public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/arpwatch/, net-analyzer/arpwatch/files/
@ 2017-10-22 17:41 Michael Orlitzky
  0 siblings, 0 replies; 5+ messages in thread
From: Michael Orlitzky @ 2017-10-22 17:41 UTC (permalink / raw
  To: gentoo-commits

commit:     6739ee69e69a954bc27a3040ab59d46b82582229
Author:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 22 17:22:30 2017 +0000
Commit:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Sun Oct 22 17:40:01 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6739ee69

net-analyzer/arpwatch: new revision to fix privilege escalation.

In previous revisions, the init script for arpwatch called "chown" as
root on a location under /var/lib/arpwatch -- a path that is controlled
by the "arpwatch" user per its ebuild. That could be exploited by the
"arpwatch" user to take control of root-owned files.

This new revision comes with a new init script and conf.d file that
completely rework the way instances are created and run. The
"arpwatch" user is hard-coded, because as was mentioned, the ebuild
sets some important permissions for that user. Since it is not
possible to change that user, the need for "chown" is eliminated.

Separate instances are now created by symlinking the init script (like
our network interface scripts), rather than by enumerating them in a
single arpwatch init script. Upgraders will want to review their
configurations.

Bug: https://bugs.gentoo.org/602552
Package-Manager: Portage-2.3.8, Repoman-2.3.3

 net-analyzer/arpwatch/arpwatch-2.1.15-r10.ebuild | 69 ++++++++++++++++++++++++
 net-analyzer/arpwatch/files/arpwatch.confd-r1    | 17 ++++++
 net-analyzer/arpwatch/files/arpwatch.initd-r1    | 27 ++++++++++
 3 files changed, 113 insertions(+)

diff --git a/net-analyzer/arpwatch/arpwatch-2.1.15-r10.ebuild b/net-analyzer/arpwatch/arpwatch-2.1.15-r10.ebuild
new file mode 100644
index 00000000000..986da0386f7
--- /dev/null
+++ b/net-analyzer/arpwatch/arpwatch-2.1.15-r10.ebuild
@@ -0,0 +1,69 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit user versionator
+
+PATCH_VER="0.8"
+MY_P="${PN}-$(replace_version_separator 2 'a')"
+
+DESCRIPTION="An ethernet monitor program that keeps track of ethernet/IP address pairings"
+HOMEPAGE="http://ee.lbl.gov/"
+SRC_URI="
+	ftp://ftp.ee.lbl.gov/${MY_P}.tar.gz
+	https://dev.gentoo.org/~jer/arpwatch-patchset-${PATCH_VER}.tar.xz
+"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~hppa ~ppc ~sparc ~x86 ~x86-fbsd"
+IUSE="selinux"
+
+DEPEND="
+	net-libs/libpcap
+	sys-libs/ncurses:*
+"
+RDEPEND="
+	${DEPEND}
+	selinux? ( sec-policy/selinux-arpwatch )
+"
+
+S="${WORKDIR}/${MY_P}"
+
+pkg_setup() {
+	# We need to create /var/lib/arpwatch with this group, so it must
+	# exist during src_install.
+	enewgroup arpwatch
+}
+
+pkg_postinst() {
+	# The user, however, is not needed until runtime.
+	enewuser arpwatch -1 -1 -1 arpwatch
+}
+
+src_prepare() {
+	local patchdir="${WORKDIR}/arpwatch-patchset"
+
+	eapply "${patchdir}"/*.patch
+	eapply_user
+
+	cp "${patchdir}"/*.8 ./ || die "failed to copy man pages from ${patchdir}"
+}
+
+src_install () {
+	dosbin arpwatch arpsnmp arp2ethers massagevendor arpfetch bihourly.sh
+	doman arpwatch.8 arpsnmp.8 arp2ethers.8 massagevendor.8 arpfetch.8 bihourly.8
+
+	insinto /usr/share/arpwatch
+	doins ethercodes.dat
+
+	insinto /usr/share/arpwatch/awk
+	doins duplicates.awk euppertolower.awk p.awk e.awk d.awk
+
+	diropts --group=arpwatch --mode=770
+	dodir /var/lib/arpwatch
+	dodoc README CHANGES
+
+	newinitd "${FILESDIR}"/arpwatch.initd-r1 arpwatch
+	newconfd "${FILESDIR}"/arpwatch.confd-r1 arpwatch
+}

