.I username
+ ]
+ .I file
+ [
+@@ -59,6 +65,27 @@
+ .I arp.dat
+ file must be created before the first time you run
+ .BR arpsnmp .
++.LP
++If the
++.B -e 
++flag is used, 
++.B arpsnmp
++sends e-mail messages to
++.I username
++rather than the default (root).
++If a single `-' character is given for the username,
++sending of e-mail is suppressed,
++but logging via syslog is still done as usual.
++(This can be useful during initial runs, to collect data
++without being flooded with messages about new stations.)
++.LP
++If the
++.B -s 
++flag is used, 
++.B arpsnmp
++sends e-mail messages with
++.I username
++as the return address, rather than the default (root).
+ .LP
+ .SH "REPORT MESSAGES"
+ (See the
+--- arpwatch-2.1a11/arpsnmp.c.addr	Sun Jan 17 19:47:40 1999
++++ arpwatch-2.1a11/arpsnmp.c	Fri Aug  2 15:17:16 2002
+@@ -59,6 +59,7 @@
+ #include "file.h"
+ #include "machdep.h"
+ #include "util.h"
++#include "addresses.h"
+ 
+ /* Forwards */
+ int	main(int, char **);
+@@ -90,7 +91,7 @@
+ 	}
+ 
+ 	opterr = 0;
+-	while ((op = getopt(argc, argv, "df:")) != EOF)
++	while ((op = getopt(argc, argv, "df:e:s:")) != EOF)
+ 		switch (op) {
+ 
+ 		case 'd':
+@@ -105,6 +106,24 @@
+ 			arpfile = optarg;
+ 			break;
+ 
++		case 'e':
++			if ( optarg ) {
++				watcher = strdup(optarg);
++			} else {
++				(void)fprintf(stderr, "%s: Need recipient username/e-mail address after -e\n", prog);
++				usage();
++			}
++			break;
++
++		case 's':
++			if ( optarg ) {
++				watchee = strdup(optarg);
++			} else {
++				(void)fprintf(stderr, "%s: Need sender username/e-mail address after -s\n", prog);
++				usage();
++			}
++			break;
++
+ 		default:
+ 			usage();
+ 		}
+@@ -184,6 +203,6 @@
+ 
+ 	(void)fprintf(stderr, "Version %s\n", version);
+ 	(void)fprintf(stderr,
+-	    "usage: %s [-d] [-f datafile] file [...]\n", prog);
++	    "usage: %s [-d] [-f datafile] [-e username] [-s username] file [...]\n", prog);
+ 	exit(1);
+ }
+--- arpwatch-2.1a11/arpwatch.8.addr	Thu Aug  1 13:45:36 2002
++++ arpwatch-2.1a11/arpwatch.8	Thu Aug  1 14:08:05 2002
+@@ -46,6 +46,12 @@
+ ] [
+ .B -u
+ .I username
++] [
++.B -e
++.I username
++] [
++.B -s
++.I username
+ ]
+ .ad
+ .SH DESCRIPTION
+@@ -106,6 +112,27 @@
+ and group ID to that of the primary group of 
+ .IR username .
+ This is recommended for security reasons.
++.LP
++If the
++.B -e 
++flag is used, 
++.B arpwatch
++sends e-mail messages to
++.I username
++rather than the default (root).
++If a single `-' character is given for the username,
++sending of e-mail is suppressed,
