rpms/sepostgresql/F-8 sepostgresql-8.2.6-1.patch, 1.3, 1.4 sepostgresql.init, 1.12, 1.13 sepostgresql.spec, 1.12, 1.13 sepostgresql.te, 1.12, 1.13

KaiGai Kohei (kaigai) fedora-extras-commits at redhat.com
Sun Mar 2 15:49:52 UTC 2008


Author: kaigai

Update of /cvs/pkgs/rpms/sepostgresql/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27291

Modified Files:
	sepostgresql-8.2.6-1.patch sepostgresql.init sepostgresql.spec 
	sepostgresql.te 
Log Message:
- bugfix: SELECT count(*) was not filtered correctly.
- more restricted class/perms declaration.


sepostgresql-8.2.6-1.patch:

Index: sepostgresql-8.2.6-1.patch
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/F-8/sepostgresql-8.2.6-1.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- sepostgresql-8.2.6-1.patch	7 Feb 2008 01:05:33 -0000	1.3
+++ sepostgresql-8.2.6-1.patch	2 Mar 2008 15:49:16 -0000	1.4
@@ -4913,8 +4913,8 @@
 +}
 diff -rpNU3 base/src/backend/security/sepgsqlProxy.c sepgsql/src/backend/security/sepgsqlProxy.c
 --- base/src/backend/security/sepgsqlProxy.c	1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql/src/backend/security/sepgsqlProxy.c	2008-01-30 17:08:18.000000000 +0900
-@@ -0,0 +1,1467 @@
++++ sepgsql/src/backend/security/sepgsqlProxy.c	2008-03-03 00:42:02.000000000 +0900
+@@ -0,0 +1,1501 @@
 +/*
 + * src/backend/security/sepgsqlProxy.c
 + *   SE-PostgreSQL Query Proxy function to walk on query node tree
@@ -5306,6 +5306,36 @@
 +	return selist;
 +}
 +
++static List *walkAggrefHelper(List *selist, Query *query, Node *node)
++{
++	if (node == NULL)
++		return selist;
++
++	if (IsA(node, RangeTblRef)) {
++		RangeTblRef *rtr = (RangeTblRef *) node;
++		RangeTblEntry *rte = list_nth(query->rtable, rtr->rtindex - 1);
++
++		if (rte->rtekind == RTE_RELATION) {
++			selist = addEvalPgClass(selist, rte, DB_TABLE__SELECT);
++			selist = addEvalPgAttribute(selist, rte, 0, DB_COLUMN__SELECT);
++		}
++	} else if (IsA(node, JoinExpr)) {
++		JoinExpr *j = (JoinExpr *) node;
++
++		selist = walkAggrefHelper(selist, query, j->larg);
++		selist = walkAggrefHelper(selist, query, j->rarg);
++	} else if (IsA(node, FromExpr)) {
++		FromExpr *fm = (FromExpr *)node;
++		ListCell *l;
++
++		foreach (l, fm->fromlist)
++			selist = walkAggrefHelper(selist, query, lfirst(l));
++	} else {
++		elog(ERROR, "SELinux: unexpected node type (%d) at Query->fromlist", nodeTag(node));
++	}
++	return selist;
++}
++
 +static List *sepgsqlWalkExpr(List *selist, queryChain *qc, Node *node, int flags)
 +{
 +	if (node == NULL)
@@ -5342,6 +5372,10 @@
 +
 +		selist = addEvalPgProc(selist, aggref->aggfnoid, DB_PROCEDURE__EXECUTE);
 +		selist = sepgsqlWalkExpr(selist, qc, (Node *) aggref->args, flags);
++		if (aggref->aggstar) {
++			Query *query = getQueryFromChain(qc);
++			selist = walkAggrefHelper(selist, query, (Node *) query->jointree);
++		}
 +		break;
 +	}
 +	case T_OpExpr:


Index: sepostgresql.init
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/F-8/sepostgresql.init,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- sepostgresql.init	7 Feb 2008 02:14:37 -0000	1.12
+++ sepostgresql.init	2 Mar 2008 15:49:17 -0000	1.13
@@ -9,7 +9,7 @@
 
 PGVERSION="8.2.6"
 PGMAJORVERSION=`echo "$PGVERSION" | sed 's/^\([0-9]*\.[0-9]*\).*$/\1/'`
-SEPGVERSION="1.208"
+SEPGVERSION="1.225"
 
 # source function library
 . /etc/rc.d/init.d/functions


Index: sepostgresql.spec
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/F-8/sepostgresql.spec,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- sepostgresql.spec	7 Feb 2008 02:14:37 -0000	1.12
+++ sepostgresql.spec	2 Mar 2008 15:49:17 -0000	1.13
@@ -13,7 +13,7 @@
 Summary: Security Enhanced PostgreSQL
 Name: sepostgresql
 Version: 8.2.6
-Release: 1.208%{?sepgsql_extension}%{?dist}
+Release: 1.225%{?sepgsql_extension}%{?dist}
 License: BSD
 Group: Applications/Databases
 Url: http://code.google.com/p/sepgsql/
@@ -34,7 +34,6 @@
 Requires(postun): policycoreutils
 Requires: postgresql-server = %{version}
 Requires: policycoreutils >= 2.0.16 libselinux >= 2.0.13 selinux-policy >= 3.0.6
-Requires: tzdata
 
 %description
 Security Enhanced PostgreSQL is an extension of PostgreSQL
@@ -207,6 +206,9 @@
 %attr(700,sepgsql,sepgsql) %dir %{_localstatedir}/lib/sepgsql/backups
 
 %changelog
+* Sun Mar  2 2008 <kaigai at kaigai.gr.jp> - 8.2.6-1.225
+- bugfix: SELECT count(*) was not filtered correctly.
+
 * Wed Feb  6 2008 <kaigai at kaigai.gr.jp> - 8.2.6-1.208
 - bugfix: blob:{read} is not evaluated correctly
 - policy update: allow db_database:{set_param}


Index: sepostgresql.te
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/F-8/sepostgresql.te,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- sepostgresql.te	7 Feb 2008 02:14:37 -0000	1.12
+++ sepostgresql.te	2 Mar 2008 15:49:17 -0000	1.13
@@ -1,7 +1,12 @@
-policy_module(sepostgresql, 1.208)
+policy_module(sepostgresql, 1.225)
 
 gen_require(`
-	all_userspace_class_perms
+	class db_database all_db_database_perms;
+	class db_table all_db_table_perms;
+	class db_procedure all_db_procedure_perms;
+	class db_column all_db_column_perms;
+	class db_tuple all_db_tuple_perms;
+	class db_blob all_db_blob_perms;
 
 	type postgresql_t;
 	type lib_t, shlib_t;




More information about the fedora-extras-commits mailing list