diff --git a/net-analyzer/arpwatch/files/arpwatch.confd-r1 b/net-analyzer/arpwatch/files/arpwatch.confd-r1
new file mode 100644
index 00000000000..a4da503406a
--- /dev/null
+++ b/net-analyzer/arpwatch/files/arpwatch.confd-r1
@@ -0,0 +1,17 @@
+# See arpwatch.8 for more information
+
+# Specify the interface for arpwatch to listen on here (default: lo).
+# If you need to listen on more than one interface, you should
+# run multiple arpwatch services; for example "arpwatch" and
+# "arpwatch.eth1". These additional services can be configured by
+# symlinking to the "arpwatch" service script, and by creating a new
+# conf.d file whose name matches the new service (symlink) name.
+#
+# Example:
+#
+# ARPWATCH_IFACE="eth0"
+#
+ARPWATCH_IFACE="lo"
+
+# Additional options to pass to arpwatch.
+ARPWATCH_OPTS="-N -p"

diff --git a/net-analyzer/arpwatch/files/arpwatch.initd-r1 b/net-analyzer/arpwatch/files/arpwatch.initd-r1
new file mode 100644
index 00000000000..ffe165205c6
--- /dev/null
+++ b/net-analyzer/arpwatch/files/arpwatch.initd-r1
@@ -0,0 +1,27 @@
+#!/sbin/openrc-run
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# Default to "lo" for the interface, so that the init script will work
+# out-of-the-box.
+: ${ARPWATCH_IFACE:=lo}
+
+ARPWATCH_DATAFILE="/var/lib/arpwatch/${RC_SVCNAME}.dat"
+
+command="/usr/sbin/arpwatch"
+pidfile="/run/${RC_SVCNAME}.pid"
+command_args="-i ${ARPWATCH_IFACE}
+              -u arpwatch
+              -f ${ARPWATCH_DATAFILE}
+              -P ${pidfile}
+              ${ARPWATCH_OPTS}"
+
+depend() {
+    need "net.${ARPWATCH_IFACE}"
+}
+
+start_pre() {
+    # The "arpwatch" user must be a member of the "arpwatch" group for
+    # this to work.
+    checkpath --file --owner root:arpwatch --mode 0660 "${ARPWATCH_DATAFILE}"
+}


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/arpwatch/, net-analyzer/arpwatch/files/
@ 2020-06-28 12:05 Jeroen Roovers
  0 siblings, 0 replies; 5+ messages in thread
From: Jeroen Roovers @ 2020-06-28 12:05 UTC (permalink / raw
  To: gentoo-commits

commit:     9207fdd5442a659ef9e18c75bad1eb277bb62ea5
Author:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Sun Jun 28 12:04:44 2020 +0000
Commit:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Sun Jun 28 12:05:37 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9207fdd5

net-analyzer/arpwatch: Install new conf.d/init.d scripts

Package-Manager: Portage-2.3.103, Repoman-2.3.23
Bug: https://bugs.gentoo.org/602552
Closes: https://bugs.gentoo.org/727220
Signed-off-by: Jeroen Roovers <jer <AT> gentoo.org>

 net-analyzer/arpwatch/arpwatch-3.1.ebuild     |  6 ++---
 net-analyzer/arpwatch/files/arpwatch.confd-r2 | 18 +++++++++++++++
 net-analyzer/arpwatch/files/arpwatch.initd-r2 | 33 +++++++++++++++++++++++++++
 3 files changed, 54 insertions(+), 3 deletions(-)

diff --git a/net-analyzer/arpwatch/arpwatch-3.1.ebuild b/net-analyzer/arpwatch/arpwatch-3.1.ebuild
index 92a1c502738..76be0e590a0 100644
--- a/net-analyzer/arpwatch/arpwatch-3.1.ebuild
+++ b/net-analyzer/arpwatch/arpwatch-3.1.ebuild
@@ -46,14 +46,14 @@ src_install() {
 	newins "${WORKDIR}"/ethercodes.dat-${ETHERCODES_DATE} ethercodes.dat
 
 	insinto /usr/share/arpwatch/awk
-	doins duplicates.awk euppertolower.awk p.awk e.awk d.awk
+	doins d.awk duplicates.awk e.awk euppertolower.awk p.awk
 
 	diropts --group=arpwatch --mode=770
 	keepdir /var/lib/arpwatch
 	dodoc README CHANGES
 