++but logging via syslog is still done as usual.
++(This can be useful during initial runs, to collect data
++without being flooded with messages about new stations.)
++.LP
++If the
++.B -s 
++flag is used, 
++.B arpwatch
++sends e-mail messages with
++.I username
++as the return address, rather than the default (root).
+ .LP
+ Note that an empty
+ .I arp.dat
+--- arpwatch-2.1a11/arpwatch.c.addr	Thu Aug  1 13:45:36 2002
++++ arpwatch-2.1a11/arpwatch.c	Thu Aug  1 13:47:35 2002
+@@ -78,6 +78,7 @@
+ #include "machdep.h"
+ #include "setsignal.h"
+ #include "util.h"
++#include "addresses.h"
+ 
+ /* Some systems don't define these */
+ #ifndef ETHERTYPE_REVARP
+@@ -190,7 +191,7 @@
+ 	interface = NULL;
+ 	rfilename = NULL;
+ 	pd = NULL;
+-	while ((op = getopt(argc, argv, "df:i:n:Nr:u:")) != EOF)
++	while ((op = getopt(argc, argv, "df:i:n:Nr:u:e:s:")) != EOF)
+ 		switch (op) {
+ 
+ 		case 'd':
+@@ -232,6 +233,26 @@
+ 			}
+ 			break;
+ 
++		case 'e':
++			if ( optarg ) {
++				watcher = strdup(optarg);
++			}
++			else {
++				fprintf(stderr, "%s: Need recipient username/e-mail address after -e\n", prog);
++				usage();
++			}
++			break;
++
++		case 's':
++			if ( optarg ) {
++				watchee = strdup(optarg);
++			}
++			else {
++				fprintf(stderr, "%s: Need sender username/e-mail address after -s\n", prog);
++				usage();
++			}
++			break;
++
+ 		default:
+ 			usage();
+ 		}
+@@ -784,6 +805,7 @@
+ 
+ 	(void)fprintf(stderr, "Version %s\n", version);
+ 	(void)fprintf(stderr, "usage: %s [-dN] [-f datafile] [-i interface]"
+-	    " [-n net[/width]] [-r file] [-u username]\n", prog);
++	    " [-n net[/width]] [-r file] [-u username]"
++	    " [-e username] [-s username]\n", prog);
+ 	exit(1);
+ }
+--- arpwatch-2.1a11/report.c.addr	Sat Sep 30 18:41:10 2000
++++ arpwatch-2.1a11/report.c	Thu Aug  1 14:16:43 2002
+@@ -70,6 +70,9 @@
+ 
+ #define PLURAL(n) ((n) == 1 || (n) == -1 ? "" : "s")
+ 
++char *watcher = WATCHER;
++char *watchee = WATCHEE;
++
+ static int cdepth;	/* number of outstanding children */
+ 
+ static char *fmtdate(time_t);
+@@ -240,8 +243,6 @@
+ 	register FILE *f;
+ 	char tempfile[64], cpu[64], os[64];
+ 	char *fmt = "%20s: %s\n";
+-	char *watcher = WATCHER;
+-	char *watchee = WATCHEE;
+ 	char *sendmail = PATH_SENDMAIL;
+ 	char *unknown = "<unknown>";
+ 	char buf[132];
+@@ -258,6 +259,9 @@
+ 		}
+ 		f = stdout;
+ 		(void)putc('\n', f);
++	} else if (watcher == NULL || *watcher == NULL || *watcher == '-') {
++		dosyslog(LOG_NOTICE, title, a, e1, e2);
++		return;
+ 	} else {
+ 		/* Setup child reaper if we haven't already */
+ 		if (!init) {

