# HG changeset patch # User saurabh.vyas@oracle.com # Date 1431109374 25200 # Node ID 7d52b0c224743d1395faa37e79aead4cd30c38d8 # Parent 078df530ebdb1a7faafc767964aec3933e941518 21027466 problem in SERVICE/KEYSTONE diff -r 078df530ebdb -r 7d52b0c22474 components/openstack/keystone/patches/CVE-2015-3646.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openstack/keystone/patches/CVE-2015-3646.patch Fri May 08 11:22:54 2015 -0700 @@ -0,0 +1,36 @@ +Errata patch for CVE-2015-3646 +https://review.openstack.org/173034 +git fetch https://review.openstack.org/openstack/keystone refs/changes/34/173034/2 && git checkout FETCH_HEAD +Fixed upstream and in a future release. +--- +From 695153a523faa9310e2e20d0333c33a47334208a Mon Sep 17 00:00:00 2001 +From: Eric Brown +Date: Mon, 13 Apr 2015 11:37:53 -0700 +Subject: [PATCH] backend_argument should be marked secret + +Since the backend_argument can potentially contain a password, +it should be marked secret to avoid leakage into the logs. + +Closes-Bug: #1443598 + +Change-Id: I55663db4cf2df84a66de8f64fba4b4f129ae827d +(cherry picked from commit f9db1a65bd4d83d12c572ba4d5807845996ef410) +--- + keystone/common/config.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/keystone/common/config.py b/keystone/common/config.py +index d7f9dd8..d953e49 100644 +--- a/keystone/common/config.py ++++ b/keystone/common/config.py +@@ -313,7 +313,7 @@ FILE_OPTIONS = { + 'deployments. Small workloads (single process) ' + 'like devstack can use the dogpile.cache.memory ' + 'backend.'), +- cfg.MultiStrOpt('backend_argument', default=[], ++ cfg.MultiStrOpt('backend_argument', default=[], secret=True, + help='Arguments supplied to the backend module. ' + 'Specify this option once per argument to be ' + 'passed to the dogpile.cache backend. Example ' +-- +1.9.1