-	newinitd "${FILESDIR}"/arpwatch.initd-r1 arpwatch
-	newconfd "${FILESDIR}"/arpwatch.confd-r1 arpwatch
+	newconfd "${FILESDIR}"/arpwatch.confd-r2 arpwatch
+	newinitd "${FILESDIR}"/arpwatch.initd-r2 arpwatch
 }
 
 pkg_postinst() {

diff --git a/net-analyzer/arpwatch/files/arpwatch.confd-r2 b/net-analyzer/arpwatch/files/arpwatch.confd-r2
new file mode 100644
index 00000000000..2937349cdc8
--- /dev/null
+++ b/net-analyzer/arpwatch/files/arpwatch.confd-r2
@@ -0,0 +1,18 @@
+# See arpwatch.8 for more information
+
+# Specify the interface for arpwatch to listen on here (default: lo).
+# If you need to listen on more than one interface, you should
+# run multiple arpwatch services; for example "arpwatch" and
+# "arpwatch.eth1". These additional services can be configured by
+# symlinking to the "arpwatch" service script, and by creating a new
+# conf.d file whose name matches the new service (symlink) name.
+#
+# Example:
+#
+# ARPWATCH_IFACE="eth0"
+#
+ARPWATCH_IFACE="lo"
+
+# Additional options to pass to arpwatch.
+# See arpwatch(8)
+ARPWATCH_OPTS="-N -p"

diff --git a/net-analyzer/arpwatch/files/arpwatch.initd-r2 b/net-analyzer/arpwatch/files/arpwatch.initd-r2
new file mode 100644
index 00000000000..93438209e1f
--- /dev/null
+++ b/net-analyzer/arpwatch/files/arpwatch.initd-r2
@@ -0,0 +1,33 @@
+#!/sbin/openrc-run
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# Default to "lo" for the interface, so that the init script will work
+# out-of-the-box.
+: ${ARPWATCH_IFACE:=lo}
+
+ARPWATCH_DATAFILE="/var/lib/arpwatch/${RC_SVCNAME}.dat"
+
+command="/usr/sbin/arpwatch"
+pidfile="/run/${RC_SVCNAME}.pid"
+command_args="
+	-i ${ARPWATCH_IFACE}
+	-f ${ARPWATCH_DATAFILE}
+	-P ${pidfile}
+	${ARPWATCH_OPTS}
+"
+
+depend() {
+	if [ -f "/proc/net/vlan/${ARPWATCH_IFACE}" ]; then
+		_if=$(grep -i "device" /proc/net/vlan/${ARPWATCH_IFACE} |awk '{print $2;}')
+	else
+		_if=${ARPWATCH_IFACE}
+	fi
+	need "net.${_if}"
+}
+
+start_pre() {
+	# The "arpwatch" user must be a member of the "arpwatch" group for
+	# this to work.
+	checkpath --file --owner root:arpwatch --mode 0660 "${ARPWATCH_DATAFILE}"
+}


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/arpwatch/, net-analyzer/arpwatch/files/
@ 2021-03-15 20:20 Sam James
  0 siblings, 0 replies; 5+ messages in thread
From: Sam James @ 2021-03-15 20:20 UTC (permalink / raw
  To: gentoo-commits

commit:     8245121a7b25edc276225f09c134fe85da61b089
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Mar 15 20:19:46 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Mar 15 20:19:46 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8245121a

net-analyzer/arpwatch: install systemd unit

Thanks-to: Ryan James <rinkydinksrj <AT> gmail.com>
Closes: https://bugs.gentoo.org/648572
Package-Manager: Portage-3.0.14-prefix, Repoman-3.0.2
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../{arpwatch-3.1.ebuild => arpwatch-3.1-r1.ebuild}      |  8 ++++++--
 net-analyzer/arpwatch/files/arpwatch.conf                | 16 ++++++++++++++++
 net-analyzer/arpwatch/files/arpwatch.service             | 16 ++++++++++++++++
 3 files changed, 38 insertions(+), 2 deletions(-)

diff --git a/net-analyzer/arpwatch/arpwatch-3.1.ebuild b/net-analyzer/arpwatch/arpwatch-3.1-r1.ebuild
similarity index 92%
rename from net-analyzer/arpwatch/arpwatch-3.1.ebuild
rename to net-analyzer/arpwatch/arpwatch-3.1-r1.ebuild
index 64ae0f6ef45..bca29a3a678 100644
--- a/net-analyzer/arpwatch/arpwatch-3.1.ebuild
+++ b/net-analyzer/arpwatch/arpwatch-3.1-r1.ebuild
@@ -1,8 +1,9 @@
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2021 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
-inherit user
+
+inherit systemd user
 