SOURCES/arpwatch-dir-man.patch

@@ -0,0 +1,22 @@
+--- arpwatch-2.1a15/arpsnmp.8.dirman	2006-11-02 17:00:58.000000000 +0100
++++ arpwatch-2.1a15/arpsnmp.8	2006-11-02 17:23:58.000000000 +0100
+@@ -96,7 +96,7 @@
+ .na
+ .nh
+ .nf
+-/usr/operator/arpwatch - default directory
++/var/lib/arpwatch - default directory
+ arp.dat - ethernet/ip address database
+ ethercodes.dat - vendor ethernet block list
+ .ad
+--- arpwatch-2.1a15/arpwatch.8.dirman	2006-11-02 17:00:58.000000000 +0100
++++ arpwatch-2.1a15/arpwatch.8	2006-11-02 17:24:07.000000000 +0100
+@@ -198,7 +198,7 @@
+ .na
+ .nh
+ .nf
+-/usr/operator/arpwatch - default directory
++/var/lib/arpwatch - default directory
+ arp.dat - ethernet/ip address database
+ ethercodes.dat - vendor ethernet block list
+ .ad

SOURCES/arpwatch-drop-man.patch

@@ -0,0 +1,48 @@
+--- arpwatch.8.orig	Sun Oct  8 23:31:28 2000
++++ arpwatch.8	Mon Oct 16 16:46:19 2000
+@@ -36,13 +36,16 @@
+ .I interface
+ ]
+ .br
+-.ti +8
++.ti +9
+ [
+ .B -n
+ .IR net [/ width
+ ]] [
+ .B -r
+ .I file
++] [
++.B -u
++.I username
+ ]
+ .ad
+ .SH DESCRIPTION
+@@ -94,10 +97,26 @@
+ .B arpwatch
+ does not fork.
+ .LP
++If 
++.B -u 
++flag is used, 
++.B arpwatch
++drops root privileges and changes user ID to
++.I username
++and group ID to that of the primary group of 
++.IR username .
++This is recommended for security reasons.
++.LP
+ Note that an empty
+ .I arp.dat
+ file must be created before the first time you run
+-.BR arpwatch .
++.BR arpwatch . 
++Also, the default directory (where arp.dat is stored) must be owned
++by 
++.I username
++if 
++.BR -u
++flag is used.
+ .LP
+ .SH "REPORT MESSAGES"
+ Here's a quick list of the report messages generated by

SOURCES/arpwatch-drop.patch

@@ -0,0 +1,93 @@
+--- arpwatch-2.1a10/arpwatch.c	Sat Oct 14 05:07:35 2000
++++ arpwatch-2.1a10/arpwatch.c	Sun Jun 10 16:22:57 2001
+@@ -62,7 +62,7 @@
+ #include <string.h>
+ #include <syslog.h>
+ #include <unistd.h>
+-
++#include <pwd.h>
+ #include <pcap.h>
+ 
+ #include "gnuc.h"
+@@ -141,6 +141,25 @@
+ int	sanity_fddi(struct fddi_header *, struct ether_arp *, int);
+ __dead	void usage(void) __attribute__((volatile));
+ 
++void dropprivileges(const char* user)
++{
++	struct passwd* pw;
++	pw = getpwnam( user );
++	if ( pw ) {
++		if ( initgroups(pw->pw_name, NULL) != 0 || setgid(pw->pw_gid) != 0 ||
++				 setuid(pw->pw_uid) != 0 ) {
++			syslog(LOG_ERR, "Couldn't change to '%.32s' uid=%d gid=%d", user,
++						 pw->pw_uid, pw->pw_gid);
++			exit(1);
++		}
++	}
++	else {
++		syslog(LOG_ERR, "Couldn't find user '%.32s' in /etc/passwd", user);
++		exit(1);
++	}
++	syslog(LOG_DEBUG, "Running as uid=%d gid=%d", getuid(), getgid());
++}
++
+ int
+ main(int argc, char **argv)
+ {
+@@ -153,6 +172,7 @@
+ 	register char *interface, *rfilename;
+ 	struct bpf_program code;
+ 	char errbuf[PCAP_ERRBUF_SIZE];
++	char* serveruser = NULL;
+ 
+ 	if (argv[0] == NULL)
+ 		prog = "arpwatch";
+@@ -170,7 +190,7 @@
+ 	interface = NULL;
+ 	rfilename = NULL;
+ 	pd = NULL;
+-	while ((op = getopt(argc, argv, "df:i:n:Nr:")) != EOF)
++	while ((op = getopt(argc, argv, "df:i:n:Nr:u:")) != EOF)
+ 		switch (op) {
+ 
+ 		case 'd':
+@@ -202,6 +222,16 @@
+ 			rfilename = optarg;
+ 			break;
+ 
++		case 'u':
++			if ( optarg ) {
++				serveruser = strdup(optarg);
++			}
++			else {
++				fprintf(stderr, "%s: Need username after -u\n", prog);
++				usage();
++			}
++			break;
++
+ 		default:
+ 			usage();
+ 		}
+@@ -283,8 +313,11 @@
+ 	 * Revert to non-privileged user after opening sockets
+ 	 * (not needed on most systems).
+ 	 */
+-	setgid(getgid());
+-	setuid(getuid());
++	/*setgid(getgid());*/
++	/*setuid(getuid());*/
++	if ( serveruser ) {
++		dropprivileges( serveruser );
++	}
+ 
+ 	/* Must be ethernet or fddi */
+ 	linktype = pcap_datalink(pd);
+@@ -751,6 +784,6 @@
+ 
+ 	(void)fprintf(stderr, "Version %s\n", version);
+ 	(void)fprintf(stderr, "usage: %s [-dN] [-f datafile] [-i interface]"
+-	    " [-n net[/width]] [-r file]\n", prog);
++	    " [-n net[/width]] [-r file] [-u username]\n", prog);
+ 	exit(1);
+ }

