# HG changeset patch # User saurabh.vyas@oracle.com # Date 1432056983 25200 # Node ID 303b640779748e74eb515157e46a58ea02d66c2c # Parent b3252d71faa02b7055504933993428f700039dc5 21027466 problem in SERVICE/KEYSTONE diff -r b3252d71faa0 -r 303b64077974 components/openstack/keystone/patches/CVE-2015-3646.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openstack/keystone/patches/CVE-2015-3646.patch Tue May 19 10:36:23 2015 -0700 @@ -0,0 +1,36 @@ +Errata patch for CVE-2015-3646 +https://review.openstack.org/173034 +git fetch https://review.openstack.org/openstack/keystone refs/changes/34/173034/2 && git checkout FETCH_HEAD +Fixed upstream and in a future release. +--- +From 695153a523faa9310e2e20d0333c33a47334208a Mon Sep 17 00:00:00 2001 +From: Eric Brown +Date: Mon, 13 Apr 2015 11:37:53 -0700 +Subject: [PATCH] backend_argument should be marked secret + +Since the backend_argument can potentially contain a password, +it should be marked secret to avoid leakage into the logs. + +Closes-Bug: #1443598 + +Change-Id: I55663db4cf2df84a66de8f64fba4b4f129ae827d +(cherry picked from commit f9db1a65bd4d83d12c572ba4d5807845996ef410) +--- + keystone/common/config.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/keystone/common/config.py b/keystone/common/config.py +index d7f9dd8..d953e49 100644 +--- a/keystone/common/config.py ++++ b/keystone/common/config.py +@@ -313,7 +313,7 @@ FILE_OPTIONS = { + 'deployments. Small workloads (single process) ' + 'like devstack can use the dogpile.cache.memory ' + 'backend.'), +- cfg.MultiStrOpt('backend_argument', default=[], ++ cfg.MultiStrOpt('backend_argument', default=[], secret=True, + help='Arguments supplied to the backend module. ' + 'Specify this option once per argument to be ' + 'passed to the dogpile.cache backend. Example ' +-- +1.9.1