From 810634c7faea0c8aaa23ba784cbf563d8a26a145 Mon Sep 17 00:00:00 2001 From: linfeilong835 Date: Sat, 22 Jan 2022 03:32:22 +0000 Subject: [PATCH 1/4] add 9001-hdparam-Remove-security_password-printing.patch. --- ...am-Remove-security_password-printing.patch | 50 +++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 9001-hdparam-Remove-security_password-printing.patch diff --git a/9001-hdparam-Remove-security_password-printing.patch b/9001-hdparam-Remove-security_password-printing.patch new file mode 100644 index 0000000..3a319d2 --- /dev/null +++ b/9001-hdparam-Remove-security_password-printing.patch @@ -0,0 +1,50 @@ +From deaa52e44c5464a8360e540d7b35895bc51e5143 Mon Sep 17 00:00:00 2001 +From: Wenchao Hao +Date: Mon, 30 Nov 2020 17:29:55 +0800 +Subject: [PATCH] hdparam: Remove security_password printing + +In consideration of security, passwd should not printed +in log, so this commit remove security_password printing +in code. + +Signed-off-by: Wenchao Hao +Signed-off-by: volcanodragon +--- + hdparm.c | 15 ++------------- + 1 file changed, 2 insertions(+), 13 deletions(-) + +diff --git a/hdparm.c b/hdparm.c +index 8045c87..3282d93 100644 +--- a/hdparm.c ++++ b/hdparm.c +@@ -989,8 +989,8 @@ do_set_security (int fd) + exit(EINVAL); + } + if (!quiet) { +- printf(" Issuing %s command, password=\"%s\", user=%s", +- description, security_password, (data[0] & 1) ? "master" : "user"); ++ printf(" Issuing %s command, user=%s", ++ description, (data[0] & 1) ? "master" : "user"); + if (security_command == ATA_OP_SECURITY_SET_PASS) + printf(", mode=%s", data[1] ? "max" : "high"); + printf("\n"); +@@ -3004,17 +3004,6 @@ static void get_security_password (int handle_NULL) + } else if (!handle_NULL || strcmp(argp, "NULL")) { + strcpy(security_password, argp); + } +- printf("security_password:"); +- if (!binary_passwd) { +- printf(" \"%s\"\n", security_password); +- } else { +- unsigned int i; +- for (i = 0; i < maxlen; ++i) { +- unsigned char c = security_password[i]; +- printf(" %02x", c); +- } +- putchar('\n'); +- } + while (*argp) + ++argp; + } +-- +2.27.0 \ No newline at end of file -- Gitee From ad12631fbfdf326846731a544f04582658354889 Mon Sep 17 00:00:00 2001 From: linfeilong835 Date: Sat, 22 Jan 2022 03:36:44 +0000 Subject: [PATCH 2/4] update hdparm.spec. --- hdparm.spec | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/hdparm.spec b/hdparm.spec index c4a1be7..9014c2c 100644 --- a/hdparm.spec +++ b/hdparm.spec @@ -1,11 +1,12 @@ Name: hdparm Version: 9.58 -Release: 1 +Release: 2 Summary: A system utility for setting or showing hard drive parameters License: BSD URL: https://sourceforge.net/projects/%{name}/ Source0: https://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz Patch9000: 9000-hdparm-fallocate-close-fd.patch +Patch9001: 9001-hdparam-Remove-security_password-printing.patch BuildRequires: gcc git @@ -42,6 +43,12 @@ install -c -m 644 hdparm.8 $RPM_BUILD_ROOT/%{_mandir}/man8 %{_mandir}/man8/hdparm.8* %changelog +* Sat Jan 22 2022 linfeilong - 9.58-2 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:delete password print for security + * Tue Apr 14 2020 linfeilong - 9.58-1 - Type:enhancement - ID:NA -- Gitee From ce90f6638cc9a39cdb48496757b8247050790b50 Mon Sep 17 00:00:00 2001 From: linfeilong835 Date: Sat, 22 Jan 2022 06:52:49 +0000 Subject: [PATCH 3/4] update 9001-hdparam-Remove-security_password-printing.patch. --- 9001-hdparam-Remove-security_password-printing.