SOURCES/arpwatch-exitcode.patch

@@ -0,0 +1,12 @@
+diff -up arpwatch-2.1a15/arpwatch.c.exitcode arpwatch-2.1a15/arpwatch.c
+--- arpwatch-2.1a15/arpwatch.c.exitcode	2011-07-08 15:35:28.758414483 +0200
++++ arpwatch-2.1a15/arpwatch.c	2011-07-08 15:35:31.539417016 +0200
+@@ -782,7 +782,7 @@ die(int signo)
+ 
+ 	syslog(LOG_DEBUG, "exiting");
+ 	checkpoint(0);
+-	exit(1);
++	exit(0);
+ }
+ 
+ RETSIGTYPE

SOURCES/arpwatch-pie.patch

@@ -0,0 +1,18 @@
+--- arpwatch-2.1a15/Makefile.in	2013-04-23 11:17:51.994488347 +0200
++++ arpwatch-2.1a15/Makefile.in.new	2013-04-23 11:17:24.000000000 +0200
+@@ -48,12 +48,12 @@
+ DEFS = -DDEBUG @DEFS@ -DARPDIR=\"$(ARPDIR)\" -DPATH_SENDMAIL=\"$(SENDMAIL)\"
+ 
+ # Standard CFLAGS
+-CFLAGS = $(CCOPT) $(DEFS) $(INCLS)
++CFLAGS = $(CCOPT) $(DEFS) $(INCLS) -pie
+ 
+ # Standard LIBS
+-LIBS = @LIBS@
++LIBS = @LIBS@ -pie -Wl,-z,relro,-z,now
+ # Standard LIBS without libpcap.a
+-SLIBS = @LBL_LIBS@
++SLIBS = @LBL_LIBS@ -pie -Wl,-z,relro,-z,now
+ 
+ INSTALL = @INSTALL@
+ SENDMAIL = @V_SENDMAIL@

