1 Errata patch for CVE-2015-3646

     2 https://review.openstack.org/173034

     3 git fetch https://review.openstack.org/openstack/keystone refs/changes/34/173034/2 && git checkout FETCH_HEAD

     4 Fixed upstream and in a future release.

     5 ---

     6 From 695153a523faa9310e2e20d0333c33a47334208a Mon Sep 17 00:00:00 2001

     7 From: Eric Brown <[email protected]>

     8 Date: Mon, 13 Apr 2015 11:37:53 -0700

     9 Subject: [PATCH] backend_argument should be marked secret

    10 

    11 Since the backend_argument can potentially contain a password,

    12 it should be marked secret to avoid leakage into the logs.

    13 

    14 Closes-Bug: #1443598

    15 

    16 Change-Id: I55663db4cf2df84a66de8f64fba4b4f129ae827d

    17 (cherry picked from commit f9db1a65bd4d83d12c572ba4d5807845996ef410)

    18 ---

    19  keystone/common/config.py | 2 +-

    20  1 file changed, 1 insertion(+), 1 deletion(-)

    21 

    22 diff --git a/keystone/common/config.py b/keystone/common/config.py

    23 index d7f9dd8..d953e49 100644

    24 --- a/keystone/common/config.py

    25 +++ b/keystone/common/config.py

    26 @@ -313,7 +313,7 @@ FILE_OPTIONS = {

    27                          'deployments.  Small workloads (single process) '

    28                          'like devstack can use the dogpile.cache.memory '

    29                          'backend.'),

    30 -        cfg.MultiStrOpt('backend_argument', default=[],

    31 +        cfg.MultiStrOpt('backend_argument', default=[], secret=True,

    32                          help='Arguments supplied to the backend module. '

    33                               'Specify this option once per argument to be '

    34                               'passed to the dogpile.cache backend. Example '

    35 -- 

    36 1.9.1