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9001-hdparam-Remove-security_password-printing.patch b/9001-hdparam-Remove-security_password-printing.patch index 3a319d2..7b9d52d 100644 --- a/9001-hdparam-Remove-security_password-printing.patch +++ b/9001-hdparam-Remove-security_password-printing.patch @@ -47,4 +47,4 @@ index 8045c87..3282d93 100644 ++argp; } -- -2.27.0 \ No newline at end of file +1.8.3.1 -- Gitee From 7cd3b31c4ba87f4392cd21b413738d3f43271064 Mon Sep 17 00:00:00 2001 From: volcanodragon Date: Sat, 22 Jan 2022 15:20:50 +0800 Subject: [PATCH 4/4] fix patch error --- ...am-Remove-security_password-printing.patch | 101 +++++++++--------- 1 file changed, 51 insertions(+), 50 deletions(-) diff --git a/9001-hdparam-Remove-security_password-printing.patch b/9001-hdparam-Remove-security_password-printing.patch index 7b9d52d..d09b0dc 100644 --- a/9001-hdparam-Remove-security_password-printing.patch +++ b/9001-hdparam-Remove-security_password-printing.patch @@ -1,50 +1,51 @@ -From deaa52e44c5464a8360e540d7b35895bc51e5143 Mon Sep 17 00:00:00 2001 -From: Wenchao Hao -Date: Mon, 30 Nov 2020 17:29:55 +0800 -Subject: [PATCH] hdparam: Remove security_password printing - -In consideration of security, passwd should not printed -in log, so this commit remove security_password printing -in code. - -Signed-off-by: Wenchao Hao -Signed-off-by: volcanodragon ---- - hdparm.c | 15 ++------------- - 1 file changed, 2 insertions(+), 13 deletions(-) - -diff --git a/hdparm.c b/hdparm.c -index 8045c87..3282d93 100644 ---- a/hdparm.c -+++ b/hdparm.c -@@ -989,8 +989,8 @@ do_set_security (int fd) - exit(EINVAL); - } - if (!quiet) { -- printf(" Issuing %s command, password=\"%s\", user=%s", -- description, security_password, (data[0] & 1) ? "master" : "user"); -+ printf(" Issuing %s command, user=%s", -+ description, (data[0] & 1) ? "master" : "user"); - if (security_command == ATA_OP_SECURITY_SET_PASS) - printf(", mode=%s", data[1] ? "max" : "high"); - printf("\n"); -@@ -3004,17 +3004,6 @@ static void get_security_password (int handle_NULL) - } else if (!handle_NULL || strcmp(argp, "NULL")) { - strcpy(security_password, argp); - } -- printf("security_password:"); -- if (!binary_passwd) { -- printf(" \"%s\"\n", security_password); -- } else { -- unsigned int i; -- for (i = 0; i < maxlen; ++i) { -- unsigned char c = security_password[i]; -- printf(" %02x", c); -- } -- putchar('\n'); -- } - while (*argp) - ++argp; - } --- -1.8.3.1 +From deaa52e44c5464a8360e540d7b35895bc51e5143 Mon Sep 17 00:00:00 2001 +From: Wenchao Hao +Date: Mon, 30 Nov 2020 17:29:55 +0800 +Subject: [PATCH] hdparam: Remove security_password printing + +In consideration of security, passwd should not printed +in log, so this commit remove security_password printing +in code. + +Signed-off-by: Wenchao Hao +Signed-off-by: volcanodragon +--- + hdparm.c | 15 ++------------- + 1 file changed, 2 insertions(+), 13 deletions(-) + +diff --git a/hdparm.c b/hdparm.c +index 8045c87..3282d93 100644 +--- a/hdparm.c ++++ b/hdparm.c +@@ -989,8 +989,8 @@ do_set_security (int fd) + exit(EINVAL); + } + if (!quiet) { +- printf(" Issuing %s command, password=\"%s\", user=%s", +- description, security_password, (data[0] & 1) ? "master" : "user"); ++ printf(" Issuing %s command, user=%s", ++ description, (data[0] & 1) ? "master" : "user"); + if (security_command == ATA_OP_SECURITY_SET_PASS) + printf(", mode=%s", data[1] ? "max" : "high"); + printf("\n"); +@@ -3004,17 +3004,6 @@ static void get_security_password (int handle_NULL) + } else if (!handle_NULL || strcmp(argp, "NULL")) { + strcpy(security_password, argp); + } +- printf("security_password:"); +- if (!binary_passwd) { +- printf(" \"%s\"\n", security_password); +- } else { +- unsigned int i; +- for (i = 0; i < maxlen; ++i) { +- unsigned char c = security_password[i]; +- printf(" %02x", c); +- } +- putchar('\n'); +- } + while (*argp) + ++argp; + } +-- +1.8.3.1 + -- Gitee