SOURCES/arpwatch-promisc.patch

@@ -0,0 +1,106 @@
+--- a/arpwatch.8	2016-01-26 10:13:58.344326599 +0100
++++ b/arpwatch.8	2016-01-26 09:59:46.620048949 +0100
+@@ -27,7 +27,7 @@ arpwatch - keep track of ethernet/ip add
+ .na
+ .B arpwatch
+ [
+-.B -dN
++.B -dNp
+ ] [
+ .B -f
+ .I datafile
+@@ -70,6 +70,10 @@ background and emailing the reports. Ins
+ .IR stderr .
+ .LP
+ The
++.B -p
++flag disables promiscous mode.
++.LP
++The
+ .B -f
+ flag is used to set the ethernet/ip address database filename.
+ The default is
+diff -rup arpwatch-2.1a15/arpwatch.c arpwatch-2.1a15-new/arpwatch.c
+--- a/arpwatch.c	2016-01-26 10:13:58.356326563 +0100
++++ b/arpwatch.c	2016-01-26 10:13:37.273390029 +0100
+@@ -162,7 +162,7 @@ void dropprivileges(const char* user)
+ }
+ 
+ char *
+-try_dev(char *interface, pcap_t **pd, int *linktype, char *errbuf)
++try_dev(char *interface, pcap_t **pd, int *linktype, int promisc, char *errbuf)
+ {
+ 	register int snaplen, timeout;
+ 
+@@ -170,7 +170,7 @@ try_dev(char *interface, pcap_t **pd, in
+ 				  sizeof(struct fddi_header)) + sizeof(struct ether_arp);
+ 	timeout = 1000;
+ 
+-	*pd = pcap_open_live(interface, snaplen, 1, timeout, errbuf);
++	*pd = pcap_open_live(interface, snaplen, promisc, timeout, errbuf);
+ 	if (NULL == *pd) {
+ 		syslog(LOG_ERR, "pcap open %s: %s", interface,  errbuf);
+ 		return NULL;
+@@ -187,14 +187,14 @@ try_dev(char *interface, pcap_t **pd, in
+ }
+ 
+ char *
+-iterate_dev(char *arginterface, pcap_t **pd, int *linktype, char *errbuf)
++iterate_dev(char *arginterface, pcap_t **pd, int *linktype, int promisc, char *errbuf)
+ {
+ 	static char interface[64 + 1];
+ 	pcap_if_t *alldevs;
+ 	pcap_if_t *dev;
+ 
+ 	if (NULL != arginterface) {
+-		return try_dev(arginterface, pd, linktype, errbuf);
++		return try_dev(arginterface, pd, linktype, promisc, errbuf);
+ 	} else {
+ 		if (pcap_findalldevs(&alldevs, errbuf) == -1) {
+ 			(void)fprintf(stderr, "%s: lookup_device: %s\n",
+@@ -203,7 +203,7 @@ iterate_dev(char *arginterface, pcap_t *
+ 		}
+ 		for (dev = alldevs; dev && (arginterface == NULL); dev = dev->next) {
+ 			strncpy(interface, dev->name, strlen(dev->name)+1);
+-			arginterface = try_dev(interface, pd, linktype, errbuf);
++			arginterface = try_dev(interface, pd, linktype, promisc, errbuf);
+ 		}
+ 		pcap_freealldevs(alldevs);
+ 		return arginterface;
+@@ -224,6 +224,7 @@ main(int argc, char **argv)
+ 	struct bpf_program code;
+ 	char errbuf[PCAP_ERRBUF_SIZE];
+ 	char* serveruser = NULL;
++	int promisc = 1;
+ 
+ 	if (argv[0] == NULL)
+ 		prog = "arpwatch";
+@@ -242,7 +243,7 @@ main(int argc, char **argv)
+ 	linktype = -1;
+ 	rfilename = NULL;
+ 	pd = NULL;
+-	while ((op = getopt(argc, argv, "df:i:n:Nr:u:e:s:")) != EOF)
++	while ((op = getopt(argc, argv, "df:i:n:Nr:u:e:s:p")) != EOF)
+ 		switch (op) {
+ 
+ 		case 'd':
+@@ -304,6 +305,10 @@ main(int argc, char **argv)
+ 			}
+ 			break;
+ 
++		case 'p':
++			promisc = 0;
++			break;
++
+ 		default:
+ 			usage();
+ 		}
+@@ -317,7 +322,7 @@ main(int argc, char **argv)
+ 	} else {
+ 
+ 		/* Determine interface if not specified */
+-		interface = iterate_dev(interface, &pd, &linktype, errbuf);
++		interface = iterate_dev(interface, &pd, &linktype, promisc, errbuf);
+ 		if (interface == NULL) {
+ 			(void)fprintf(stderr, "%s: lookup_device: no suitable interface found\n",
+ 						  prog);

SOURCES/arpwatch-scripts.patch

@@ -0,0 +1,27 @@
+--- arpwatch-2.1a15/arp2ethers.scripts	2002-01-05 20:40:48.000000000 +0100
++++ arpwatch-2.1a15/arp2ethers	2006-11-09 14:34:42.000000000 +0100
+@@ -13,7 +13,7 @@
+ #	- sort
+ #
+ 
+-sort +2rn arp.dat | \
++sort -k 2 -rn arp.dat | \
+     awk 'NF == 4 { print }' | \
+     awk -f p.awk | \
+     egrep -v '\.[0-9][0-9]*$' | \
+--- arpwatch-2.1a15/arpfetch.scripts	2006-07-28 20:10:30.000000000 +0200
++++ arpwatch-2.1a15/arpfetch	2006-11-09 14:37:05.000000000 +0100
+@@ -4,8 +4,6 @@
+ # arpfetch - collect arp data from a cisco using net-snmp
+ #
+ 
+-export PATH="/usr/local/bin:${PATH}"
+-
+ prog=`basename $0`
+ 
+ if [ $# -ne 2 ]; then
+@@ -30,4 +28,3 @@
+ 	    print ea "\t" ip
+     }'
+ 
+-rm -f ${t1}