 DESCRIPTION="An ethernet monitor program that keeps track of ethernet/IP address pairings"
 HOMEPAGE="https://ee.lbl.gov/"
@@ -60,6 +61,9 @@ src_install() {
 
 	newconfd "${FILESDIR}"/arpwatch.confd-r2 arpwatch
 	newinitd "${FILESDIR}"/arpwatch.initd-r2 arpwatch
+
+	systemd_dounit "${FILESDIR}/arpwatch.service"
+	systemd_install_serviced "${FILESDIR}/arpwatch.conf"
 }
 
 pkg_postinst() {

diff --git a/net-analyzer/arpwatch/files/arpwatch.conf b/net-analyzer/arpwatch/files/arpwatch.conf
new file mode 100644
index 00000000000..070f0edad80
--- /dev/null
+++ b/net-analyzer/arpwatch/files/arpwatch.conf
@@ -0,0 +1,16 @@
+# Config file for /etc/systemd/system/arpwatch
+# see arpwatch.8 for more information
+
+IFACES=-i eno1
+
+# Location of the PID file
+PIDFILE=-P /run/arpwatch.pid
+
+# Additional options to pass to arpwatch.
+OPTIONS=-N -p -Q -D
+
+# Where to store the data (default is /usr/share/arpwatch)
+DATA=-f /var/log/arpwatch/eno1.dat
+
+# Comment this line if you wish arpwatch to run as root user (not recommended)
+RUNUSER=-u arpwatch

diff --git a/net-analyzer/arpwatch/files/arpwatch.service b/net-analyzer/arpwatch/files/arpwatch.service
new file mode 100644
index 00000000000..943e3146f8d
--- /dev/null
+++ b/net-analyzer/arpwatch/files/arpwatch.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=Ethernet monitoring program that tracks net/IP pairings
+Documentation=man:arpwatch(8)
+Conflicts=
+After=systemd-networkd.service
+
+PIDFILE=/run/arpwatch.pid
+
+[Service]
+Type=forking
+ExecStartPre=/bin/rm -f /run/arpwatch.pid
+ExecStart=/usr/sbin/arpwatch $IFACES $PIDFILE $RUNUSER $OPTIONS $DATA
+Restart=on-abort
+
+[Install]
+Alias=arpwatchd.service


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/arpwatch/, net-analyzer/arpwatch/files/
@ 2021-03-26 17:00 Sam James
  0 siblings, 0 replies; 5+ messages in thread
From: Sam James @ 2021-03-26 17:00 UTC (permalink / raw
  To: gentoo-commits

commit:     1c8b5ee4a597632da6f3c60409aa278eed849d7f
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 26 16:57:38 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Mar 26 16:57:38 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c8b5ee4

net-analyzer/arpwatch: drop 2.1.15-r11

Closes: https://bugs.gentoo.org/776511
Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-analyzer/arpwatch/Manifest                   |  2 -
 net-analyzer/arpwatch/arpwatch-2.1.15-r11.ebuild | 86 ------------------------
 net-analyzer/arpwatch/files/arpwatch.confd-r1    | 17 -----
 net-analyzer/arpwatch/files/arpwatch.initd-r1    | 27 --------
 4 files changed, 132 deletions(-)

