0001-Fix-4648-store-default-values-securely.patch

     # encoding: UTF-8
     require 'yaml'
     require 'tmpdir'
     require 'kafo/puppet_module'
     require 'kafo/password_manager'
-...
         def params_default_values
           @params_default_values ||= begin
             @logger.debug "Creating tmp dir within #{app[:default_values_dir]}..."
             temp_dir = Dir.mktmpdir(nil, app[:default_values_dir])
             KafoConfigure.register_cleanup_path temp_dir
             @logger.info "Parsing default values from puppet modules..."
             command = PuppetCommand.new("#{includes} dump_values(#{params})").append('2>&1').command
             command = PuppetCommand.new("$temp_dir=\"#{temp_dir}\" #{includes} dump_values(#{params})").append('2>&1').command
             @logger.debug `#{command}`
             unless $?.exitstatus == 0
               log = app[:log_dir] + '/' + app[:log_name]
-...
               KafoConfigure.exit(:defaults_error)
             end
             @logger.info "... finished"
             YAML.load_file(File.join(KafoConfigure.config.app[:default_values_dir], 'default_values.yaml'))
             YAML.load_file(File.join(temp_dir, 'default_values.yaml'))
           end
         end

       class KafoConfigure < Clamp::Command
         include StringHelper
         class << self
           attr_accessor :config, :root_dir, :config_file, :gem_root, :temp_config_file,
                         :modules_dir, :kafo_modules_dir, :verbose, :app_options, :logger
           attr_writer :hooking
           def cleanup_paths
             @cleanup_paths ||= []
           end
           def hooking
             @hooking ||= Hooking.new
           end
-...
         end
         def self.exit(code)
           cleanup
           @exit_code = translate_exit_code(code)
           throw :exit
         end
-...
           end
         end
         def self.cleanup
           # make sure default values are removed from /tmp
           (self.cleanup_paths + ['/tmp/default_values.yaml']).each do |file|
             logger.debug "Cleaning #{file}"
             FileUtils.rm_rf(file)
           end
         end
         def self.register_cleanup_path(path)
           self.cleanup_paths<< path
         end
         def register_cleanup_path(path)
           self.class.register_cleanup_path(path)
         end
         def cleanup_paths
           self.class.cleanup_paths
         end
         def help
           self.class.help(invocation_path, self)
         end

           [arg, found_value.nil? ? arg : found_value]
         end
         data = Hash[data]
         dump_dir = YAML.load_file(lookupvar('kafo_config_file'))[:default_values_dir]
         File.open("#{dump_dir}/default_values.yaml", 'w') { |file| file.write(YAML.dump(data)) }
         dump_dir = lookupvar('temp_dir')
         file_name = "#{dump_dir}/default_values.yaml"
         File.open(file_name, File::WRONLY|File::CREAT|File::EXCL, 0600) { |file| file.write(YAML.dump(data)) }
       end
     end
+    -

Kafo