SOURCES/arpwatch.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=Arpwatch daemon which keeps track of ethernet/ip address pairings
+After=syslog.target network-online.target
+Documentation=man:arpwatch
+
+[Service]
+Type=forking
+PrivateTmp=yes
+ExecStart=/usr/sbin/arpwatch -u arpwatch -e root -s 'root (Arpwatch)'
+
+[Install]
+WantedBy=multi-user.target

SPECS/arpwatch.spec

@@ -0,0 +1,292 @@
+%global _vararpwatch %{_localstatedir}/lib/arpwatch
+%global _hardened_build 1
+
+Name: arpwatch
+Epoch: 14
+Version: 2.1a15
+Release: 42%{?dist}
+Summary: Network monitoring tools for tracking IP addresses on a network
+Group: Applications/System
+License: BSD with advertising
+URL: http://ee.lbl.gov/
+Requires(pre): shadow-utils
+Requires(post): systemd
+Requires(preun): systemd
+Requires(postun): systemd
+Requires: /usr/sbin/sendmail
+BuildRequires: /usr/sbin/sendmail libpcap-devel perl-interpreter systemd
+
+Source0: ftp://ftp.ee.lbl.gov/arpwatch-%{version}.tar.gz
+Source1: arpwatch.service
+# created by:
+# wget -O- http://standards.ieee.org/regauth/oui/oui.txt | \
+# iconv -f iso8859-1 -t utf8 | massagevendor | bzip2
+Source3: ethercodes-20110707.dat.bz2
+Patch1: arpwatch-2.1a4-fhs.patch
+Patch2: arpwatch-2.1a10-man.patch
+Patch3: arpwatch-drop.patch
+Patch4: arpwatch-drop-man.patch
+Patch5: arpwatch-addr.patch
+Patch6: arpwatch-dir-man.patch
+Patch7: arpwatch-scripts.patch
+Patch8: arpwatch-2.1a15-nolocalpcap.patch
+Patch9: arpwatch-2.1a15-bogon.patch
+Patch10: arpwatch-2.1a15-extraman.patch
+Patch11: arpwatch-exitcode.patch
+Patch12: arpwatch-2.1a15-dropgroup.patch
+Patch13: arpwatch-2.1a15-devlookup.patch
+Patch14: arpwatch-2.1a15-lookupiselect.patch
+Patch16: arpwatch-201301-ethcodes.patch
+Patch17: arpwatch-pie.patch
+Patch18: arpwatch-aarch64.patch
+Patch19: arpwatch-promisc.patch
+
+%description
+The arpwatch package contains arpwatch and arpsnmp.  Arpwatch and
+arpsnmp are both network monitoring tools.  Both utilities monitor
+Ethernet or FDDI network traffic and build databases of Ethernet/IP
+address pairs, and can report certain changes via email.
+
+Install the arpwatch package if you need networking monitoring devices
+which will automatically keep track of the IP addresses on your
+network.
+
+%prep
+%setup -q
+
+%patch1 -p1 -b .fhs
+%patch2 -p1 -b .arpsnmpman
+%patch3 -p1 -b .droproot
+%patch4 -p0 -b .droprootman
+%patch5 -p1 -b .mailuser
+%patch6 -p1 -b .dirman
+%patch7 -p1 -b .scripts
+%patch8 -p1 -b .nolocalpcap
+%patch9 -p1 -b .bogon
+%patch10 -p1 -b .extraman
+%patch11 -p1 -b .exitcode
+%patch12 -p1 -b .dropgroup
+%patch13 -p1 -b .devlookup
+%patch14 -p1 -b .iselect
+%patch16 -p1 -b .ethcode
+%patch17 -p1 -b .pie
+%patch18 -p1 -b .aarch64
+%patch19 -p1 -b .promisc
+
+%build
+%configure
+make ARPDIR=%{_vararpwatch}
+
+%install
+
+mkdir -p $RPM_BUILD_ROOT%{_mandir}/man8
+mkdir -p $RPM_BUILD_ROOT%{_sbindir}
+mkdir -p $RPM_BUILD_ROOT%{_vararpwatch}
+mkdir -p $RPM_BUILD_ROOT%{_unitdir}
+touch $RPM_BUILD_ROOT%{_vararpwatch}/arp.dat-
+make DESTDIR=$RPM_BUILD_ROOT install install-man
+
+# prepare awk scripts
+perl -pi -e "s/\'/\'\\\'\'/g" *.awk
+
+# and embed them
+for i in arp2ethers massagevendor massagevendor-old; do
+	cp -f $i $RPM_BUILD_ROOT%{_sbindir}
+	for j in *.awk; do
+		sed "s/-f\ *\(\<$j\>\)/\'\1\n\' /g" \
+			< $RPM_BUILD_ROOT%{_sbindir}/$i \
+			| sed "s/$j\$//;tx;b;:x;r$j" \