diff --git a/net-analyzer/arpwatch/Manifest b/net-analyzer/arpwatch/Manifest
index 11122304499..088fa9a89b1 100644
--- a/net-analyzer/arpwatch/Manifest
+++ b/net-analyzer/arpwatch/Manifest
@@ -1,4 +1,2 @@
-DIST arpwatch-2.1a15.tar.gz 202729 BLAKE2B b583dea83c57a55b8705f0265c1324de270571468dc9f2e1d5351fd53340f7636f1d00e3de24caa9747384697721e6227e5e6de4b3827e5ac7adef4ce524fffd SHA512 f770b5b7954afe910dafb016e6e886a4e785564bcdc0ea0de9d7b1ca6a9a0b219a9d1b50b6f42a67afc2f836e782e8ff85ba5780583015d62c9694ac53f0bf90
 DIST arpwatch-3.1.tar.gz 117196 BLAKE2B 35afd3dc563ebbc8136000d5c2d53da85b9615df5cbe8a3da5b77f20da7cbee706f6fd404c2bda6f3626aaa496d9ec9439596acbdfd559c01b8c0d01d6703e46 SHA512 2e6f6e388e1828e34626e36356a89f3bc95d268b9242955d6636ac05041bcf533e7625ed73b37b6ea5eab8cfed54b8c483547556c98664efff63c18639efa282
-DIST arpwatch-patchset-0.8.tar.xz 131692 BLAKE2B 8db242f7c74c8fee0700e12e8ff028fcaa336e5feb61514b44a892a132779c11d1ca3ce2fabee3cbcbbdcb0dae0ed470daa786a91619c18e24066f11da126bc4 SHA512 3e8f1c043f09fbeacadb40c1db47fb907314ed18bb3fb506c6c510977fd0e6dd9950becc830cf7c10911a7eec97e56e0af8c8c3d7df811e8ab820290973ea0b0
 DIST ethercodes.dat-20200628.xz 239028 BLAKE2B e702b9109ef3ccce73e2637f96126bf19e7dfa533774c0bd623042b3609f147981263b84397ec155a65ae12fa57247c32644e1e7e57c2c749ef768156d853027 SHA512 2edc05d384f387e6b43d07da99038625f9c55c8044b5a48d1bcf9f657df691bf413a97fb9ca915f04dbdafab23f919edd15d906c4ce8bff12be0b255a6717f07

diff --git a/net-analyzer/arpwatch/arpwatch-2.1.15-r11.ebuild b/net-analyzer/arpwatch/arpwatch-2.1.15-r11.ebuild
deleted file mode 100644
index b11099a9314..00000000000
--- a/net-analyzer/arpwatch/arpwatch-2.1.15-r11.ebuild
+++ /dev/null
@@ -1,86 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-inherit user versionator
-
-PATCH_VER="0.8"
-MY_P="${PN}-$(replace_version_separator 2 'a')"
-
-DESCRIPTION="An ethernet monitor program that keeps track of ethernet/IP address pairings"
-HOMEPAGE="https://ee.lbl.gov/"
-SRC_URI="
-	https://ee.lbl.gov/downloads/arpwatch/${MY_P}.tar.gz
-	https://dev.gentoo.org/~jer/arpwatch-patchset-${PATCH_VER}.tar.xz
-"
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-KEYWORDS="amd64 ~hppa ppc sparc x86"
-IUSE="selinux"
-
-DEPEND="
-	net-libs/libpcap
-	sys-libs/ncurses:*
-"
-RDEPEND="
-	${DEPEND}
-	selinux? ( sec-policy/selinux-arpwatch )
-"
-
-S="${WORKDIR}/${MY_P}"
-
-pkg_setup() {
-	# We need to create /var/lib/arpwatch with this group, so it must
-	# exist during src_install.
-	enewgroup arpwatch
-}
-
-pkg_postinst() {
-	# The user, however, is not needed until runtime.
-	enewuser arpwatch -1 -1 -1 arpwatch
-}
-
-src_prepare() {
-	local patchdir="${WORKDIR}/arpwatch-patchset"
-
-	eapply "${patchdir}"/*.patch
-	eapply_user
-
-	cp "${patchdir}"/*.8 ./ || die "failed to copy man pages from ${patchdir}"
-}
-
-src_install() {
-	dosbin arpwatch arpsnmp arp2ethers massagevendor arpfetch bihourly.sh
-	doman arpwatch.8 arpsnmp.8 arp2ethers.8 massagevendor.8 arpfetch.8 bihourly.8
-
-	insinto /usr/share/arpwatch
-	doins ethercodes.dat
-
-	insinto /usr/share/arpwatch/awk
-	doins duplicates.awk euppertolower.awk p.awk e.awk d.awk
-
-	diropts --group=arpwatch --mode=770
-	keepdir /var/lib/arpwatch
-	dodoc README CHANGES
-
-	newinitd "${FILESDIR}"/arpwatch.initd-r1 arpwatch
-	newconfd "${FILESDIR}"/arpwatch.confd-r1 arpwatch
-}
-
-pkg_postinst() {
-	# Previous revisions installed /var/lib/arpwatch with the wrong
-	# ownership. Instead of the intended arpwatch:root, it was left as
-	# root:root. If we find any such mis-owned directories, we fix them,
-	# and then set the permission bits how we want them in *this*
-	# revision.
-	#
-	# The "--from" flag ensures that we only fix directories that need
-	# fixing, and the "&& chmod" ensures that we only adjust the
-	# permissions if the owner also needed fixing.
-	chown --from=root:root \
-		  --no-dereference \
-		  :arpwatch \
-		  "${ROOT}"/var/lib/arpwatch && \
-		chmod 770 "${ROOT}"/var/lib/arpwatch
-}

