diff --git a/0002-hdparam-Remove-security_password-printing.patch b/0002-hdparam-Remove-security_password-printing.patch new file mode 100644 index 0000000000000000000000000000000000000000..3a319d2414e5415eea1fa50eef6548e85fd4e2e2 --- /dev/null +++ b/0002-hdparam-Remove-security_password-printing.patch @@ -0,0 +1,50 @@ +From deaa52e44c5464a8360e540d7b35895bc51e5143 Mon Sep 17 00:00:00 2001 +From: Wenchao Hao +Date: Mon, 30 Nov 2020 17:29:55 +0800 +Subject: [PATCH] hdparam: Remove security_password printing + +In consideration of security, passwd should not printed +in log, so this commit remove security_password printing +in code. + +Signed-off-by: Wenchao Hao +Signed-off-by: volcanodragon +--- + hdparm.c | 15 ++------------- + 1 file changed, 2 insertions(+), 13 deletions(-) + +diff --git a/hdparm.c b/hdparm.c +index 8045c87..3282d93 100644 +--- a/hdparm.c ++++ b/hdparm.c +@@ -989,8 +989,8 @@ do_set_security (int fd) + exit(EINVAL); + } + if (!quiet) { +- printf(" Issuing %s command, password=\"%s\", user=%s", +- description, security_password, (data[0] & 1) ? "master" : "user"); ++ printf(" Issuing %s command, user=%s", ++ description, (data[0] & 1) ? "master" : "user"); + if (security_command == ATA_OP_SECURITY_SET_PASS) + printf(", mode=%s", data[1] ? "max" : "high"); + printf("\n"); +@@ -3004,17 +3004,6 @@ static void get_security_password (int handle_NULL) + } else if (!handle_NULL || strcmp(argp, "NULL")) { + strcpy(security_password, argp); + } +- printf("security_password:"); +- if (!binary_passwd) { +- printf(" \"%s\"\n", security_password); +- } else { +- unsigned int i; +- for (i = 0; i < maxlen; ++i) { +- unsigned char c = security_password[i]; +- printf(" %02x", c); +- } +- putchar('\n'); +- } + while (*argp) + ++argp; + } +-- +2.27.0 \ No newline at end of file diff --git a/hdparm.spec b/hdparm.spec index 017b515c82595acc4f66711611dde2b69bc00a1f..5475f6257403c87ffee3cd19cf551e153f6c8c35 100644 --- a/hdparm.spec +++ b/hdparm.spec @@ -1,11 +1,12 @@ Name: hdparm Version: 9.62 -Release: 1 +Release: 2 Summary: A system utility for setting or showing hard drive parameters License: BSD URL: https://sourceforge.net/projects/%{name}/ Source0: https://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz Patch1: 0001-hdparm-fallocate-close-fd.patch +Patch2: 0002-hdparam-Remove-security_password-printing.patch BuildRequires: gcc @@ -42,6 +43,9 @@ install -c -m 644 hdparm.8 $RPM_BUILD_ROOT/%{_mandir}/man8 %{_mandir}/man8/hdparm.8* %changelog +* Sat Jan 22 2022 volcanodragon 9.62-2 +- delete passwd print for security + * Tue Nov 23 2021 Li Jinlin 9.62-1 - upgrade package to 9.62