+			> $RPM_BUILD_ROOT%{_sbindir}/$i.x
+		mv -f $RPM_BUILD_ROOT%{_sbindir}/$i{.x,}
+	done
+	chmod 755 $RPM_BUILD_ROOT%{_sbindir}/$i
+done
+
+install -p -m644 *.dat $RPM_BUILD_ROOT%{_vararpwatch}
+install -p -m644 %{SOURCE1} $RPM_BUILD_ROOT%{_unitdir}/arpwatch.service
+install -p -m644 %{SOURCE3} $RPM_BUILD_ROOT%{_vararpwatch}/ethercodes.dat.bz2
+bzip2 -df $RPM_BUILD_ROOT%{_vararpwatch}/ethercodes.dat.bz2
+
+rm -f $RPM_BUILD_ROOT%{_sbindir}/massagevendor-old
+
+%post
+%systemd_post arpwatch.service
+
+%pre
+if ! getent group arpwatch &> /dev/null; then
+	getent group pcap 2> /dev/null | grep -q 77 &&
+		/usr/sbin/groupmod -n arpwatch pcap 2> /dev/null ||
+		/usr/sbin/groupadd -g 77 arpwatch 2> /dev/null
+fi
+if ! getent passwd arpwatch &> /dev/null; then
+	getent passwd pcap 2> /dev/null | grep -q 77 &&
+		/usr/sbin/usermod -l arpwatch -g 77 \
+			-d %{_vararpwatch} pcap 2> /dev/null ||
+		/usr/sbin/useradd -u 77 -g 77 -s /sbin/nologin \
+			-M -r -d %{_vararpwatch} arpwatch 2> /dev/null
+fi
+:
+
+%postun
+%systemd_postun_with_restart arpwatch.service
+
+%preun
+%systemd_preun arpwatch.service
+
+%files
+%doc README CHANGES arpfetch
+%{_sbindir}/arpwatch
+%{_sbindir}/arpsnmp
+%{_sbindir}/arp2ethers
+%{_sbindir}/massagevendor
+%{_mandir}/man8/*.8*
+%{_unitdir}/arpwatch.service
+%attr(1775,-,arpwatch) %dir %{_vararpwatch}
+%attr(0644,arpwatch,arpwatch) %verify(not md5 size mtime) %config(noreplace) %{_vararpwatch}/arp.dat
+%attr(0644,arpwatch,arpwatch) %verify(not md5 size mtime) %config(noreplace) %{_vararpwatch}/arp.dat-
+%attr(0600,arpwatch,arpwatch) %verify(not md5 size mtime) %ghost %{_vararpwatch}/arp.dat.new
+%attr(0644,-,arpwatch) %verify(not md5 size mtime) %config(noreplace) %{_vararpwatch}/ethercodes.dat
+
+%changelog
+* Mon Mar  5 2018 Jan Synáček <jsynacek@redhat.com> - 14:2.1a15-42
+- make sure arpwatch starts after network devices are up (#1551431)
+
+* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-41
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-40
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-39
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Mon Feb 20 2017 Jan Synáček <jsynacek@redhat.com> - 14:2.1a15-38
+- fix FTBFS (#1423238)
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-37
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 14:2.1a15-36
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Tue Jan 26 2016 Jan Synáček <jsynacek@redhat.com> - 14:2.1a15-35
+- fix arpwatch buffer overflow (#1301880)
+- add -p option that disables promiscuous mode (#1301853)
+
+* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-34
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Fri Aug 15 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-33
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-32
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Mon Feb  3 2014 Jan Synáček <jsynacek@redhat.com> 14:2.1a15-31
+- reference documentation in the service file
+- remove redundant sysconfig-related stuff
+
+* Sun Aug  4 2013 Peter Robinson <pbrobinson@fedoraproject.org> 14:2.1a15-30
+- Fix FTBFS
+
+* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-29
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Tue Apr 23 2013 Jan Synáček <jsynacek@redhat.com> 14:2.1a15-28
+- harden the package (#954336)
+- support aarch64 (#925027)
+
+* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-27