diff --git a/net-analyzer/arpwatch/files/arpwatch.confd-r1 b/net-analyzer/arpwatch/files/arpwatch.confd-r1
deleted file mode 100644
index a4da503406a..00000000000
--- a/net-analyzer/arpwatch/files/arpwatch.confd-r1
+++ /dev/null
@@ -1,17 +0,0 @@
-# See arpwatch.8 for more information
-
-# Specify the interface for arpwatch to listen on here (default: lo).
-# If you need to listen on more than one interface, you should
-# run multiple arpwatch services; for example "arpwatch" and
-# "arpwatch.eth1". These additional services can be configured by
-# symlinking to the "arpwatch" service script, and by creating a new
-# conf.d file whose name matches the new service (symlink) name.
-#
-# Example:
-#
-# ARPWATCH_IFACE="eth0"
-#
-ARPWATCH_IFACE="lo"
-
-# Additional options to pass to arpwatch.
-ARPWATCH_OPTS="-N -p"

diff --git a/net-analyzer/arpwatch/files/arpwatch.initd-r1 b/net-analyzer/arpwatch/files/arpwatch.initd-r1
deleted file mode 100644
index ffe165205c6..00000000000
--- a/net-analyzer/arpwatch/files/arpwatch.initd-r1
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# Default to "lo" for the interface, so that the init script will work
-# out-of-the-box.
-: ${ARPWATCH_IFACE:=lo}
-
-ARPWATCH_DATAFILE="/var/lib/arpwatch/${RC_SVCNAME}.dat"
-
-command="/usr/sbin/arpwatch"
-pidfile="/run/${RC_SVCNAME}.pid"
-command_args="-i ${ARPWATCH_IFACE}
-              -u arpwatch
-              -f ${ARPWATCH_DATAFILE}
-              -P ${pidfile}
-              ${ARPWATCH_OPTS}"
-
-depend() {
-    need "net.${ARPWATCH_IFACE}"
-}
-
-start_pre() {
-    # The "arpwatch" user must be a member of the "arpwatch" group for
-    # this to work.
-    checkpath --file --owner root:arpwatch --mode 0660 "${ARPWATCH_DATAFILE}"
-}


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/arpwatch/, net-analyzer/arpwatch/files/
@ 2023-12-05 10:32 Sam James
  0 siblings, 0 replies; 5+ messages in thread
From: Sam James @ 2023-12-05 10:32 UTC (permalink / raw
  To: gentoo-commits

commit:     e2b221825348c4264fc6cb7420d391d1d0110a09
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Dec  5 08:50:06 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Dec  5 10:32:04 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e2b22182

net-analyzer/arpwatch: add 3.5

Closes: https://bugs.gentoo.org/829633
Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-analyzer/arpwatch/Manifest                     |  1 +
 net-analyzer/arpwatch/arpwatch-3.5.ebuild          | 83 ++++++++++++++++++++++
 .../0001-Fix-configure-check-for-time.h.patch      | 36 ++++++++++
 ...void-using-undocumented-internals-for-DNS.patch | 35 +++++++++
 4 files changed, 155 insertions(+)

