Debian Patches

Status for arpwatch/2.1a15-8.1

Patch Description Author Forwarded Bugs Origin Last update
005_awkpath installed arpwatch's *.awk scripts into /usr/lib/arpwatch and edited massagevendor to set AWKPATH before running awk Craig Sanders <> no
008_addresses-h_arpwatch-conf a file that likely shouldn't be here no
009_bihourly_bihourly-sh made an example Craig Sanders <> no
05debian_fhs fix paths to conform to FHS KELEMEN Pter <> no
06debian_manpages fix manpages KELEMEN Pter <> no
07debian_srcdir fix Debian srcdir KELEMEN Pter <> no
10getopt_patchable prepare for the simple addition of options through patches Axel Beckert <> no 2015-06-13
11opt_sendmail_path option -s to specify the path to sendmail KELEMEN Pter <> no
12opt_nopromisc option -p to disable promiscuous operation KELEMEN Pter <> no
13opt_allsubnets add option -a to allow monitoring bogons
Patch updated by Lukas Schwaighofer <> to
improve the description of the -a flag in the man page
KELEMEN Pter <> no
14opt_mailto optoin -m to specify the e-mail address for reports KELEMEN Pter <> no
15opt_username options -u and -R -u to drop root privileges and change the UID to username
-R to restart in s seconds after the interface went down
KELEMEN Pter <> no
16opt_quiet option -Q prevents arpwatch from sending reports by mail KELEMEN Pter <> no
17opt_ignorenet add option -z ignorenet/ignoremask Used to set a range of ip addresses to ignore (such as a DHCP range).
Netmask is specified as
Sebastian Reichelt <> no debian
21arp2ethers Debian changes to arp2ethers - Use sh(1) instead of csh(1)
- Use next instead of continue in included p.awk
- Use a default file or the one provided in the command line
KELEMEN Pter <> no
22secure_tempfile use secure tempfiles two cases of insecure tempfile usage no longer apply, as arpfetch
was changed between 2.1a13 and 2.1a15
KELEMEN Pter <> no
24from_field include host name in From: field no
25ignore_zero_ip ignore KELEMEN Pter <> no
26unconf_iface assume unconfigured interface rather than exit
if the interface is unconfigured, arpwatch can still work as normal.
Only automatically detecting which packets do not belong to the
configured subnet (bogons) is not possible.

To allow for useful bogon processing nonetheless, we set an impossible
net/netmask combination; networks can instead be added using the -n

Based on a patch from KELEMEN Pter <>
Lukas Schwaighofer <> no
33_bug315215_zero-pad-MAC ethernet address format fix Enclosed is a patch to make the format of the ethernet MAC addresses
that arpwatch prints match the format used by other tools (like ifconfig
and dhcpd). This makes it easier to, for example, copy the mac address
from the arpwatch email and paste it into a grep.
Mark Ferlatte <> no
35_bug289426_arpwatch-interface #289426 interface not read from arp.dat In the file_loop function, the interface variable is not initialized when it is
passed to fn (which is ent_add). Actually, the interface is not even read.
Sebastian Reichelt <> no
37_bug288994_arpwatch-subject #288994 display ip in subject if hostname unknown This is a very simple patch to display the IP address in the subject in
case no hostname is known. A subject line such as "new station eth0" is not
only very uninformative, but also quite confusing at the beginning.
Sebastian Reichelt <> no
39_bug674715-initgroups-ldflags changes from 2.1a15-1.2 NMU * Fix initgroups() adding the gid 0 group to the list. Instead of dropping
privileges it was in fact adding it. This is CVE-2012-2653. closes: #674715
* add LDFLAGS support.
Yves-Alexis Perez <> no
41_bug705894-long-hostnames fix buffer overflow with long hostnames (the rest of the patch is in debian/patches/13opt_allsubnets) Christoph Biedl <> no debian
42_pass-CPPFLAGS Pass $CPPFLAGS to C compiler, too. Fixes lintian warning hardening-no-fortify-functions. Axel Beckert <> no
43_fix-sort-plus-column-usage-in-arp2ethers Fix no more working "sort +<n>" syntax in arp2ethers (Yes, the "2" needs to be replaced with at "3". See
Axel Beckert <> no debian
44_netinet-if_ether.h-is-part-of-libc6-dev.patch netinet/if_ether.h is part of libc6-dev
the header files which are part of libc6-dev apply the __packed__
attribute to struct ether_header correctly; no dependency required as
libc6-dev is part of build-essential
Lukas Schwaighofer <> no 2017-03-21
45_ignore-802.1q-vlan-frames.patch ignore 802.1q (vlan) frames
these frames are not parsed correctly by arpwatch as it does not account
for the 2 octets offset; therefore we ignore them completely, they can
still be watched by adding a vlan interface and running arpwatch there
as well
Lukas Schwaighofer <> no 2017-03-21 fix errors for autoreconf
- enclose AC_CACHE_VAL parameters in square brackets
- AC_LBL_CHECK_TYPE without parameters is meaningless, removed
Lukas Schwaighofer <> no 2017-03-26
48_massagevendor-needs-GNU-awk-minor-fixes.patch massagevendor needs GNU awk, minor fixes
* massagevendor does not work with mawk, make sure we use gawk by
explicitly calling it
* older versions of ieee-data have slightly different whitespace, make
sure the script works in both cases
Lukas Schwaighofer <> no 2017-03-27 create sbin dir
patch to create the sbin dir if it does not already exist
Lukas Schwaighofer <> no 2017-04-06
50_change-N-to-only-stop-reporting-bogons.patch change -N to only stop reporting bogons
the -N option does not disable bogon reporting, as advertised by the man
page, but completely disables bogon detection instead. That means
packages detected as bogons previously are processed just as packets
part of the local subnet if the -N option is in use.
Lukas Schwaighofer <> no 2017-04-11
51_exit-with-status-0-when-stopping-with-SIGTERM.patch exit with status 0 when stopping with SIGTERM With this patch systemd can distinguish an unclean shutdown from a clean one.
This is useful for implementing an automatic restart in case arpwatch crashes.
52_allow-specifying-a-custom-pcap-filter.patch allow specifying a custom pcap filter
Giving the user an option to specify a custom pcap filter is both very
versatile (can be used to satisfy the request from multiple wishlist bugs) and
little intrusive (the code is only run during startup) addition.

Slightly adjusted by Lukas Schwaighofer <> from the
patch submitted by Stefan Voelkel <> to the Debian BTS.
Stefan Voelkel <> no debian
53_stop-using-_getshort.patch replace private function _getshort with ns_get16 _getshort is a private function, triggers a build log warning because it's
not present in any header file. We switch to the functionally equivalent
Lukas Schwaighofer <> no
54_makefile-dont-change-permissions.patch Don't modify file permissions on Makefile, debhelper will set the correct ones And this allows for a nonroot build (Rules-Requires-Root: no)
Samuel Henrique <> not-needed

All known versions for source package 'arpwatch'