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Thu Jan 17 2013 Ales Ledvinka <aledvink@redhat.com> - 14:2.1a15-26
+- fix permissions related to collected database
+- update ethcodes defaults to current public IEEE OUI-32
+
+* Mon Oct 15 2012 Ales Ledvinka <aledvink@redhat.com> - 14:2.1a15-25
+- fix -i with invalid interface specified (#842660)
+
+* Mon Oct 15 2012 Ales Ledvinka <aledvink@redhat.com> - 14:2.1a15-24
+- fix devlookup to start with -i interface specified (#842660)
+
+* Wed Aug 22 2012 Jan Synáček <jsynacek@redhat.com> - 14:2.1a15-23
+- Add system-rpm macros (#850032)
+
+* Tue Jul 24 2012 Jan Synáček <jsynacek@redhat.com> - 14:2.1a15-22
+- add devlookup patch: search for suitable default interface, if -i is not
+  specified (#842660)
+
+* Thu Jul 19 2012 Jan Synáček <jsynacek@redhat.com> - 14:2.1a15-21
+- make spec slightly more fedora-review-friendly
+
+* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-21
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Thu May 31 2012 Aleš Ledvinka <aledvink@redhat.com> 14:2.1a15-20
+- fix supplementary group list (#825328) (CVE-2012-2653)
+
+* Thu Jan 19 2012 Jan Synáček <jsynacek@redhat.com> 14:2.1a15-19
+- Turn on PrivateTmp=true in service file (#782477)
+
+* Thu Jan 05 2012 Jan Synáček <jsynacek@redhat.com> 14:2.1a15-18
+- Rebuilt for GCC 4.7
+
+* Fri Jul 08 2011 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-17
+- exit with zero error code (#699285)
+- change service type to forking (#699285)
+
+* Thu Jul 07 2011 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-16
+- replace SysV init script with systemd service (#699285)
+- update ethercodes.dat
+
+* Mon Mar 28 2011 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-15
+- update ethercodes.dat (#690948)
+
+* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Tue Mar 30 2010 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-13
+- update ethercodes.dat (#577552)
+- mark ethercodes.dat as noreplace
+- fix init script LSB compliance
+- include Debian arp2ethers and massagevendor man pages (#526160)
+- don't include massagevendor-old script anymore
+
+* Wed Sep 02 2009 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-12
+- update ethercodes.dat
+
+* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Mon Feb 23 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Tue Sep 16 2008 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-9
+- update ethercodes.dat (#462364)
+
+* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 14:2.1a15-8
+- Autorebuild for GCC 4.3
+
+* Wed Aug 22 2007 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-7
+- rebuild
+
+* Thu Aug 09 2007 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-6
+- improve init script (#246869)
+- allow -n 0/32 to disable reporting bogons from 0.0.0.0 (#244606)
+- update license tag
+- update ethercodes.dat
+
+* Wed Jun 13 2007 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-5
+- update ethercodes.dat
+
+* Thu May 24 2007 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-4
+- fix return codes in init script (#237781)
+
+* Mon Jan 15 2007 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-3
+- rename pcap user to arpwatch
+
+* Tue Nov 28 2006 Miroslav Lichvar <mlichvar@redhat.com> 14:2.1a15-2
+- split from tcpdump package (#193657)
+- update to 2.1a15
+- clean up files in /var
+- force linking with system libpcap