diff --git a/net-analyzer/arpwatch/Manifest b/net-analyzer/arpwatch/Manifest
index 088fa9a89b1b..53e3f2db8fe8 100644
--- a/net-analyzer/arpwatch/Manifest
+++ b/net-analyzer/arpwatch/Manifest
@@ -1,2 +1,3 @@
 DIST arpwatch-3.1.tar.gz 117196 BLAKE2B 35afd3dc563ebbc8136000d5c2d53da85b9615df5cbe8a3da5b77f20da7cbee706f6fd404c2bda6f3626aaa496d9ec9439596acbdfd559c01b8c0d01d6703e46 SHA512 2e6f6e388e1828e34626e36356a89f3bc95d268b9242955d6636ac05041bcf533e7625ed73b37b6ea5eab8cfed54b8c483547556c98664efff63c18639efa282
+DIST arpwatch-3.5.tar.gz 117594 BLAKE2B 73b979ec279e5bf5baaeac05949e1bddf08cd9c3c7afcd29b37991ba55ba2bb8968b57b407eb571ec52871017372f479e586ba84b0f1aee67331ce7617309fb8 SHA512 e46b350c483f0e7c873eb177be337f238b2db3d859d8b305df5a74d9d97ca449750f9ed50a99c5d4c51618e22747731d70ceb3f13aae39c39d258b960258fb88
 DIST ethercodes.dat-20200628.xz 239028 BLAKE2B e702b9109ef3ccce73e2637f96126bf19e7dfa533774c0bd623042b3609f147981263b84397ec155a65ae12fa57247c32644e1e7e57c2c749ef768156d853027 SHA512 2edc05d384f387e6b43d07da99038625f9c55c8044b5a48d1bcf9f657df691bf413a97fb9ca915f04dbdafab23f919edd15d906c4ce8bff12be0b255a6717f07

diff --git a/net-analyzer/arpwatch/arpwatch-3.5.ebuild b/net-analyzer/arpwatch/arpwatch-3.5.ebuild
new file mode 100644
index 000000000000..3f5e19029ce9
--- /dev/null
+++ b/net-analyzer/arpwatch/arpwatch-3.5.ebuild
@@ -0,0 +1,83 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit autotools systemd
+
+ETHERCODES_DATE=20200628
+DESCRIPTION="An ethernet monitor program that keeps track of ethernet/IP address pairings"
+HOMEPAGE="https://ee.lbl.gov/"
+SRC_URI="
+	https://ee.lbl.gov/downloads/${PN}/${P}.tar.gz
+	https://dev.gentoo.org/~jsmolic/distfiles/ethercodes.dat-${ETHERCODES_DATE}.xz
+"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~hppa ~ppc ~riscv ~sparc ~x86"
+IUSE="selinux"
+
+DEPEND="
+	acct-group/arpwatch
+	net-libs/libpcap
+	sys-libs/ncurses:=
+"
+RDEPEND="
+	${DEPEND}
+	acct-user/arpwatch
+	virtual/mta
+	selinux? ( sec-policy/selinux-arpwatch )
+"
+
+PATCHES=(
+	# sent upstream on 2023-12-05
+	"${FILESDIR}"/0001-Fix-configure-check-for-time.h.patch
+	"${FILESDIR}"/0002-Avoid-using-undocumented-internals-for-DNS.patch
+)
+
+src_prepare() {
+	default
+
+	# Temporary for 0001-Fix-configure-check-for-time.h.patch
+	eautoreconf
+}
+
+src_install() {
+	dosbin arp2ethers arpfetch arpsnmp arpwatch bihourly.sh massagevendor.py update-ethercodes.sh
+	doman arpsnmp.8 arpwatch.8
+
+	insinto /usr/share/arpwatch
+	newins "${WORKDIR}"/ethercodes.dat-${ETHERCODES_DATE} ethercodes.dat
+
+	insinto /usr/share/arpwatch/awk
+	doins d.awk duplicates.awk e.awk euppertolower.awk p.awk
+
+	diropts --group=arpwatch --mode=770
+	keepdir /var/lib/arpwatch
+	dodoc README CHANGES
+
+	newconfd "${FILESDIR}"/arpwatch.confd-r2 arpwatch
+	newinitd "${FILESDIR}"/arpwatch.initd-r2 arpwatch
+
+	systemd_dounit "${FILESDIR}/arpwatch.service"
+	systemd_install_serviced "${FILESDIR}/arpwatch.conf"
+}
+
+pkg_postinst() {
+	# Previous revisions installed /var/lib/arpwatch with the wrong
+	# ownership. Instead of the intended arpwatch:root, it was left as
+	# root:root. If we find any such mis-owned directories, we fix them,
+	# and then set the permission bits how we want them in *this*
+	# revision.
+	#
+	# The "--from" flag ensures that we only fix directories that need
+	# fixing, and the "&& chmod" ensures that we only adjust the
+	# permissions if the owner also needed fixing.
+	chown \
+		--from=root:root \
+		--no-dereference \
+		:arpwatch \
+		"${ROOT}"/var/lib/arpwatch && \
+		chmod 770 "${ROOT}"/var/lib/arpwatch
+}

