--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/python/django_openstack_auth/patches/CVE-2014-8124.patch Fri Jan 09 13:44:40 2015 -0800
@@ -0,0 +1,29 @@
+django_openstack_auth patch for CVE-2014-8124. This will be fixed in
+a future version of django_openstack_auth
+
+From e676c88a329af57d6c4f13df54f6e1e06c1f8360 Mon Sep 17 00:00:00 2001
+From: eric <[email protected]>
+Date: Mon, 8 Dec 2014 16:38:26 -0700
+Subject: [PATCH] Horizon login page contains DOS attack mechanism
+
+the horizon login page (and middleware) accesses the session
+too early in the login process, which will create session records
+in the session backend. This is especially problematic when non-cookie
+backends are used.
+
+Co-Authored-By: Tihomir Trifonov <[email protected]>
+Co-Authored-By: Eric Peterson <[email protected]>
+
+Change-Id: I9a4999eb5f053515575ef09b8ba9d3bb3f114e5c
+Closes-Bug: 1394370
+
+--- django_openstack_auth-1.1.3/openstack_auth/forms.py.orig
++++ django_openstack_auth-1.1.3/openstack_auth/forms.py
+@@ -96,7 +96,6 @@ class Login(AuthenticationForm):
+ msg = 'Login failed for user "%(username)s".' % \
+ {'username': username}
+ LOG.warning(msg)
+- self.request.session.flush()
+ raise forms.ValidationError(exc)
+ if hasattr(self, 'check_for_test_cookie'): # Dropped in django 1.7
+ self.check_for_test_cookie()