diff --git a/net-analyzer/arpwatch/files/0001-Fix-configure-check-for-time.h.patch b/net-analyzer/arpwatch/files/0001-Fix-configure-check-for-time.h.patch
new file mode 100644
index 000000000000..4c6b1466a452
--- /dev/null
+++ b/net-analyzer/arpwatch/files/0001-Fix-configure-check-for-time.h.patch
@@ -0,0 +1,36 @@
+sent upstream on 2023-12-05
+
+From ea63ce2240a9be492086a56921c644533c740924 Mon Sep 17 00:00:00 2001
+From: Sam James <sam@gentoo.org>
+Date: Tue, 5 Dec 2023 08:39:39 +0000
+Subject: [PATCH 1/2] Fix configure check for time.h
+
+Otherwise, we get an implicit function declaration warning/error (with Clang 16,
+GCC 14) for localtime.
+
+Signed-off-by: Sam James <sam@gentoo.org>
+--- a/configure.in
++++ b/configure.in
+@@ -21,7 +21,7 @@ fi
+ AC_LBL_C_INIT(V_CCOPT, V_INCLS)
+ AC_PROG_INSTALL
+ 
+-AC_CHECK_HEADERS(fcntl.h memory.h)
++AC_CHECK_HEADERS(fcntl.h memory.h time.h)
+ 
+ dnl
+ dnl Install rc.d script on FreeBSD
+--- a/report.c
++++ b/report.c
+@@ -59,7 +59,7 @@ struct rtentry;
+ #include <stdlib.h>
+ #include <string.h>
+ #include <syslog.h>
+-#ifdef TIME_WITH_SYS_TIME
++#ifdef HAVE_TIME_H
+ #include <time.h>
+ #endif
+ #include <unistd.h>
+-- 
+2.43.0
+

diff --git a/net-analyzer/arpwatch/files/0002-Avoid-using-undocumented-internals-for-DNS.patch b/net-analyzer/arpwatch/files/0002-Avoid-using-undocumented-internals-for-DNS.patch
new file mode 100644
index 000000000000..127c46c67abf
--- /dev/null
+++ b/net-analyzer/arpwatch/files/0002-Avoid-using-undocumented-internals-for-DNS.patch
@@ -0,0 +1,35 @@
+sent upstream on 2023-12-05
+
+From 957425ec7ca2714a4c31431f4746da7644a7f4e9 Mon Sep 17 00:00:00 2001
+From: Sam James <sam@gentoo.org>
+Date: Tue, 5 Dec 2023 08:40:31 +0000
+Subject: [PATCH 2/2] Avoid using undocumented internals for DNS
+
+_getshort is a reserved internal function and is deprecated per
+glibc's resolv.h at least.
+
+Use ns_get32 instead as recommended by the deprecation warning.
+
+This also fixes an implicit function declaration warning/error with
+Clang 16 / GCC 14.
+
+Bug: https://bugs.gentoo.org/829633
+Signed-off-by: Sam James <sam@gentoo.org>
+--- a/dns.c
++++ b/dns.c
+@@ -115,10 +115,10 @@ gethinfo(char *hostname, char *cpu, int cpulen, char *os, int oslen)
+ 		    (u_char *)cp, (char *)bp, buflen)) < 0)
+ 			break;
+ 		cp += n;
+-		type = _getshort(cp);
++		type = ns_get32(cp);
+ 		cp += sizeof(u_short);			/* class */
+ 		cp += sizeof(u_short) + sizeof(u_int32_t);
+-		n = _getshort(cp);
++		n = ns_get32(cp);
+ 		cp += sizeof(u_short);
+ 		if (type == T_HINFO) {
+ 			/* Unpack */
+-- 
+2.43.0
+


^ permalink raw reply related	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2023-12-05 10:32 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-03-15 20:20 [gentoo-commits] repo/gentoo:master commit in: net-analyzer/arpwatch/, net-analyzer/arpwatch/files/ Sam James
  -- strict thread matches above, loose matches on Subject: below --
2023-12-05 10:32 Sam James
2021-03-26 17:00 Sam James
2020-06-28 12:05 Jeroen Roovers
2017-10-22 17:41 Michael Orlitzky

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox